diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/AbstractActionSupport.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/AbstractActionSupport.java index 4bd9f3dfe..4ba7a293b 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/AbstractActionSupport.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/AbstractActionSupport.java @@ -1,355 +1,355 @@ -package org.apache.archiva.web.action; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import com.opensymphony.xwork2.ActionContext; -import com.opensymphony.xwork2.ActionSupport; -import org.apache.archiva.admin.model.AuditInformation; -import org.apache.archiva.audit.AuditEvent; -import org.apache.archiva.audit.AuditListener; -import org.apache.archiva.audit.Auditable; -import org.apache.archiva.metadata.repository.RepositorySessionFactory; -import org.apache.archiva.security.ArchivaXworkUser; -import org.apache.commons.lang.StringUtils; -import org.apache.struts2.ServletActionContext; -import org.apache.struts2.interceptor.SessionAware; -import org.codehaus.plexus.redback.users.User; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.context.ApplicationContext; - -import javax.annotation.PostConstruct; -import javax.inject.Inject; -import javax.inject.Named; -import javax.servlet.http.HttpServletRequest; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/** - * LogEnabled and SessionAware ActionSupport - */ -public abstract class AbstractActionSupport - extends ActionSupport - implements SessionAware, Auditable -{ - protected Map session; - - protected Logger log = LoggerFactory.getLogger( getClass() ); - - @Inject - private List auditListeners = new ArrayList(); - - - @Inject - @Named( value = "repositorySessionFactory" ) - protected RepositorySessionFactory repositorySessionFactory; - - @Inject - protected ApplicationContext applicationContext; - - private String principal; - - @PostConstruct - public void initialize() - { - // no op - } - - @SuppressWarnings( "unchecked" ) - public void setSession( Map map ) - { - this.session = map; - } - - public void addAuditListener( AuditListener listener ) - { - this.auditListeners.add( listener ); - } - - public void clearAuditListeners() - { - this.auditListeners.clear(); - } - - public void removeAuditListener( AuditListener listener ) - { - this.auditListeners.remove( listener ); - } - - protected void triggerAuditEvent( String repositoryId, String resource, String action ) - { - AuditEvent event = new AuditEvent( repositoryId, getPrincipal(), resource, action ); - event.setRemoteIP( getRemoteAddr() ); - - for ( AuditListener listener : auditListeners ) - { - listener.auditEvent( event ); - } - } - - protected void triggerAuditEvent( String resource, String action ) - { - AuditEvent event = new AuditEvent( null, getPrincipal(), resource, action ); - event.setRemoteIP( getRemoteAddr() ); - - for ( AuditListener listener : auditListeners ) - { - listener.auditEvent( event ); - } - } - - protected void triggerAuditEvent( String action ) - { - AuditEvent event = new AuditEvent( null, getPrincipal(), null, action ); - event.setRemoteIP( getRemoteAddr() ); - - for ( AuditListener listener : auditListeners ) - { - listener.auditEvent( event ); - } - } - - private String getRemoteAddr() - { - HttpServletRequest request = ServletActionContext.getRequest(); - return request != null ? request.getRemoteAddr() : null; - } - - @SuppressWarnings( "unchecked" ) - protected String getPrincipal() - { - if ( principal != null ) - { - return principal; - } - return ArchivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() ); - } - - void setPrincipal( String principal ) - { - this.principal = principal; - } - - public void setAuditListeners( List auditListeners ) - { - this.auditListeners = auditListeners; - } - - public void setRepositorySessionFactory( RepositorySessionFactory repositorySessionFactory ) - { - this.repositorySessionFactory = repositorySessionFactory; - } - - protected Map getBeansOfType( Class clazz ) - { - //TODO do some caching here !!! - // olamy : with plexus we get only roleHint - // as per convention we named spring bean role#hint remove role# if exists - Map springBeans = applicationContext.getBeansOfType( clazz ); - - Map beans = new HashMap( springBeans.size() ); - - for ( Map.Entry entry : springBeans.entrySet() ) - { - String key = StringUtils.substringAfterLast( entry.getKey(), "#" ); - beans.put( key, entry.getValue() ); - } - return beans; - } - - - protected AuditInformation getAuditInformation() - { - AuditInformation auditInformation = new AuditInformation( new SimpleUser( getPrincipal() ), getRemoteAddr() ); - - return auditInformation; - } - - /** - * dummy information for audit events - * @since 1.4 - */ - private static class SimpleUser - implements User - { - - private String principal; - - protected SimpleUser( String principal ) - { - this.principal = principal; - } - - public Object getPrincipal() - { - return this.principal; - } - - public String getUsername() - { - return null; - } - - public void setUsername( String name ) - { - - } - - public String getFullName() - { - return null; - } - - public void setFullName( String name ) - { - - } - - public String getEmail() - { - return null; - } - - public void setEmail( String address ) - { - - } - - public String getPassword() - { - return null; - } - - public void setPassword( String rawPassword ) - { - - } - - public String getEncodedPassword() - { - return null; - } - - public void