From cdb295bdf35504742d21647913eb11a35de409ad Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Sun, 21 Nov 2010 15:27:28 +0100 Subject: [PATCH] added permission check for svn --- .../sonia/scm/web/GitPermissionFilter.java | 24 +--- .../scm/repository/SvnRepositoryHandler.java | 25 ++++ .../sonia/scm/web/SvnPermissionFilter.java | 121 ++++++++++++++++++ .../java/sonia/scm/web/SvnServletModule.java | 16 ++- .../scm/web/filter/PermissionFilter.java | 61 +++++++-- 5 files changed, 213 insertions(+), 34 deletions(-) create mode 100644 plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java diff --git a/plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java b/plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java index 8277a0722b..d4264942c8 100644 --- a/plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java +++ b/plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java @@ -62,10 +62,6 @@ public class GitPermissionFilter extends PermissionFilter /** Field description */ public static final String PATTERN_WRITEREQUEST = "git-receive-pack"; - /** Field description */ - public static final Pattern PATTERN_REPOSITORYNAME = - Pattern.compile("/[^/]+/([^/]+)(?:/.*)?"); - //~--- constructors --------------------------------------------------------- /** @@ -90,28 +86,14 @@ public class GitPermissionFilter extends PermissionFilter * Method description * * - * @param request + * @param name * * @return */ @Override - protected Repository getRepository(HttpServletRequest request) + protected Repository getRepository(String name) { - Repository repository = null; - String uri = request.getRequestURI(); - - uri = uri.substring(request.getContextPath().length()); - - Matcher m = PATTERN_REPOSITORYNAME.matcher(uri); - - if (m.matches()) - { - String repositoryname = m.group(1); - - repository = handler.getByName(repositoryname); - } - - return repository; + return handler.getByName(name); } /** diff --git a/plugins/scm-svn-plugin/src/main/java/sonia/scm/repository/SvnRepositoryHandler.java b/plugins/scm-svn-plugin/src/main/java/sonia/scm/repository/SvnRepositoryHandler.java index 5e609d977e..31658c4dbc 100644 --- a/plugins/scm-svn-plugin/src/main/java/sonia/scm/repository/SvnRepositoryHandler.java +++ b/plugins/scm-svn-plugin/src/main/java/sonia/scm/repository/SvnRepositoryHandler.java @@ -67,6 +67,31 @@ public class SvnRepositoryHandler //~--- get methods ---------------------------------------------------------- + /** + * TODO dont use getAll + * + * + * @param name + * + * @return + */ + public Repository getByName(String name) + { + Repository repository = null; + + for (Repository r : getAll()) + { + if (r.getName().equals(name)) + { + repository = r; + + break; + } + } + + return repository; + } + /** * Method description * diff --git a/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java b/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java new file mode 100644 index 0000000000..baa14bb158 --- /dev/null +++ b/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java @@ -0,0 +1,121 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.web; + +//~--- non-JDK imports -------------------------------------------------------- + +import com.google.inject.Inject; +import com.google.inject.Provider; +import com.google.inject.Singleton; + +import sonia.scm.repository.Repository; +import sonia.scm.repository.SvnRepositoryHandler; +import sonia.scm.web.filter.PermissionFilter; +import sonia.scm.web.security.SecurityContext; + +//~--- JDK imports ------------------------------------------------------------ + +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; + +/** + * + * @author Sebastian Sdorra + */ +@Singleton +public class SvnPermissionFilter extends PermissionFilter +{ + + /** Field description */ + private static Set WRITEMETHOD_SET = + new HashSet(Arrays.asList("MKACTIVITY", "PROPPATCH", "PUT", + "CHECKOUT", "MKCOL", "MOVE", "COPY", "DELETE", "LOCK", "UNLOCK", + "MERGE")); + + //~--- constructors --------------------------------------------------------- + + /** + * Constructs ... + * + * + * + * @param securityContextProvider + * @param handler + */ + @Inject + public SvnPermissionFilter(Provider securityContextProvider, + SvnRepositoryHandler handler) + { + super(securityContextProvider); + this.handler = handler; + } + + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @param name + * + * @return + */ + @Override + protected Repository getRepository(String name) + { + return handler.getByName(name); + } + + /** + * Method description + * + * + * @param request + * + * @return + */ + @Override + protected boolean isWriteRequest(HttpServletRequest request) + { + return WRITEMETHOD_SET.contains(request.getMethod().toUpperCase()); + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + private SvnRepositoryHandler handler; +} diff --git a/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java b/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java index 1edf97a60e..1ec471d3d9 100644 --- a/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java +++ b/plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java @@ -51,6 +51,14 @@ import java.util.Map; public class SvnServletModule extends ServletModule { + /** Field description */ + public static final String PARAMETER_SVN_PARENTPATH = "SVNParentPath"; + + /** Field description */ + public static final String PATTERN_SVN = "/svn/*"; + + //~--- methods -------------------------------------------------------------- + /** * Method description * @@ -58,11 +66,13 @@ public class SvnServletModule extends ServletModule @Override protected void configureServlets() { - filter("/svn/*").through(BasicAuthenticationFilter.class); + filter(PATTERN_SVN).through(BasicAuthenticationFilter.class); + filter(PATTERN_SVN).through(SvnPermissionFilter.class); Map parameters = new HashMap(); - parameters.put("SVNParentPath", System.getProperty("java.io.tmpdir")); - serve("/svn/*").with(SvnDAVServlet.class, parameters); + parameters.put(PARAMETER_SVN_PARENTPATH, + System.getProperty("java.io.tmpdir")); + serve(PATTERN_SVN).with(SvnDAVServlet.class, parameters); } } diff --git a/scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java b/scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java index aa39a88ad9..44fb94e2db 100644 --- a/scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java +++ b/scm-web-api/src/main/java/sonia/scm/web/filter/PermissionFilter.java @@ -50,6 +50,9 @@ import sonia.scm.web.security.SecurityContext; import java.io.IOException; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -66,6 +69,10 @@ public abstract class PermissionFilter extends HttpFilter private static final Logger logger = LoggerFactory.getLogger(PermissionFilter.class); + /** Field description */ + public static final Pattern PATTERN_REPOSITORYNAME = + Pattern.compile("/[^/]+/([^/]+)(?:/.*)?"); + //~--- constructors --------------------------------------------------------- /** @@ -81,16 +88,6 @@ public abstract class PermissionFilter extends HttpFilter //~--- get methods ---------------------------------------------------------- - /** - * Method description - * - * - * @param request - * - * @return - */ - protected abstract Repository getRepository(HttpServletRequest request); - /** * Method description * @@ -173,6 +170,50 @@ public abstract class PermissionFilter extends HttpFilter } } + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @param request + * + * @return + */ + protected Repository getRepository(HttpServletRequest request) + { + Repository repository = null; + String uri = request.getRequestURI(); + + uri = uri.substring(request.getContextPath().length()); + + Matcher m = PATTERN_REPOSITORYNAME.matcher(uri); + + if (m.matches()) + { + String repositoryname = m.group(1); + + repository = getRepository(repositoryname); + } + + return repository; + } + + /** + * Method description + * + * + * @param name + * + * @return + */ + protected Repository getRepository(String name) + { + return null; + } + + ; + //~--- fields --------------------------------------------------------------- /** Field description */