1 package org.apache.continuum.webdav;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.continuum.buildagent.configuration.BuildAgentConfigurationService;
23 import org.apache.jackrabbit.webdav.DavException;
24 import org.apache.jackrabbit.webdav.DavSessionProvider;
25 import org.apache.jackrabbit.webdav.WebdavRequest;
26 import org.codehaus.plexus.util.Base64;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29
30 import javax.servlet.http.HttpServletResponse;
31
32 public class ContinuumBuildAgentDavSessionProvider
33 implements DavSessionProvider
34 {
35 private Logger log = LoggerFactory.getLogger( this.getClass() );
36
37 private BuildAgentConfigurationService buildAgentConfigurationService;
38
39 public ContinuumBuildAgentDavSessionProvider( BuildAgentConfigurationService buildAgentConfigurationService )
40 {
41 this.buildAgentConfigurationService = buildAgentConfigurationService;
42 }
43
44 public boolean attachSession( WebdavRequest request )
45 throws DavException
46 {
47 if ( !isAuthorized( request ) )
48 {
49 throw new DavException( HttpServletResponse.SC_UNAUTHORIZED );
50 }
51
52 request.setDavSession( new ContinuumBuildAgentDavSession() );
53
54 return true;
55 }
56
57 public void releaseSession( WebdavRequest request )
58 {
59 request.setDavSession( null );
60 }
61
62 private boolean isAuthorized( WebdavRequest request )
63 {
64 String header = request.getHeader( "Authorization" );
65
66
67 if ( header == null )
68 {
69 header = request.getHeader( "authorization" );
70 }
71
72 if ( ( header != null ) && header.startsWith( "Basic " ) )
73 {
74 String base64Token = header.substring( 6 );
75 String token = new String( Base64.decodeBase64( base64Token.getBytes() ) );
76
77 String password = "";
78 int delim = token.indexOf( ':' );
79
80 if ( delim != ( -1 ) )
81 {
82 password = token.substring( delim + 1 );
83 }
84
85 if ( buildAgentConfigurationService.getSharedSecretPassword() != null &&
86 buildAgentConfigurationService.getSharedSecretPassword().equals( password ) )
87 {
88 log.debug( "Password matches configured shared key in continuum build agent." );
89 return true;
90 }
91 }
92
93 log.warn( "Not authorized to access the working copy." );
94
95 return false;
96 }
97 }