Search in sources :

Example 6 with SecuritySession

use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.

the class DefaultRepositoriesService method copyArtifact.

@Override
public Boolean copyArtifact(ArtifactTransferRequest artifactTransferRequest) throws ArchivaRestServiceException {
    // check parameters
    String userName = getAuditInformation().getUser().getUsername();
    if (StringUtils.isBlank(userName)) {
        throw new ArchivaRestServiceException("copyArtifact call: userName not found", null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getRepositoryId())) {
        throw new ArchivaRestServiceException("copyArtifact call: sourceRepositoryId cannot be null", null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getTargetRepositoryId())) {
        throw new ArchivaRestServiceException("copyArtifact call: targetRepositoryId cannot be null", null);
    }
    ManagedRepository source = null;
    try {
        source = managedRepositoryAdmin.getManagedRepository(artifactTransferRequest.getRepositoryId());
    } catch (RepositoryAdminException e) {
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    if (source == null) {
        throw new ArchivaRestServiceException("cannot find repository with id " + artifactTransferRequest.getRepositoryId(), null);
    }
    ManagedRepository target = null;
    try {
        target = managedRepositoryAdmin.getManagedRepository(artifactTransferRequest.getTargetRepositoryId());
    } catch (RepositoryAdminException e) {
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    if (target == null) {
        throw new ArchivaRestServiceException("cannot find repository with id " + artifactTransferRequest.getTargetRepositoryId(), null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getGroupId())) {
        throw new ArchivaRestServiceException("groupId is mandatory", null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getArtifactId())) {
        throw new ArchivaRestServiceException("artifactId is mandatory", null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getVersion())) {
        throw new ArchivaRestServiceException("version is mandatory", null);
    }
    if (VersionUtil.isSnapshot(artifactTransferRequest.getVersion())) {
        throw new ArchivaRestServiceException("copy of SNAPSHOT not supported", null);
    }
    // end check parameters
    User user = null;
    try {
        user = securitySystem.getUserManager().findUser(userName);
    } catch (UserNotFoundException e) {
        throw new ArchivaRestServiceException("user " + userName + " not found", e);
    } catch (UserManagerException e) {
        throw new ArchivaRestServiceException("ArchivaRestServiceException:" + e.getMessage(), e);
    }
    // check karma on source : read
    AuthenticationResult authn = new AuthenticationResult(true, userName, null);
    SecuritySession securitySession = new DefaultSecuritySession(authn, user);
    try {
        boolean authz = securitySystem.isAuthorized(securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, artifactTransferRequest.getRepositoryId());
        if (!authz) {
            throw new ArchivaRestServiceException("not authorized to access repo:" + artifactTransferRequest.getRepositoryId(), null);
        }
    } catch (AuthorizationException e) {
        log.error("error reading permission: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    // check karma on target: write
    try {
        boolean authz = securitySystem.isAuthorized(securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, artifactTransferRequest.getTargetRepositoryId());
        if (!authz) {
            throw new ArchivaRestServiceException("not authorized to write to repo:" + artifactTransferRequest.getTargetRepositoryId(), null);
        }
    } catch (AuthorizationException e) {
        log.error("error reading permission: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    // sounds good we can continue !
    ArtifactReference artifactReference = new ArtifactReference();
    artifactReference.setArtifactId(artifactTransferRequest.getArtifactId());
    artifactReference.setGroupId(artifactTransferRequest.getGroupId());
    artifactReference.setVersion(artifactTransferRequest.getVersion());
    artifactReference.setClassifier(artifactTransferRequest.getClassifier());
    String packaging = StringUtils.trim(artifactTransferRequest.getPackaging());
    artifactReference.setType(StringUtils.isEmpty(packaging) ? "jar" : packaging);
    try {
        ManagedRepositoryContent sourceRepository = getManagedRepositoryContent(artifactTransferRequest.getRepositoryId());
        String artifactSourcePath = sourceRepository.toPath(artifactReference);
        if (StringUtils.isEmpty(artifactSourcePath)) {
