You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by br...@apache.org on 2009/03/11 17:53:17 UTC
svn commit: r752519 - in /archiva/trunk/archiva-modules/archiva-web:
archiva-security/src/main/java/org/apache/maven/archiva/security/
archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/
archiva-webapp/src/main/java/org/apache/maven/archiva/...
Author: brett
Date: Wed Mar 11 16:53:17 2009
New Revision: 752519
URL: http://svn.apache.org/viewvc?rev=752519&view=rev
Log:
[MRM-1101] restore proper tracking of principal in DAV for audit logging
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java
archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java Wed Mar 11 16:53:17 2009
@@ -25,7 +25,6 @@
import org.codehaus.plexus.redback.system.SecuritySystemConstants;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
-import org.codehaus.plexus.registry.Registry;
/**
* ArchivaXworkUser
@@ -37,35 +36,20 @@
{
public String getActivePrincipal( Map<String, Object> sessionMap )
{
- if ( sessionMap == null )
- {
- return getGuest();
- }
-
SecuritySession securitySession =
(SecuritySession) sessionMap.get( SecuritySystemConstants.SECURITY_SESSION_KEY );
if ( securitySession == null )
{
- securitySession = (SecuritySession) sessionMap.get( SecuritySession.ROLE );
- }
-
- if ( securitySession == null )
- {
- return getGuest();
+ return UserManager.GUEST_USERNAME;
}
User user = securitySession.getUser();
if ( user == null )
{
- return getGuest();
+ return UserManager.GUEST_USERNAME;
}
return (String) user.getPrincipal();
}
-
- public String getGuest()
- {
- return UserManager.GUEST_USERNAME;
- }
}
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java Wed Mar 11 16:53:17 2009
@@ -33,6 +33,7 @@
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.UserAssignment;
import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
+import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.registry.Registry;
import org.codehaus.plexus.registry.RegistryListener;
import org.slf4j.Logger;
@@ -88,7 +89,7 @@
{
String repoId = repoConfig.getId();
- String principal = archivaXworkUser.getGuest();
+ String principal = UserManager.GUEST_USERNAME;
try
{
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java Wed Mar 11 16:53:17 2009
@@ -50,6 +50,7 @@
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.codehaus.plexus.spring.PlexusToSpringUtils;
import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
@@ -271,7 +272,7 @@
if ( usernamePassword == null || usernamePassword.trim().equals( "" ) )
{
- repoIds = getObservableRepos( archivaXworkUser.getGuest() );
+ repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
}
else
{
@@ -281,7 +282,7 @@
}
else
{
- repoIds = getObservableRepos( archivaXworkUser.getGuest() );
+ repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
}
}
else
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java Wed Mar 11 16:53:17 2009
@@ -37,6 +37,7 @@
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
+import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.registry.Registry;
import org.codehaus.plexus.registry.RegistryListener;
import org.slf4j.Logger;
@@ -188,7 +189,7 @@
{
String repoId = repoConfig.getId();
- String principal = archivaXworkUser.getGuest();
+ String principal = UserManager.GUEST_USERNAME;
try
{
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java Wed Mar 11 16:53:17 2009
@@ -57,15 +57,12 @@
import org.apache.maven.archiva.repository.audit.AuditEvent;
import org.apache.maven.archiva.repository.audit.AuditListener;
import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
-import org.apache.maven.archiva.security.ArchivaXworkUser;
import org.apache.maven.archiva.webdav.util.IndexWriter;
import org.apache.maven.archiva.webdav.util.MimeTypes;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormatter;
import org.joda.time.format.ISODateTimeFormat;
-import com.opensymphony.xwork2.ActionContext;
-
/**
*/
public class ArchivaDavResource
@@ -96,22 +93,21 @@
private final MimeTypes mimeTypes;
private List<AuditListener> auditListeners;
