Apache/archiva
1
0
Fork 0
mirror of https://github.com/apache/archiva.git synced 2025-02-07 02:29:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implemented security for XmlRpcServlet.

Browse Source 
XmlRpcAuthenticator is injected into the servlet via spring.




git-svn-id: https://svn.apache.org/repos/asf/archiva/branches@692370 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
James William Dumay 2008-09-05 07:43:50 +00:00
parent c967b733aa
commit 9078e52c83
7 changed files with 152 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MRM-124/archiva-modules/archiva-web/archiva-webapp/pom.xml
View File

@ -88,6 +88,10 @@
<groupId>org.apache.archiva</groupId>
<artifactId>archiva-xmlrpc-services</artifactId>
</dependency>
<dependency>
<groupId>org.apache.archiva</groupId>
<artifactId>archiva-xmlrpc-security</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>

6
MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/applicationContext.xml
View File

@ -40,4 +40,10 @@
</constructor-arg>
</bean>
<bean name="xmlRpcAuthenticator" class="org.apache.maven.archiva.xmlrpc.security.XmlRpcAuthenticator">
<constructor-arg>
<ref bean="securitySystem"/>
</constructor-arg>
</bean>
</beans>

6
MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml
View File

@ -90,7 +90,11 @@
<param-name>serviceListBeanName</param-name>
<param-value>xmlrpcServicesList</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>authHandlerBeanName</param-name>
<param-value>xmlRpcAuthenticator</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>

32
MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml Normal file
View File

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.archiva</groupId>
<artifactId>archiva-xmlrpc</artifactId>
<version>1.2-SNAPSHOT</version>
</parent>
<artifactId>archiva-xmlrpc-security</artifactId>
<version>1.2-SNAPSHOT</version>
<name>Archiva Web :: XML-RPC Security</name>
<dependencies>
<dependency>
<groupId>org.apache.xmlrpc</groupId>
<artifactId>xmlrpc-server</artifactId>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-system</artifactId>
</dependency>
<dependency>
<groupId>org.apache.archiva</groupId>
<artifactId>archiva-security</artifactId>
</dependency>
</dependencies>
</project>

91
MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticator.java Normal file
View File

@ -0,0 +1,91 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.maven.archiva.xmlrpc.security;
import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.xmlrpc.XmlRpcException;
import org.apache.xmlrpc.XmlRpcRequest;
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.authorization.AuthorizationResult;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.UserNotFoundException;
public class XmlRpcAuthenticator implements AuthenticationHandler
{
private final SecuritySystem securitySystem;
public XmlRpcAuthenticator(SecuritySystem securitySystem)
{
this.securitySystem = securitySystem;
}
public boolean isAuthorized(XmlRpcRequest pRequest) throws XmlRpcException {
if (pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl)
{
XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl)pRequest.getConfig();
SecuritySession session = authenticate(new PasswordBasedAuthenticationDataSource(config.getBasicUserName(), config.getBasicPassword()));
AuthorizationResult result = authorize(session);
return result.isAuthorized();
}
throw new XmlRpcException("Unsupported transport (must be http)");
}
private SecuritySession authenticate(PasswordBasedAuthenticationDataSource authenticationDataSource)
throws XmlRpcException
{
try
{
return securitySystem.authenticate(authenticationDataSource);
}
catch (AccountLockedException e)
{
throw new XmlRpcException(401, e.getMessage(), e);
}
catch (AuthenticationException e)
{
throw new XmlRpcException(401, e.getMessage(), e);
}
catch (UserNotFoundException e)
{
throw new XmlRpcException(401, e.getMessage(), e);
}
}
private AuthorizationResult authorize(SecuritySession session)
throws XmlRpcException
{
try
{
return securitySystem.authorize(session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE);
}
catch (AuthorizationException e)
{
throw new XmlRpcException(401, e.getMessage(), e);
}
}
}

9
MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/pom.xml
View File

@ -1,4 +1,4 @@
<?xml version="1.0"?>
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Licensed to the Apache Software Foundation (ASF) under one
~ or more contributor license agreements. See the NOTICE file
@ -16,9 +16,7 @@
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
--><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.archiva</groupId>
@ -32,5 +30,6 @@
<modules>
<module>archiva-xmlrpc-api</module>
<module>archiva-xmlrpc-services</module>
<module>archiva-xmlrpc-security</module>
</modules>
</project>
</project>

10
MRM-124/pom.xml
View File

@ -391,6 +391,11 @@
<artifactId>archiva-xmlrpc-services</artifactId>
<version>1.2-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.apache.archiva</groupId>
<artifactId>archiva-xmlrpc-security</artifactId>
<version>1.2-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.apache.archiva</groupId>
<artifactId>archiva-rss</artifactId>
@ -511,6 +516,11 @@
<artifactId>mail</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>org.apache.xmlrpc</groupId>
<artifactId>xmlrpc-server</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-artifact-manager</artifactId>