Examples with Decoder - org.apache.commons.codec.Decoder

Example 1 with Decoder

use of org.apache.commons.codec.Decoder in project archiva by apache.

the class RssFeedServlet method isAllowed.

/**
 * Basic authentication.
 *
 * @param req
 * @param repositoryId TODO
 * @param groupId      TODO
 * @param artifactId   TODO
 * @return
 */
private boolean isAllowed(HttpServletRequest req, String repositoryId, String groupId, String artifactId) throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException, UnauthorizedException {
    String auth = req.getHeader("Authorization");
    List<String> repoIds = new ArrayList<>();
    if (repositoryId != null) {
        repoIds.add(repositoryId);
    } else if (artifactId != null && groupId != null) {
        if (auth != null) {
            if (!auth.toUpperCase().startsWith("BASIC ")) {
                return false;
            }
            Decoder dec = new Base64();
            String usernamePassword = "";
            try {
                usernamePassword = new String((byte[]) dec.decode(auth.substring(6).getBytes()));
            } catch (DecoderException ie) {
                log.warn("Error decoding username and password: {}", ie.getMessage());
            }
            if (usernamePassword == null || usernamePassword.trim().equals("")) {
                repoIds = getObservableRepos(UserManager.GUEST_USERNAME);
            } else {
                String[] userCredentials = usernamePassword.split(":");
                repoIds = getObservableRepos(userCredentials[0]);
            }
        } else {
            repoIds = getObservableRepos(UserManager.GUEST_USERNAME);
        }
    } else {
        return false;
    }
    for (String repoId : repoIds) {
        try {
            AuthenticationResult result = httpAuth.getAuthenticationResult(req, null);
            SecuritySession securitySession = httpAuth.getSecuritySession(req.getSession(true));
            if (// 
            servletAuth.isAuthenticated(req, result) && // 
            servletAuth.isAuthorized(// 
            req, // 
            securitySession, // 
            repoId, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS)) {
                return true;
            }
        } catch (AuthorizationException e) {
            log.debug("AuthorizationException for repoId: {}", repoId);
        } catch (UnauthorizedException e) {
            log.debug("UnauthorizedException for repoId: {}", repoId);
        }
    }
    throw new UnauthorizedException("Access denied.");
}

Also used : DecoderException(org.apache.commons.codec.DecoderException) Base64(org.apache.commons.codec.binary.Base64) AuthorizationException(org.apache.archiva.redback.authorization.AuthorizationException) SecuritySession(org.apache.archiva.redback.system.SecuritySession) ArrayList(java.util.ArrayList) UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException) Decoder(org.apache.commons.codec.Decoder) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)

Aggregations

ArrayList (java.util.ArrayList)1 AuthenticationResult (org.apache.archiva.redback.authentication.AuthenticationResult)1 AuthorizationException (org.apache.archiva.redback.authorization.AuthorizationException)1 UnauthorizedException (org.apache.archiva.redback.authorization.UnauthorizedException)1 SecuritySession (org.apache.archiva.redback.system.SecuritySession)1 Decoder (org.apache.commons.codec.Decoder)1 DecoderException (org.apache.commons.codec.DecoderException)1 Base64 (org.apache.commons.codec.binary.Base64)1