-
- private ArchivaXworkUser archivaXworkUser;
+ private String principal;
+
public static final String COMPLIANCE_CLASS = "1, 2";
public ArchivaDavResource( String localResource, String logicalResource, ManagedRepositoryConfiguration repository,
DavSession session, ArchivaDavResourceLocator locator, DavResourceFactory factory,
MimeTypes mimeTypes, List<AuditListener> auditListeners,
- RepositoryContentConsumers consumers, ArchivaXworkUser archivaXworkUser )
+ RepositoryContentConsumers consumers )
{
this.localResource = new File( localResource );
this.logicalResource = logicalResource;
this.locator = locator;
this.factory = factory;
this.session = session;
- this.archivaXworkUser = archivaXworkUser;
// TODO: push into locator as well as moving any references out of the resource factory
this.repository = repository;
@@ -123,14 +119,15 @@
}
public ArchivaDavResource( String localResource, String logicalResource, ManagedRepositoryConfiguration repository,
- String remoteAddr, DavSession session, ArchivaDavResourceLocator locator,
+ String remoteAddr, String principal, DavSession session, ArchivaDavResourceLocator locator,
DavResourceFactory factory, MimeTypes mimeTypes, List<AuditListener> auditListeners,
- RepositoryContentConsumers consumers, ArchivaXworkUser archivaXworkUser )
+ RepositoryContentConsumers consumers )
{
this( localResource, logicalResource, repository, session, locator, factory, mimeTypes, auditListeners,
- consumers, archivaXworkUser );
+ consumers );
this.remoteAddr = remoteAddr;
+ this.principal = principal;
}
public String getComplianceClass()
@@ -618,8 +615,7 @@
private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action )
{
- String activePrincipal = archivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() );
- AuditEvent event = new AuditEvent( repositoryId, activePrincipal, resource, action );
+ AuditEvent event = new AuditEvent( repositoryId, principal, resource, action );
event.setRemoteIP( remoteIP );
for ( AuditListener listener : auditListeners )
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java Wed Mar 11 16:53:17 2009
@@ -24,9 +24,7 @@
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import javax.servlet.http.HttpServletResponse;
@@ -64,7 +62,6 @@
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
-import org.apache.maven.archiva.security.ArchivaXworkUser;
import org.apache.maven.archiva.security.ServletAuthenticator;
import org.apache.maven.archiva.webdav.util.MimeTypes;
import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
@@ -84,13 +81,13 @@
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystemConstants;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.opensymphony.xwork2.ActionContext;
-
/**
* @plexus.component role="org.apache.maven.archiva.webdav.ArchivaDavResourceFactory"
*/
@@ -172,11 +169,6 @@
* @plexus.requirement role-hint="md5";
*/
private Digester digestMd5;
-
- /**
- * @plexus.requirement
- */
- private ArchivaXworkUser archivaXworkUser;
public DavResource createResource( final DavResourceLocator locator, final DavServletRequest request,
final DavServletResponse response )
@@ -317,10 +309,13 @@
LogicalResource logicalResource =
new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
+ String activePrincipal = getActivePrincipal( request );
+
ArchivaDavResource metadataChecksumResource =
- new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(), null,
- request.getRemoteAddr(), request.getDavSession(), archivaLocator, this,
- mimeTypes, auditListeners, consumers, archivaXworkUser );
+ new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(),
+ null, request.getRemoteAddr(), activePrincipal,
+ request.getDavSession(), archivaLocator, this, mimeTypes,
+ auditListeners, consumers );
availableResources.add( 0, metadataChecksumResource );
}
}
@@ -349,10 +344,12 @@
LogicalResource logicalResource =
new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
+ String activePrincipal = getActivePrincipal( request );
+
ArchivaDavResource metadataResource =