setEncodedPassword( String encodedPassword ) - { - - } - - public Date getLastPasswordChange() - { - return null; - } - - public void setLastPasswordChange( Date passwordChangeDate ) - { - - } - - public List getPreviousEncodedPasswords() - { - return null; - } - - public void setPreviousEncodedPasswords( List encodedPasswordList ) - { - - } - - public void addPreviousEncodedPassword( String encodedPassword ) - { - - } - - public boolean isPermanent() - { - return false; - } - - public void setPermanent( boolean permanent ) - { - - } - - public boolean isLocked() - { - return false; - } - - public void setLocked( boolean locked ) - { - - } - - public boolean isPasswordChangeRequired() - { - return false; - } - - public void setPasswordChangeRequired( boolean changeRequired ) - { - - } - - public boolean isValidated() - { - return false; - } - - public void setValidated( boolean valid ) - { - - } - - public int getCountFailedLoginAttempts() - { - return 0; - } - - public void setCountFailedLoginAttempts( int count ) - { - - } - - public Date getAccountCreationDate() - { - return null; - } - - public void setAccountCreationDate( Date date ) - { - - } - - public Date getLastLoginDate() - { - return null; - } - - public void setLastLoginDate( Date date ) - { - - } - } - - -} +package org.apache.archiva.web.action; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import com.opensymphony.xwork2.ActionContext; +import com.opensymphony.xwork2.ActionSupport; +import org.apache.archiva.admin.model.AuditInformation; +import org.apache.archiva.audit.AuditEvent; +import org.apache.archiva.audit.AuditListener; +import org.apache.archiva.audit.Auditable; +import org.apache.archiva.metadata.repository.RepositorySessionFactory; +import org.apache.archiva.security.ArchivaXworkUser; +import org.apache.commons.lang.StringUtils; +import org.apache.struts2.ServletActionContext; +import org.apache.struts2.interceptor.SessionAware; +import org.codehaus.plexus.redback.users.User; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.ApplicationContext; + +import javax.annotation.PostConstruct; +import javax.inject.Inject; +import javax.inject.Named; +import javax.servlet.http.HttpServletRequest; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * LogEnabled and SessionAware ActionSupport + */ +public abstract class AbstractActionSupport + extends ActionSupport + implements SessionAware, Auditable +{ + protected Map session; + + protected Logger log = LoggerFactory.getLogger( getClass() ); + + @Inject + private List auditListeners = new ArrayList(); + + + @Inject + @Named( value = "repositorySessionFactory" ) + protected RepositorySessionFactory repositorySessionFactory; + + @Inject + protected ApplicationContext applicationContext; + + private String principal; + + @PostConstruct + public void initialize() + { + // no op + } + + @SuppressWarnings( "unchecked" ) + public void setSession( Map map ) + { + this.session = map; + } + + public void addAuditListener( AuditListener listener ) + { + this.auditListeners.add( listener ); + } + + public void clearAuditListeners() + { + this.auditListeners.clear(); + } + + public void removeAuditListener( AuditListener listener ) + { + this.auditListeners.remove( listener ); + } + + protected void triggerAuditEvent( String repositoryId, String resource, String action ) + { + AuditEvent event = new AuditEvent( repositoryId, getPrincipal(), resource, action ); + event.setRemoteIP( getRemoteAddr() ); + + for ( AuditListener listener : auditListeners ) + { + listener.auditEvent( event ); + } + } + + protected void triggerAuditEvent( String resource, String action ) + { + AuditEvent event = new AuditEvent( null, getPrincipal(), resource, action ); + event.setRemoteIP( getRemoteAddr() ); + + for ( AuditListener listener : auditListeners ) + { + listener.auditEvent( event ); + } + } + + protected void triggerAuditEvent( String action ) + { + AuditEvent event = new AuditEvent( null, getPrincipal(), null, action ); + event.setRemoteIP( getRemoteAddr() ); + + for ( AuditListener listener : auditListeners ) + { + listener.auditEvent( event ); + } + } + + private String getRemoteAddr() + { + HttpServletRequest request = ServletActionContext.getRequest(); + return request != null ? request.getRemoteAddr() : null; + } + + @SuppressWarnings( "unchecked" ) + protected String getPrincipal() + { + if ( principal != null ) + { + return principal; + } + return ArchivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() ); + } + + void setPrincipal( String principal ) + { + this.principal = principal; + } + + public void setAuditListeners( List auditListeners ) + { + this.auditListeners = auditListeners; + } + + public void setRepositorySessionFactory( RepositorySessionFactory repositorySessionFactory ) + { + this.repositorySessionFactory = repositorySessionFactory; + } + + protected Map getBeansOfType( Class clazz ) + { + //TODO do some caching here !!! + // olamy : with plexus we get only roleHint + // as per convention we named spring bean role#hint remove role# if exists + Map springBeans = applicationContext.getBeansOfType( clazz ); + + Map beans = new HashMap( springBeans.size() ); + + for ( Map.Entry entry : springBeans.entrySet() ) + { + String key = StringUtils.substringAfterLast( entry.getKey(), "#" ); + beans.put( key, entry.getValue() ); + } + return beans; + } + + + protected AuditInformation getAuditInformation() + { + AuditInformation auditInformation = new AuditInformation( new