            log.error("cannot find artifact {}", artifactTransferRequest);
            throw new ArchivaRestServiceException("cannot find artifact " + artifactTransferRequest.toString(), null);
        }
        Path artifactFile = Paths.get(source.getLocation(), artifactSourcePath);
        if (!Files.exists(artifactFile)) {
            log.error("cannot find artifact {}", artifactTransferRequest);
            throw new ArchivaRestServiceException("cannot find artifact " + artifactTransferRequest.toString(), null);
        }
        ManagedRepositoryContent targetRepository = getManagedRepositoryContent(artifactTransferRequest.getTargetRepositoryId());
        String artifactPath = targetRepository.toPath(artifactReference);
        int lastIndex = artifactPath.lastIndexOf('/');
        String path = artifactPath.substring(0, lastIndex);
        Path targetPath = Paths.get(target.getLocation(), path);
        Date lastUpdatedTimestamp = Calendar.getInstance().getTime();
        int newBuildNumber = 1;
        String timestamp = null;
        Path versionMetadataFile = targetPath.resolve(MetadataTools.MAVEN_METADATA);
        /* unused */
        getMetadata(versionMetadataFile);
        if (!Files.exists(targetPath)) {
            Files.createDirectories(targetPath);
        }
        String filename = artifactPath.substring(lastIndex + 1);
        boolean fixChecksums = !(archivaAdministration.getKnownContentConsumers().contains("create-missing-checksums"));
        Path targetFile = targetPath.resolve(filename);
        if (Files.exists(targetFile) && target.isBlockRedeployments()) {
            throw new ArchivaRestServiceException("artifact already exists in target repo: " + artifactTransferRequest.getTargetRepositoryId() + " and redeployment blocked", null);
        } else {
            copyFile(artifactFile, targetPath, filename, fixChecksums);
            queueRepositoryTask(target.getId(), targetFile);
        }
        // copy source pom to target repo
        String pomFilename = filename;
        if (StringUtils.isNotBlank(artifactTransferRequest.getClassifier())) {
            pomFilename = StringUtils.remove(pomFilename, "-" + artifactTransferRequest.getClassifier());
        }
        pomFilename = FilenameUtils.removeExtension(pomFilename) + ".pom";
        Path pomFile = Paths.get(source.getLocation(), artifactSourcePath.substring(0, artifactPath.lastIndexOf('/')), pomFilename);
        if (pomFile != null && Files.size(pomFile) > 0) {
            copyFile(pomFile, targetPath, pomFilename, fixChecksums);
            queueRepositoryTask(target.getId(), targetPath.resolve(pomFilename));
        }
        // explicitly update only if metadata-updater consumer is not enabled!
        if (!archivaAdministration.getKnownContentConsumers().contains("metadata-updater")) {
            updateProjectMetadata(targetPath.toAbsolutePath().toString(), lastUpdatedTimestamp, timestamp, newBuildNumber, fixChecksums, artifactTransferRequest);
        }
        String msg = "Artifact \'" + artifactTransferRequest.getGroupId() + ":" + artifactTransferRequest.getArtifactId() + ":" + artifactTransferRequest.getVersion() + "\' was successfully deployed to repository \'" + artifactTransferRequest.getTargetRepositoryId() + "\'";
        log.debug("copyArtifact {}", msg);
    } catch (RepositoryException e) {
        log.error("RepositoryException: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    } catch (RepositoryAdminException e) {
        log.error("RepositoryAdminException: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    } catch (IOException e) {
        log.error("IOException: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    return true;
}
Also used : UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException) Path(java.nio.file.Path) ManagedRepository(org.apache.archiva.admin.model.beans.ManagedRepository) User(org.apache.archiva.redback.users.User) AuthorizationException(org.apache.archiva.redback.authorization.AuthorizationException) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) RepositoryException(org.apache.archiva.repository.RepositoryException) MetadataRepositoryException(org.apache.archiva.metadata.repository.MetadataRepositoryException) IOException(java.io.IOException) RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException) Date(java.util.Date) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) UserManagerException(org.apache.archiva.redback.users.UserManagerException) ArchivaRestServiceException(org.apache.archiva.rest.api.services.ArchivaRestServiceException) ManagedRepositoryContent(org.apache.archiva.repository.ManagedRepositoryContent) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) ArtifactReference(org.apache.archiva.model.ArtifactReference)