new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), null,
- request.getRemoteAddr(), request.getDavSession(), archivaLocator, this,
- mimeTypes, auditListeners, consumers, archivaXworkUser );
+ request.getRemoteAddr(), activePrincipal, request.getDavSession(),
+ archivaLocator, this, mimeTypes, auditListeners, consumers );
availableResources.add( 0, metadataResource );
}
catch ( RepositoryMetadataException r )
@@ -401,7 +398,7 @@
resource =
new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource,
managedRepository.getRepository(), davSession, archivaLocator, this, mimeTypes,
- auditListeners, consumers, archivaXworkUser );
+ auditListeners, consumers );
}
resource.addLockManager(lockManager);
return resource;
@@ -423,10 +420,12 @@
}
}
+ String activePrincipal = getActivePrincipal( request );
+
ArchivaDavResource resource =
new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
- managedRepository.getRepository(), request.getRemoteAddr(),
- request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers, archivaXworkUser );
+ managedRepository.getRepository(), request.getRemoteAddr(), activePrincipal,
+ request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
if ( !resource.isCollection() )
{
@@ -458,7 +457,8 @@
{
String repositoryId = locator.getRepositoryId();
String event = ( previouslyExisted ? AuditEvent.MODIFY_FILE : AuditEvent.CREATE_FILE ) + PROXIED_SUFFIX;
- triggerAuditEvent( request.getRemoteAddr(), repositoryId, logicalResource.getPath(), event );
+ triggerAuditEvent( request.getRemoteAddr(), repositoryId, logicalResource.getPath(), event,
+ activePrincipal );
}
if ( !resourceFile.exists() )
@@ -470,8 +470,8 @@
resource =
new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
managedRepository.getRepository(), request.getRemoteAddr(),
- request.getDavSession(), locator, this, mimeTypes, auditListeners,
- consumers, archivaXworkUser );
+ activePrincipal, request.getDavSession(), locator, this, mimeTypes,
+ auditListeners, consumers );
}
}
return resource;
@@ -490,18 +490,21 @@
File rootDirectory = new File( managedRepository.getRepoRoot() );
File destDir = new File( rootDirectory, logicalResource.getPath() ).getParentFile();
+ String activePrincipal = getActivePrincipal( request );
+
if ( request.getMethod().equals(HTTP_PUT_METHOD) && !destDir.exists() )
{
destDir.mkdirs();
String relPath = PathUtil.getRelative( rootDirectory.getAbsolutePath(), destDir );
- triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR );
+ triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR,
+ activePrincipal );
}
File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
return new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
- managedRepository.getRepository(), request.getRemoteAddr(),
- request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers, archivaXworkUser );
+ managedRepository.getRepository(), request.getRemoteAddr(), activePrincipal,
+ request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
}
private boolean fetchContentFromProxies( ManagedRepositoryContent managedRepository, DavServletRequest request,
@@ -638,10 +641,10 @@
}
// TODO: remove?
- private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action )
+ private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action,
+ String principal )
{
- String activePrincipal = archivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() );
- AuditEvent event = new AuditEvent( repositoryId, activePrincipal, resource, action );
+ AuditEvent event = new AuditEvent( repositoryId, principal, resource, action );
event.setRemoteIP( remoteIP );
for ( AuditListener listener : auditListeners )
@@ -749,7 +752,7 @@
boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
// safety check for MRM-911
- String guest = archivaXworkUser.getGuest();
+ String guest = UserManager.GUEST_USERNAME;
try
{
if( servletAuth.isAuthorized( guest,
@@ -797,15 +800,8 @@
// browse the repo group but displaying only the repositories which the user has permission to access.
// otherwise, prompt for authentication.