SimpleUser( getPrincipal() ), getRemoteAddr() ); + + return auditInformation; + } + + /** + * dummy information for audit events + * @since 1.4 + */ + private static class SimpleUser + implements User + { + + private String principal; + + protected SimpleUser( String principal ) + { + this.principal = principal; + } + + public Object getPrincipal() + { + return this.principal; + } + + public String getUsername() + { + return null; + } + + public void setUsername( String name ) + { + + } + + public String getFullName() + { + return null; + } + + public void setFullName( String name ) + { + + } + + public String getEmail() + { + return null; + } + + public void setEmail( String address ) + { + + } + + public String getPassword() + { + return null; + } + + public void setPassword( String rawPassword ) + { + + } + + public String getEncodedPassword() + { + return null; + } + + public void setEncodedPassword( String encodedPassword ) + { + + } + + public Date getLastPasswordChange() + { + return null; + } + + public void setLastPasswordChange( Date passwordChangeDate ) + { + + } + + public List getPreviousEncodedPasswords() + { + return null; + } + + public void setPreviousEncodedPasswords( List encodedPasswordList ) + { + + } + + public void addPreviousEncodedPassword( String encodedPassword ) + { + + } + + public boolean isPermanent() + { + return false; + } + + public void setPermanent( boolean permanent ) + { + + } + + public boolean isLocked() + { + return false; + } + + public void setLocked( boolean locked ) + { + + } + + public boolean isPasswordChangeRequired() + { + return false; + } + + public void setPasswordChangeRequired( boolean changeRequired ) + { + + } + + public boolean isValidated() + { + return false; + } + + public void setValidated( boolean valid ) + { + + } + + public int getCountFailedLoginAttempts() + { + return 0; + } + + public void setCountFailedLoginAttempts( int count ) + { + + } + + public Date getAccountCreationDate() + { + return null; + } + + public void setAccountCreationDate( Date date ) + { + + } + + public Date getLastLoginDate() + { + return null; + } + + public void setLastLoginDate( Date date ) + { + + } + } + + +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/legacy/DeleteLegacyArtifactPathAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/legacy/DeleteLegacyArtifactPathAction.java index a36e89e70..944ac1d3e 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/legacy/DeleteLegacyArtifactPathAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/legacy/DeleteLegacyArtifactPathAction.java @@ -1,80 +1,80 @@ -package org.apache.archiva.web.action.admin.legacy; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.apache.archiva.admin.model.RepositoryAdminException; -import org.apache.archiva.admin.model.admin.ArchivaAdministration; -import org.apache.archiva.web.action.AbstractActionSupport; -import org.springframework.context.annotation.Scope; -import org.springframework.stereotype.Controller; - -import javax.inject.Inject; - -/** - * Delete a LegacyArtifactPath to archiva configuration - * - * @since 1.1 - */ -@Controller( "deleteLegacyArtifactPathAction" ) -@Scope( "prototype" ) -public class DeleteLegacyArtifactPathAction - extends AbstractActionSupport -{ - - @Inject - private ArchivaAdministration archivaAdministration; - - private String path; - - public String delete() - { - log.info( "remove [" + path + "] from legacy artifact path resolution" ); - try - { - getArchivaAdministration().deleteLegacyArtifactPath( path, getAuditInformation() ); - } - catch ( RepositoryAdminException e ) - { - log.error( e.getMessage(), e ); - addActionError( "Exception during delete " + e.getMessage() ); - } - return SUCCESS; - } - - public String getPath() - { - return path; - } - - public void setPath( String path ) - { - this.path = path; - } - - public ArchivaAdministration getArchivaAdministration() - { - return archivaAdministration; - } - - public void setArchivaAdministration( ArchivaAdministration archivaAdministration ) - { - this.archivaAdministration = archivaAdministration; - } -} +package org.apache.archiva.web.action.admin.legacy; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.archiva.admin.model.RepositoryAdminException; +import org.apache.archiva.admin.model.admin.ArchivaAdministration; +import org.apache.archiva.web.action.AbstractActionSupport; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Controller; + +import javax.inject.Inject; + +/** + * Delete a LegacyArtifactPath to archiva configuration + * + * @since 1.1 + */ +@Controller( "deleteLegacyArtifactPathAction" ) +@Scope( "prototype" ) +public class DeleteLegacyArtifactPathAction + extends AbstractActionSupport +{ + + @Inject + private ArchivaAdministration archivaAdministration; + + private String path; + + public String delete() + { + log.info( "remove [" + path + "] from legacy artifact path resolution" ); + try + { + getArchivaAdministration().deleteLegacyArtifactPath( path, getAuditInformation() ); + } + catch ( RepositoryAdminException e ) + { + log.error( e.getMessage(), e ); + addActionError( "Exception during delete " + e.getMessage() ); + } + return SUCCESS; + } + + public String getPath() + { + return path; + } + + public void setPath( String path ) + { + this.path = path; + } + + public ArchivaAdministration getArchivaAdministration() + { + return archivaAdministration; + } + + public void setArchivaAdministration( ArchivaAdministration