Example 7 with SecuritySession

use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.

the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasNoWriteAccess.

@Test
public void testIsAuthorizedUserHasNoWriteAccess() throws Exception {
    createUser(USER_ALPACA, "Al 'Archiva' Paca");
    assignRepositoryObserverRole(USER_ALPACA, "corporate");
    // httpServletRequestControl.expectAndReturn( request.getRemoteAddr(), "192.168.111.111" );
    EasyMock.expect(request.getRemoteAddr()).andReturn("192.168.111.111");
    UserManager userManager = securitySystem.getUserManager();
    User user = userManager.findUser(USER_ALPACA);
    AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
    SecuritySession session = new DefaultSecuritySession(result, user);
    httpServletRequestControl.replay();
    try {
        servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
        fail("UnauthorizedException should have been thrown.");
    } catch (UnauthorizedException e) {
        assertEquals("Access denied for repository corporate", e.getMessage());
    }
    httpServletRequestControl.verify();
    restoreGuestInitialValues(USER_ALPACA);
}
Also used : User(org.apache.archiva.redback.users.User) UserManager(org.apache.archiva.redback.users.UserManager) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) Test(org.junit.Test)

Example 8 with SecuritySession

use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.

the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasReadAccess.

@Test
public void testIsAuthorizedUserHasReadAccess() throws Exception {
    createUser(USER_ALPACA, "Al 'Archiva' Paca");
    assignRepositoryObserverRole(USER_ALPACA, "corporate");
    UserManager userManager = securitySystem.getUserManager();
    User user = userManager.findUser(USER_ALPACA);
    AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
    SecuritySession session = new DefaultSecuritySession(result, user);
    boolean isAuthorized = servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS);
    assertTrue(isAuthorized);
    restoreGuestInitialValues(USER_ALPACA);
}
Also used : User(org.apache.archiva.redback.users.User) UserManager(org.apache.archiva.redback.users.UserManager) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) Test(org.junit.Test)

Example 9 with SecuritySession

use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.

the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasNoReadAccess.

@Test
public void testIsAuthorizedUserHasNoReadAccess() throws Exception {
    createUser(USER_ALPACA, "Al 'Archiva' Paca");
    UserManager userManager = securitySystem.getUserManager();
    User user = userManager.findUser(USER_ALPACA);
    AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
    SecuritySession session = new DefaultSecuritySession(result, user);
    try {
        servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS);
        fail("UnauthorizedException should have been thrown.");
    } catch (UnauthorizedException e) {
        assertEquals("Access denied for repository corporate", e.getMessage());
    }
    restoreGuestInitialValues(USER_ALPACA);
}
Also used : User(org.apache.archiva.redback.users.User) UserManager(org.apache.archiva.redback.users.UserManager) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) Test(org.junit.Test)

Example 10 with SecuritySession

use of org.apache.archiva.redback.system.SecuritySession in project archiva by apache.

the class ArchivaServletAuthenticator method isAuthorized.

@Override
public boolean isAuthorized(String principal, String repoId, String permission) throws UnauthorizedException {
    try {
        User user = securitySystem.getUserManager().findUser(principal);
        if (user == null) {
            throw new UnauthorizedException("The security system had an internal error - please check your system logs");
        }
        if (user.isLocked()) {
            throw new UnauthorizedException("User account is locked.");
        }
        AuthenticationResult authn = new AuthenticationResult(true, principal, null);
        SecuritySession securitySession = new DefaultSecuritySession(authn, user);
        return securitySystem.isAuthorized(securitySession, permission, repoId);
    } catch (UserNotFoundException e) {
        throw new UnauthorizedException(e.getMessage(), e);
    } catch (AuthorizationException e) {
        throw new UnauthorizedException(e.getMessage(), e);
    } catch (UserManagerException e) {
        throw new UnauthorizedException(e.getMessage(), e);
    }
}
Also used : UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException) User(org.apache.archiva.redback.users.User) AuthorizationException(org.apache.archiva.redback.authorization.AuthorizationException) UserManagerException(org.apache.archiva.redback.users.UserManagerException) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)

Aggregations

SecuritySession (org.apache.archiva.redback.system.SecuritySession)16 AuthenticationResult (org.apache.archiva.redback.authentication.AuthenticationResult)15 DefaultSecuritySession (org.apache.archiva.redback.system.DefaultSecuritySession)14 Test (org.junit.Test)10 User (org.apache.archiva.redback.users.User)8 UnauthorizedException (org.apache.archiva.redback.authorization.UnauthorizedException)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)6 AuthorizationException (org.apache.archiva.redback.authorization.AuthorizationException)5 Path (java.nio.file.Path)4 HttpSession (javax.servlet.http.HttpSession)4 UserManager (org.apache.archiva.redback.users.UserManager)4 SimpleUser (org.apache.archiva.redback.users.memory.SimpleUser)4 InputStream (java.io.InputStream)3 AuthenticationException (org.apache.archiva.redback.authentication.AuthenticationException)3 ArrayList (java.util.ArrayList)2 RepositoryAdminException (org.apache.archiva.admin.model.RepositoryAdminException)2 ManagedRepository (org.apache.archiva.admin.model.beans.ManagedRepository)2