- // put the current session in the session map which will be passed to ArchivaXworkUser
- Map<String, Object> sessionMap = new HashMap<String, Object>();
- if( request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) != null )
- {
- sessionMap.put( SecuritySystemConstants.SECURITY_SESSION_KEY,
- request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) );
- }
-
- String activePrincipal = archivaXworkUser.getActivePrincipal( sessionMap );
+ String activePrincipal = getActivePrincipal( request );
+
boolean allow = isAllowedToContinue( request, repositories, activePrincipal );
if( allow )
@@ -863,6 +859,12 @@
return resource;
}
+ private String getActivePrincipal( DavServletRequest request )
+ {
+ User sessionUser = httpAuth.getSessionUser( request.getSession() );
+ return sessionUser != null ? sessionUser.getUsername() : UserManager.GUEST_USERNAME;
+ }
+
private void getResource( ArchivaDavResourceLocator locator, List<File> mergedRepositoryContents,
LogicalResource logicalResource, String repository )
throws DavException
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java Wed Mar 11 16:53:17 2009
@@ -32,6 +32,7 @@
import org.codehaus.plexus.redback.authorization.UnauthorizedException;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -75,7 +76,7 @@
boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
// safety check for MRM-911
- String guest = archivaXworkUser.getGuest();
+ String guest = UserManager.GUEST_USERNAME;
try
{
if( servletAuth.isAuthorized( guest,
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java Wed Mar 11 16:53:17 2009
@@ -37,7 +37,6 @@
import org.apache.jackrabbit.webdav.lock.Type;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
-import org.apache.maven.archiva.security.ArchivaXworkUser;
import org.apache.maven.archiva.webdav.util.MimeTypes;
import org.codehaus.plexus.spring.PlexusInSpringTestCase;
import org.codehaus.plexus.spring.PlexusToSpringUtils;
@@ -68,8 +67,6 @@
private ManagedRepositoryConfiguration repository = new ManagedRepositoryConfiguration();
- private ArchivaXworkUser archivaXworkUser;
-
@Override
protected void setUp()
throws Exception
@@ -87,7 +84,6 @@
lockManager = new SimpleLockManager();
resource.addLockManager(lockManager);
consumers = (RepositoryContentConsumers)getApplicationContext().getBean("repositoryContentConsumers");
- archivaXworkUser = (ArchivaXworkUser) getApplicationContext().getBean( PlexusToSpringUtils.buildSpringId( ArchivaXworkUser.class ) );
}
@Override
@@ -102,7 +98,7 @@
private DavResource getDavResource(String logicalPath, File file)
{
return new ArchivaDavResource( file.getAbsolutePath(), logicalPath, repository, session, resourceLocator,
- resourceFactory, mimeTypes, Collections.emptyList(), consumers, archivaXworkUser );
+ resourceFactory, mimeTypes, Collections.emptyList(), consumers );
}
public void testDeleteNonExistantResourceShould404()
@@ -303,7 +299,7 @@
public DavResource createResource(DavResourceLocator locator, DavSession session) throws DavException {
return new ArchivaDavResource( baseDir.getAbsolutePath(), "/", repository, session, resourceLocator,
- resourceFactory, mimeTypes, Collections.emptyList(), consumers, archivaXworkUser );
+ resourceFactory, mimeTypes, Collections.emptyList(), consumers );
}
}
}
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java Wed Mar 11 16:53:17 2009
@@ -39,6 +39,7 @@
import org.codehaus.plexus.redback.authorization.UnauthorizedException;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.users.memory.SimpleUser;
import org.codehaus.plexus.spring.PlexusInSpringTestCase;
import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
import org.codehaus.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
@@ -263,6 +264,8 @@
servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, result ),
new AuthenticationException( "Authentication error" ) );
+ httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), null );
+
// check if guest has write access
servletAuth.isAuthorized( "guest", "internal", true );
servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
@@ -354,6 +357,7 @@
SecuritySession session = new DefaultSecuritySession();
httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
+ httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() );
servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
@@ -401,6 +405,7 @@
SecuritySession session = new DefaultSecuritySession();
httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
+ httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), null );
servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
@@ -481,6 +486,7 @@
SecuritySession session = new DefaultSecuritySession();
httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
+ httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() );
servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml Wed Mar 11 16:53:17 2009
@@ -158,10 +158,6 @@
<role-hint>md5</role-hint>
<field-name>digestMd5</field-name>
</requirement>
- <requirement>
- <role>org.apache.maven.archiva.security.ArchivaXworkUser</role>
- <field-name>archivaXworkUser</field-name>
- </requirement>
</requirements>
</component>
</components>
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml?rev=752519&r1=752518&r2=752519&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml Wed Mar 11 16:53:17 2009
@@ -158,10 +158,6 @@
<role-hint>md5</role-hint>
<field-name>digestMd5</field-name>
</requirement>
- <requirement>
- <role>org.apache.maven.archiva.security.ArchivaXworkUser</role>
- <field-name>archivaXworkUser</field-name>
- </requirement>
</requirements>
</component>
</components>