archivaAdministration ) + { + this.archivaAdministration = archivaAdministration; + } +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/legacy/LegacyArtifactPathAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/legacy/LegacyArtifactPathAction.java index e1709a5e5..def781e81 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/legacy/LegacyArtifactPathAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/legacy/LegacyArtifactPathAction.java @@ -1,106 +1,106 @@ -package org.apache.archiva.web.action.admin.legacy; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import com.opensymphony.xwork2.Preparable; -import org.apache.archiva.admin.model.RepositoryAdminException; -import org.apache.archiva.admin.model.admin.ArchivaAdministration; -import org.apache.archiva.admin.model.beans.LegacyArtifactPath; -import org.apache.archiva.security.common.ArchivaRoleConstants; -import org.apache.archiva.web.util.ContextUtils; -import org.apache.archiva.web.action.AbstractActionSupport; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.codehaus.plexus.redback.rbac.Resource; -import org.codehaus.redback.integration.interceptor.SecureAction; -import org.codehaus.redback.integration.interceptor.SecureActionBundle; -import org.codehaus.redback.integration.interceptor.SecureActionException; -import org.springframework.context.annotation.Scope; -import org.springframework.stereotype.Controller; - -import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; -import java.util.ArrayList; -import java.util.List; - -/** - * Shows the LegacyArtifactPath Tab for the administrator. - * - * @since 1.1 - */ -@Controller( "legacyArtifactPathAction" ) -@Scope( "prototype" ) -public class LegacyArtifactPathAction - extends AbstractActionSupport - implements SecureAction, ServletRequestAware, Preparable -{ - - @Inject - private ArchivaAdministration archivaAdministration; - - private List legacyArtifactPaths; - - /** - * Used to construct the repository WebDAV URL in the repository action. - */ - private String baseUrl; - - public void setServletRequest( HttpServletRequest request ) - { - // TODO: is there a better way to do this? - this.baseUrl = ContextUtils.getBaseURL( request, "repository" ); - } - - public SecureActionBundle getSecureActionBundle() - throws SecureActionException - { - SecureActionBundle bundle = new SecureActionBundle(); - - bundle.setRequiresAuthentication( true ); - bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL ); - - return bundle; - } - - public void prepare() - throws RepositoryAdminException - { - legacyArtifactPaths = new ArrayList( getArchivaAdministration().getLegacyArtifactPaths() ); - } - - public List getLegacyArtifactPaths() - { - return legacyArtifactPaths; - } - - public String getBaseUrl() - { - return baseUrl; - } - - public ArchivaAdministration getArchivaAdministration() - { - return archivaAdministration; - } - - public void setArchivaAdministration( ArchivaAdministration archivaAdministration ) - { - this.archivaAdministration = archivaAdministration; - } -} +package org.apache.archiva.web.action.admin.legacy; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import com.opensymphony.xwork2.Preparable; +import org.apache.archiva.admin.model.RepositoryAdminException; +import org.apache.archiva.admin.model.admin.ArchivaAdministration; +import org.apache.archiva.admin.model.beans.LegacyArtifactPath; +import org.apache.archiva.security.common.ArchivaRoleConstants; +import org.apache.archiva.web.util.ContextUtils; +import org.apache.archiva.web.action.AbstractActionSupport; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.codehaus.plexus.redback.rbac.Resource; +import org.codehaus.redback.integration.interceptor.SecureAction; +import org.codehaus.redback.integration.interceptor.SecureActionBundle; +import org.codehaus.redback.integration.interceptor.SecureActionException; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Controller; + +import javax.inject.Inject; +import javax.servlet.http.HttpServletRequest; +import java.util.ArrayList; +import java.util.List; + +/** + * Shows the LegacyArtifactPath Tab for the administrator. + * + * @since 1.1 + */ +@Controller( "legacyArtifactPathAction" ) +@Scope( "prototype" ) +public class LegacyArtifactPathAction + extends AbstractActionSupport + implements SecureAction, ServletRequestAware, Preparable +{ + + @Inject + private ArchivaAdministration archivaAdministration; + + private List legacyArtifactPaths; + + /** + * Used to construct the repository WebDAV URL in the repository action. + */ + private String baseUrl; + + public void setServletRequest( HttpServletRequest request ) + { + // TODO: is there a better way to do this? + this.baseUrl = ContextUtils.getBaseURL( request, "repository" ); + } + + public SecureActionBundle getSecureActionBundle() + throws SecureActionException + { + SecureActionBundle bundle = new SecureActionBundle(); + + bundle.setRequiresAuthentication( true ); + bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL ); + + return bundle; + } + + public void prepare() + throws RepositoryAdminException + { + legacyArtifactPaths = new ArrayList( getArchivaAdministration().getLegacyArtifactPaths() ); + } + + public List getLegacyArtifactPaths() + { + return legacyArtifactPaths; + } + + public String getBaseUrl() + { + return baseUrl; + } + + public ArchivaAdministration getArchivaAdministration() + { + return archivaAdministration; + } + + public void setArchivaAdministration( ArchivaAdministration