use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.
the class DefaultRepositoriesService method copyArtifact.
@Override
public Boolean copyArtifact(ArtifactTransferRequest artifactTransferRequest) throws ArchivaRestServiceException {
// check parameters
String userName = getAuditInformation().getUser().getUsername();
if (StringUtils.isBlank(userName)) {
throw new ArchivaRestServiceException("copyArtifact call: userName not found", null);
}
if (StringUtils.isBlank(artifactTransferRequest.getRepositoryId())) {
throw new ArchivaRestServiceException("copyArtifact call: sourceRepositoryId cannot be null", null);
}
if (StringUtils.isBlank(artifactTransferRequest.getTargetRepositoryId())) {
throw new ArchivaRestServiceException("copyArtifact call: targetRepositoryId cannot be null", null);
}
ManagedRepository source = null;
try {
source = managedRepositoryAdmin.getManagedRepository(artifactTransferRequest.getRepositoryId());
} catch (RepositoryAdminException e) {
throw new ArchivaRestServiceException(e.getMessage(), e);
}
if (source == null) {
throw new ArchivaRestServiceException("cannot find repository with id " + artifactTransferRequest.getRepositoryId(), null);
}
ManagedRepository target = null;
try {
target = managedRepositoryAdmin.getManagedRepository(artifactTransferRequest.getTargetRepositoryId());
} catch (RepositoryAdminException e) {
throw new ArchivaRestServiceException(e.getMessage(), e);
}
if (target == null) {
throw new ArchivaRestServiceException("cannot find repository with id " + artifactTransferRequest.getTargetRepositoryId(), null);
}
if (StringUtils.isBlank(artifactTransferRequest.getGroupId())) {
throw new ArchivaRestServiceException("groupId is mandatory", null);
}
if (StringUtils.isBlank(artifactTransferRequest.getArtifactId())) {
throw new ArchivaRestServiceException("artifactId is mandatory", null);
}
if (StringUtils.isBlank(artifactTransferRequest.getVersion())) {
throw new ArchivaRestServiceException("version is mandatory", null);
}
if (VersionUtil.isSnapshot(artifactTransferRequest.getVersion())) {
throw new ArchivaRestServiceException("copy of SNAPSHOT not supported", null);
}
// end check parameters
User user = null;
try {
user = securitySystem.getUserManager().findUser(userName);
} catch (UserNotFoundException e) {
throw new ArchivaRestServiceException("user " + userName + " not found", e);
} catch (UserManagerException e) {
throw new ArchivaRestServiceException("ArchivaRestServiceException:" + e.getMessage(), e);
}
// check karma on source : read
AuthenticationResult authn = new AuthenticationResult(true, userName, null);
SecuritySession securitySession = new DefaultSecuritySession(authn, user);
try {
boolean authz = securitySystem.isAuthorized(securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, artifactTransferRequest.getRepositoryId());
if (!authz) {
throw new ArchivaRestServiceException("not authorized to access repo:" + artifactTransferRequest.getRepositoryId(), null);
}
} catch (AuthorizationException e) {
log.error("error reading permission: {}", e.getMessage(), e);
throw new ArchivaRestServiceException(e.getMessage(), e);
}
// check karma on target: write
try {
boolean authz = securitySystem.isAuthorized(securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, artifactTransferRequest.getTargetRepositoryId());
if (!authz) {
throw new ArchivaRestServiceException("not authorized to write to repo:" + artifactTransferRequest.getTargetRepositoryId(), null);
}
} catch (AuthorizationException e) {
log.error("error reading permission: {}", e.getMessage(), e);
throw new ArchivaRestServiceException(e.getMessage(), e);
}
// sounds good we can continue !
ArtifactReference artifactReference = new ArtifactReference();
artifactReference.setArtifactId(artifactTransferRequest.getArtifactId());
artifactReference.setGroupId(artifactTransferRequest.getGroupId());
artifactReference.setVersion(artifactTransferRequest.getVersion());
artifactReference.setClassifier(artifactTransferRequest.getClassifier());
String packaging = StringUtils.trim(artifactTransferRequest.getPackaging());
artifactReference.setType(StringUtils.isEmpty(packaging) ? "jar" : packaging);
try {
ManagedRepositoryContent sourceRepository = getManagedRepositoryContent(artifactTransferRequest.getRepositoryId());
String artifactSourcePath = sourceRepository.toPath(artifactReference);
if (StringUtils.isEmpty(artifactSourcePath)) {
log.error("cannot find artifact {}", artifactTransferRequest);
throw new ArchivaRestServiceException("cannot find artifact " + artifactTransferRequest.toString(), null);
}
Path artifactFile = Paths.get(source.getLocation(), artifactSourcePath);
if (!Files.exists(artifactFile)) {
log.error("cannot find artifact {}", artifactTransferRequest);
throw new ArchivaRestServiceException("cannot find artifact " + artifactTransferRequest.toString(), null);
}
ManagedRepositoryContent targetRepository = getManagedRepositoryContent(artifactTransferRequest.getTargetRepositoryId());
String artifactPath = targetRepository.toPath(artifactReference);
int lastIndex = artifactPath.lastIndexOf('/');
String path = artifactPath.substring(0, lastIndex);
Path targetPath = Paths.get(target.getLocation(), path);
Date lastUpdatedTimestamp = Calendar.getInstance().getTime();
int newBuildNumber = 1;
String timestamp = null;
Path versionMetadataFile = targetPath.resolve(MetadataTools.MAVEN_METADATA);
/* unused */
getMetadata(versionMetadataFile);
if (!Files.exists(targetPath)) {
Files.createDirectories(targetPath);
}
String filename = artifactPath.substring(lastIndex + 1);
boolean fixChecksums = !(archivaAdministration.getKnownContentConsumers().contains("create-missing-checksums"));
Path targetFile = targetPath.resolve(filename);
if (Files.exists(targetFile) && target.isBlockRedeployments()) {
throw new ArchivaRestServiceException("artifact already exists in target repo: " + artifactTransferRequest.getTargetRepositoryId() + " and redeployment blocked", null);
} else {
copyFile(artifactFile, targetPath, filename, fixChecksums);
queueRepositoryTask(target.getId(), targetFile);
}
// copy source pom to target repo
String pomFilename = filename;
if (StringUtils.isNotBlank(artifactTransferRequest.getClassifier())) {
pomFilename = StringUtils.remove(pomFilename, "-" + artifactTransferRequest.getClassifier());
}
pomFilename = FilenameUtils.removeExtension(pomFilename) + ".pom";
Path pomFile = Paths.get(source.getLocation(), artifactSourcePath.substring(0, artifactPath.lastIndexOf('/')), pomFilename);
if (pomFile != null && Files.size(pomFile) > 0) {
copyFile(pomFile, targetPath, pomFilename, fixChecksums);
queueRepositoryTask(target.getId(), targetPath.resolve(pomFilename));
}
// explicitly update only if metadata-updater consumer is not enabled!
