From 87bdeaecf66570324748f051326f9ca57b0e43fb Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Fri, 27 Oct 2006 19:21:46 +0000 Subject: [PATCH] * Making authenication optional (if provided, then authenticate) * Making authorization denial reason be dumped to log file. git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@468507 13f79535-47bb-0310-9956-ffa450edef68 --- .../servlet/repository/RepositoryAccess.java | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java index 3ae46df9c..5635183b7 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java @@ -27,6 +27,7 @@ import org.apache.maven.archiva.web.servlet.AbstractPlexusServlet; import org.codehaus.plexus.security.authentication.AuthenticationException; import org.codehaus.plexus.security.authentication.AuthenticationResult; import org.codehaus.plexus.security.authorization.AuthorizationException; +import org.codehaus.plexus.security.authorization.AuthorizationResult; import org.codehaus.plexus.security.policy.AccountLockedException; import org.codehaus.plexus.security.policy.MustChangePasswordException; import org.codehaus.plexus.security.system.SecuritySession; @@ -134,19 +135,18 @@ public class RepositoryAccess } // Authentication Tests. - - AuthenticationResult result; try { - result = httpAuth.getAuthenticationResult( request, response ); + AuthenticationResult result = httpAuth.getAuthenticationResult( request, response ); - if ( !result.isAuthenticated() ) + if ( ( result != null ) && !result.isAuthenticated() ) { // Must Authenticate. httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), new AuthenticationException( "User Credentials Invalid" ) ); return; } + } catch ( AuthenticationException e ) { @@ -178,10 +178,16 @@ public class RepositoryAccess permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD; } - boolean isAuthorized = securitySystem.isAuthorized( securitySession, permission, repoconfig.getId() ); - - if ( !isAuthorized ) + AuthorizationResult authzResult = securitySystem + .authorize( securitySession, permission, repoconfig.getId() ); + + if ( !authzResult.isAuthorized() ) { + if ( authzResult.getException() != null ) + { + getLogger().warn( "Authorization Denied", authzResult.getException() ); + } + // Issue HTTP Challenge. httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), new AuthenticationException( "Authorization Denied." ) );