archivaAdministration ) + { + this.archivaAdministration = archivaAdministration; + } +} diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java index e3358e934..b3224d182 100644 --- a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java @@ -1,155 +1,155 @@ -package org.apache.archiva.web.xmlrpc.security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import java.util.List; - -import org.apache.archiva.security.ArchivaRoleConstants; -import org.apache.archiva.security.ArchivaSecurityException; -import org.apache.archiva.security.UserRepositories; -import org.apache.xmlrpc.XmlRpcException; -import org.apache.xmlrpc.XmlRpcRequest; -import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl; -import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler; -import org.codehaus.plexus.redback.authentication.AuthenticationException; -import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource; -import org.codehaus.plexus.redback.authorization.AuthorizationException; -import org.codehaus.plexus.redback.authorization.AuthorizationResult; -import org.codehaus.plexus.redback.policy.PolicyViolationException; -import org.codehaus.plexus.redback.system.SecuritySession; -import org.codehaus.plexus.redback.system.SecuritySystem; -import org.codehaus.plexus.redback.users.UserNotFoundException; - -/** - * XmlRpcAuthenticator - * - * Custom authentication and authorization handler for xmlrpc requests. - * - * @version $Id - */ -public class XmlRpcAuthenticator - implements AuthenticationHandler -{ - private final SecuritySystem securitySystem; - - private UserRepositories userRepositories; - - private String username; - - public XmlRpcAuthenticator( SecuritySystem securitySystem, UserRepositories userRepositories ) - { - this.securitySystem = securitySystem; - this.userRepositories = userRepositories; - } - - public boolean isAuthorized( XmlRpcRequest pRequest ) - throws XmlRpcException - { - if ( pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl ) - { - XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl) pRequest.getConfig(); - username = config.getBasicUserName(); - SecuritySession session = - authenticate( new PasswordBasedAuthenticationDataSource( username, - config.getBasicPassword() ) ); - - String method = pRequest.getMethodName(); - AuthorizationResult result = authorize( session, method, username ); - - return result.isAuthorized(); - } - - throw new XmlRpcException( "Unsupported transport (must be http)" ); - } - - private SecuritySession authenticate( PasswordBasedAuthenticationDataSource authenticationDataSource ) - throws XmlRpcException - { - try - { - return securitySystem.authenticate( authenticationDataSource ); - } - catch ( PolicyViolationException e ) - { - throw new XmlRpcException( 401, e.getMessage(), e ); - } - catch ( AuthenticationException e ) - { - throw new XmlRpcException( 401, e.getMessage(), e ); - } - catch ( UserNotFoundException e ) - { - throw new XmlRpcException( 401, e.getMessage(), e ); - } - } - - private AuthorizationResult authorize( SecuritySession session, String methodName, String username ) - throws XmlRpcException - { - try - { - // sample attempt at simplifying authorization checking of requested service method - if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION.contains( methodName ) ) - { - return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION ); - } - else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER.contains( methodName ) ) - { - return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_RUN_INDEXER ); - } - else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_REPOSITORY_ACCESS.contains( methodName ) ) - { - try - { - List observableRepos = userRepositories.getObservableRepositoryIds( username ); - if( observableRepos != null && observableRepos.size() > 1 ) - { - return new AuthorizationResult( true, username, null ); - } - else - { - return new AuthorizationResult( false, username, null ); - } - } - catch ( ArchivaSecurityException e ) - { - throw new XmlRpcException( 401, e.getMessage() ); - } - } - else if ( methodName.equals( ServiceMethodsPermissionsMapping.PING ) ) - { - return new AuthorizationResult( true, username, null ); - } - else - { - return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE ); - } - } - catch ( AuthorizationException e ) - { - throw new XmlRpcException( 401, e.getMessage(), e ); - } - } - - public String getActiveUser() - { - return username; - } -} +package org.apache.archiva.web.xmlrpc.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import java.util.List; + +import org.apache.archiva.security.ArchivaRoleConstants; +import org.apache.archiva.security.ArchivaSecurityException; +import org.apache.archiva.security.UserRepositories; +import org.apache.xmlrpc.XmlRpcException; +import org.apache.xmlrpc.XmlRpcRequest; +import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl; +import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler; +import org.codehaus.plexus.redback.authentication.AuthenticationException; +import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource; +import org.codehaus.plexus.redback.authorization.AuthorizationException; +import org.codehaus.plexus.redback.authorization.AuthorizationResult; +import org.codehaus.plexus.redback.policy.PolicyViolationException; +import org.codehaus.plexus.redback.system.SecuritySession; +import org.codehaus.plexus.redback.system.SecuritySystem; +import