if (!archivaAdministration.getKnownContentConsumers().contains("metadata-updater")) {
updateProjectMetadata(targetPath.toAbsolutePath().toString(), lastUpdatedTimestamp, timestamp, newBuildNumber, fixChecksums, artifactTransferRequest);
}
String msg = "Artifact \'" + artifactTransferRequest.getGroupId() + ":" + artifactTransferRequest.getArtifactId() + ":" + artifactTransferRequest.getVersion() + "\' was successfully deployed to repository \'" + artifactTransferRequest.getTargetRepositoryId() + "\'";
log.debug("copyArtifact {}", msg);
} catch (RepositoryException e) {
log.error("RepositoryException: {}", e.getMessage(), e);
throw new ArchivaRestServiceException(e.getMessage(), e);
} catch (RepositoryAdminException e) {
log.error("RepositoryAdminException: {}", e.getMessage(), e);
throw new ArchivaRestServiceException(e.getMessage(), e);
} catch (IOException e) {
log.error("IOException: {}", e.getMessage(), e);
throw new ArchivaRestServiceException(e.getMessage(), e);
}
return true;
}
use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.
the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasNoWriteAccess.
@Test
public void testIsAuthorizedUserHasNoWriteAccess() throws Exception {
createUser(USER_ALPACA, "Al 'Archiva' Paca");
assignRepositoryObserverRole(USER_ALPACA, "corporate");
// httpServletRequestControl.expectAndReturn( request.getRemoteAddr(), "192.168.111.111" );
EasyMock.expect(request.getRemoteAddr()).andReturn("192.168.111.111");
UserManager userManager = securitySystem.getUserManager();
User user = userManager.findUser(USER_ALPACA);
AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
SecuritySession session = new DefaultSecuritySession(result, user);
httpServletRequestControl.replay();
try {
servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
fail("UnauthorizedException should have been thrown.");
} catch (UnauthorizedException e) {
assertEquals("Access denied for repository corporate", e.getMessage());
}
httpServletRequestControl.verify();
restoreGuestInitialValues(USER_ALPACA);
}
use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.
the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasReadAccess.
@Test
public void testIsAuthorizedUserHasReadAccess() throws Exception {
createUser(USER_ALPACA, "Al 'Archiva' Paca");
assignRepositoryObserverRole(USER_ALPACA, "corporate");
UserManager userManager = securitySystem.getUserManager();
User user = userManager.findUser(USER_ALPACA);
AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
SecuritySession session = new DefaultSecuritySession(result, user);
boolean isAuthorized = servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS);
assertTrue(isAuthorized);
restoreGuestInitialValues(USER_ALPACA);
}
use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.
the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasNoReadAccess.
@Test
public void testIsAuthorizedUserHasNoReadAccess() throws Exception {
createUser(USER_ALPACA, "Al 'Archiva' Paca");
UserManager userManager = securitySystem.getUserManager();
User user = userManager.findUser(USER_ALPACA);
AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
SecuritySession session = new DefaultSecuritySession(result, user);
try {
servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS);
fail("UnauthorizedException should have been thrown.");
} catch (UnauthorizedException e) {
assertEquals("Access denied for repository corporate", e.getMessage());
}
restoreGuestInitialValues(USER_ALPACA);
}
use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.
the class ArchivaServletAuthenticator method isAuthorized.
@Override
public boolean isAuthorized(String principal, String repoId, String permission) throws UnauthorizedException {
try {
User user = securitySystem.getUserManager().findUser(principal);
if (user == null) {
throw new UnauthorizedException("The security system had an internal error - please check your system logs");
}
if (user.isLocked()) {
throw new UnauthorizedException("User account is locked.");
}
AuthenticationResult authn = new AuthenticationResult(true, principal, null);
SecuritySession securitySession = new DefaultSecuritySession(authn, user);
return securitySystem.isAuthorized(securitySession, permission, repoId);
} catch (UserNotFoundException e) {
throw new UnauthorizedException(e.getMessage(), e);
} catch (AuthorizationException e) {
throw new UnauthorizedException(e.getMessage(), e);
} catch (UserManagerException e) {
throw new UnauthorizedException(e.getMessage(), e);
}
}
Aggregations