org.codehaus.plexus.redback.users.UserNotFoundException; + +/** + * XmlRpcAuthenticator + * + * Custom authentication and authorization handler for xmlrpc requests. + * + * @version $Id + */ +public class XmlRpcAuthenticator + implements AuthenticationHandler +{ + private final SecuritySystem securitySystem; + + private UserRepositories userRepositories; + + private String username; + + public XmlRpcAuthenticator( SecuritySystem securitySystem, UserRepositories userRepositories ) + { + this.securitySystem = securitySystem; + this.userRepositories = userRepositories; + } + + public boolean isAuthorized( XmlRpcRequest pRequest ) + throws XmlRpcException + { + if ( pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl ) + { + XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl) pRequest.getConfig(); + username = config.getBasicUserName(); + SecuritySession session = + authenticate( new PasswordBasedAuthenticationDataSource( username, + config.getBasicPassword() ) ); + + String method = pRequest.getMethodName(); + AuthorizationResult result = authorize( session, method, username ); + + return result.isAuthorized(); + } + + throw new XmlRpcException( "Unsupported transport (must be http)" ); + } + + private SecuritySession authenticate( PasswordBasedAuthenticationDataSource authenticationDataSource ) + throws XmlRpcException + { + try + { + return securitySystem.authenticate( authenticationDataSource ); + } + catch ( PolicyViolationException e ) + { + throw new XmlRpcException( 401, e.getMessage(), e ); + } + catch ( AuthenticationException e ) + { + throw new XmlRpcException( 401, e.getMessage(), e ); + } + catch ( UserNotFoundException e ) + { + throw new XmlRpcException( 401, e.getMessage(), e ); + } + } + + private AuthorizationResult authorize( SecuritySession session, String methodName, String username ) + throws XmlRpcException + { + try + { + // sample attempt at simplifying authorization checking of requested service method + if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION.contains( methodName ) ) + { + return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION ); + } + else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER.contains( methodName ) ) + { + return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_RUN_INDEXER ); + } + else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_REPOSITORY_ACCESS.contains( methodName ) ) + { + try + { + List observableRepos = userRepositories.getObservableRepositoryIds( username ); + if( observableRepos != null && observableRepos.size() > 1 ) + { + return new AuthorizationResult( true, username, null ); + } + else + { + return new AuthorizationResult( false, username, null ); + } + } + catch ( ArchivaSecurityException e ) + { + throw new XmlRpcException( 401, e.getMessage() ); + } + } + else if ( methodName.equals( ServiceMethodsPermissionsMapping.PING ) ) + { + return new AuthorizationResult( true, username, null ); + } + else + { + return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE ); + } + } + catch ( AuthorizationException e ) + { + throw new XmlRpcException( 401, e.getMessage(), e ); + } + } + + public String getActiveUser() + { + return username; + } +} diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java index eda25e213..c6c039793 100644 --- a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java @@ -1,240 +1,240 @@ -package org.apache.archiva.xmlrpc.security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import junit.framework.TestCase; -import org.apache.archiva.web.xmlrpc.security.XmlRpcAuthenticator; -import org.apache.archiva.security.ArchivaRoleConstants; -import org.apache.xmlrpc.XmlRpcRequest; -import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl; -import org.codehaus.plexus.redback.role.RoleManager; -import org.codehaus.plexus.redback.system.SecuritySystem; -import org.codehaus.plexus.redback.users.User; -import org.codehaus.plexus.redback.users.UserManager; -import org.codehaus.plexus.redback.users.UserNotFoundException; -import org.easymock.MockControl; -import org.easymock.classextension.MockClassControl; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import javax.inject.Inject; -import javax.inject.Named; - -/** - * XmlRpcAuthenticatorTest - * - * @version $Id XmlRpcAuthenticatorTest.java - */ -@RunWith( SpringJUnit4ClassRunner.class ) -@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } ) -public class XmlRpcAuthenticatorTest - extends TestCase -{ - protected static final String USER_GUEST = "guest"; - - protected static final String USER_ADMIN = "admin"; - - protected static final String USER_ALPACA = "alpaca"; - - private static final String PASSWORD = "password123"; - - @Inject - @Named( value = "securitySystem#testable" ) - protected SecuritySystem securitySystem; - - - @Inject - @Named( value = "roleManager#testable" ) - protected RoleManager roleManager; - - private MockControl xmlRpcRequestControl; - - private XmlRpcRequest xmlRpcRequest; - - private XmlRpcAuthenticator authenticator; - - private MockControl configControl; - - private XmlRpcHttpRequestConfigImpl config; - - @Before - public void setUp() - throws Exception - { - super.setUp(); - - //securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" ); - //roleManager = (RoleManager) lookup( RoleManager.class, "default" ); - - // Some basic asserts. - assertNotNull( securitySystem ); - assertNotNull( roleManager ); - - // Setup Admin User. - User adminUser = createUser( USER_ADMIN, "Admin User", null ); - roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() ); - - // Setup Guest User. - User guestUser = createUser( USER_GUEST, "Guest User", null ); - roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() ); - - configControl = MockClassControl.createControl( XmlRpcHttpRequestConfigImpl.class ); - config = (XmlRpcHttpRequestConfigImpl) configControl.getMock(); - - xmlRpcRequestControl = MockControl.createControl( XmlRpcRequest.class ); - xmlRpcRequest = (XmlRpcRequest) xmlRpcRequestControl.getMock(); - - authenticator = new XmlRpcAuthenticator( securitySystem, null ); - } - - private User createUser( String principal, String fullname, String password ) - throws UserNotFoundException - { - UserManager userManager = securitySystem.getUserManager(); - - User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" ); - securitySystem.getPolicy().setEnabled( false ); - userManager.addUser( user ); - securitySystem.getPolicy().setEnabled( true ); - - user.setPassword( password ); - userManager.updateUser( user ); - - return user; - } - - @Test - public void testIsAuthorizedUserExistsButNotAuthorized() - throws Exception - { - createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD ); - - UserManager userManager = securitySystem.getUserManager(); - try - { - User user = userManager.findUser( USER_ALPACA ); - assertEquals( USER_ALPACA, user.getPrincipal() ); - } - catch ( UserNotFoundException e ) - { - fail( "User should exist in the database." ); - } - - xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); - - configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); - - configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); - - xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(), - "AdministrationService.getAllManagedRepositories" ); - - xmlRpcRequestControl.replay(); - configControl.replay(); - - boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); - - xmlRpcRequestControl.verify(); - configControl.verify(); - - assertFalse( isAuthorized ); - } - - @Test - public void testIsAuthorizedUserExistsAndAuthorized() - throws Exception - { - createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD ); - - UserManager userManager = securitySystem.getUserManager(); - try - { - User user = userManager.findUser( USER_ALPACA ); - assertEquals( USER_ALPACA, user.getPrincipal() ); - } - catch ( UserNotFoundException e ) - { - fail( "User should exist in the database." ); - } - - //TODO cannot assign global repo manager role - it says role does not exist :| - - //roleManager.assignRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, USER_ALPACA ); - - xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); - - configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); - - configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); - - xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(), - "AdministrationService.getAllManagedRepositories" ); - - xmlRpcRequestControl.replay(); - configControl.replay(); - - @SuppressWarnings( "unused" ) boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); - // TODO: broken or bad test? - // assertTrue( isAuthorized ); - - xmlRpcRequestControl.verify(); - configControl.verify(); - - userManager.deleteUser( USER_ALPACA ); - } - - @Test - public void testIsAuthorizedUserDoesNotExist() - throws Exception - { - UserManager userManager = securitySystem.getUserManager(); - try - { - userManager.findUser( USER_ALPACA ); - fail( "User should not exist in the database." ); - } - catch ( UserNotFoundException e ) - { - assertEquals( "Unable to find user 'alpaca'", e.getMessage() ); - } - - xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); - - configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); - - configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); - - xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(), - "AdministrationService.getAllManagedRepositories" ); - - xmlRpcRequestControl.replay(); - configControl.replay(); - - boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); - - xmlRpcRequestControl.verify(); - configControl.verify(); - - assertFalse( isAuthorized ); - } -} +package org.apache.archiva.xmlrpc.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import junit.framework.TestCase; +import org.apache.archiva.web.xmlrpc.security.XmlRpcAuthenticator; +import org.apache.archiva.security.ArchivaRoleConstants; +import org.apache.xmlrpc.XmlRpcRequest; +import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl; +import org.codehaus.plexus.redback.role.RoleManager; +import org.codehaus.plexus.redback.system.SecuritySystem; +import org.codehaus.plexus.redback.users.User; +import org.codehaus.plexus.redback.users.UserManager; +import org.codehaus.plexus.redback.users.UserNotFoundException; +import org.easymock.MockControl; +import org.easymock.classextension.MockClassControl; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import javax.inject.Inject; +import javax.inject.Named; + +/** + * XmlRpcAuthenticatorTest + * + * @version $Id XmlRpcAuthenticatorTest.java + */ +@RunWith( SpringJUnit4ClassRunner.class ) +@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } ) +public class XmlRpcAuthenticatorTest + extends TestCase +{ + protected static final String USER_GUEST = "guest"; + + protected static final String USER_ADMIN = "admin"; + + protected static final String USER_ALPACA = "alpaca"; + + private static final String PASSWORD = "password123"; + + @Inject + @Named( value = "securitySystem#testable" ) + protected SecuritySystem securitySystem; + + + @Inject + @Named( value = "roleManager#testable" ) + protected RoleManager roleManager; + + private MockControl xmlRpcRequestControl; + + private XmlRpcRequest xmlRpcRequest; + + private XmlRpcAuthenticator authenticator; + + private MockControl configControl; + + private XmlRpcHttpRequestConfigImpl config; + + @Before + public void setUp() + throws Exception + { + super.setUp(); + + //securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" ); + //roleManager = (RoleManager) lookup( RoleManager.class, "default" ); + + // Some basic asserts. + assertNotNull( securitySystem ); + assertNotNull( roleManager ); + + // Setup Admin User. + User adminUser = createUser( USER_ADMIN, "Admin User", null ); + roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() ); + + // Setup Guest User. + User guestUser = createUser( USER_GUEST, "Guest User", null ); + roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() ); + + configControl = MockClassControl.createControl( XmlRpcHttpRequestConfigImpl.class ); + config = (XmlRpcHttpRequestConfigImpl) configControl.getMock(); + + xmlRpcRequestControl = MockControl.createControl( XmlRpcRequest.class ); + xmlRpcRequest = (XmlRpcRequest) xmlRpcRequestControl.getMock(); + + authenticator = new XmlRpcAuthenticator( securitySystem, null ); + } + + private User createUser( String principal, String fullname, String password ) + throws UserNotFoundException + { + UserManager userManager = securitySystem.getUserManager(); + + User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" ); + securitySystem.getPolicy().setEnabled( false ); + userManager.addUser( user ); + securitySystem.getPolicy().setEnabled( true ); + + user.setPassword( password ); + userManager.updateUser( user ); + + return user; + } + + @Test + public void testIsAuthorizedUserExistsButNotAuthorized() + throws Exception + { + createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD ); + + UserManager userManager = securitySystem.getUserManager(); + try + { + User user = userManager.findUser( USER_ALPACA ); + assertEquals( USER_ALPACA, user.getPrincipal() ); + } + catch ( UserNotFoundException e ) + { + fail( "User should exist in the database." ); + } + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); + + configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); + + configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(), + "AdministrationService.getAllManagedRepositories" ); + + xmlRpcRequestControl.replay(); + configControl.replay(); + + boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); + + xmlRpcRequestControl.verify(); + configControl.verify(); + + assertFalse( isAuthorized ); + } + + @Test + public void testIsAuthorizedUserExistsAndAuthorized() + throws Exception + { + createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD ); + + UserManager userManager = securitySystem.getUserManager(); + try + { + User user = userManager.findUser( USER_ALPACA ); + assertEquals( USER_ALPACA, user.getPrincipal() ); + } + catch ( UserNotFoundException e ) + { + fail( "User should exist in the database." ); + } + + //TODO cannot assign global repo manager role - it says role does not exist :| + + //roleManager.assignRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, USER_ALPACA ); + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); + + configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); + + configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(), + "AdministrationService.getAllManagedRepositories" ); + + xmlRpcRequestControl.replay(); + configControl.replay(); + + @SuppressWarnings( "unused" ) boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); + // TODO: broken or bad test? + // assertTrue( isAuthorized ); + + xmlRpcRequestControl.verify(); + configControl.verify(); + + userManager.deleteUser( USER_ALPACA ); + } + + @Test + public void testIsAuthorizedUserDoesNotExist() + throws Exception + { + UserManager userManager = securitySystem.getUserManager(); + try + { + userManager.findUser( USER_ALPACA ); + fail( "User should not exist in the database." ); + } + catch ( UserNotFoundException e ) + { + assertEquals( "Unable to find user 'alpaca'", e.getMessage() ); + } + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 ); + + configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA ); + + configControl.expectAndReturn( config.getBasicPassword(), PASSWORD ); + + xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(), + "AdministrationService.getAllManagedRepositories" ); + + xmlRpcRequestControl.replay(); + configControl.replay(); + + boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest ); + + xmlRpcRequestControl.verify(); + configControl.verify(); + + assertFalse( isAuthorized ); + } +} diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java index 14b0d2870..e79ab3006 100644 --- a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java @@ -1,30 +1,30 @@ -package org.apache.archiva.web.xmlrpc.services; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.apache.archiva.web.xmlrpc.api.PingService; - -public class PingServiceImpl implements PingService -{ - public String ping() - { - return "pong"; - } -} +package org.apache.archiva.web.xmlrpc.services; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.archiva.web.xmlrpc.api.PingService; + +public class PingServiceImpl implements PingService +{ + public String ping() + { + return "pong"; + } +}