Merge pull request #761 from sonatype/nxcm-4999-fix-repo-target-path

[NXCM-4999] Use in-repo path for matching repo targets
sonatype · Mar 8, 2013 · 0d91b24 · 0d91b24
2 parents 24181e1 + 27d402c
commit 0d91b24
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 10 deletions.
diff --git a/nexus-core/src/main/java/org/sonatype/nexus/proxy/router/DefaultRepositoryRouter.java b/nexus-core/src/main/java/org/sonatype/nexus/proxy/router/DefaultRepositoryRouter.java
@@ -729,7 +729,7 @@ public boolean authorizePath( ResourceStoreRequest request, Action action )
                 // if this repository is contained in any group, we need to get those targets, and tweak the TargetMatch
                 try
                 {
-                    request.pushRequestPath( route.getOriginalRequestPath() );
+                    request.pushRequestPath( route.getRepositoryPath() );
 
                     matched.addTargetSet( this.itemAuthorizer.getGroupsTargetSet( route.getTargetedRepository(),
                         request ) );

diff --git a/nexus-core/src/test/java/org/sonatype/nexus/proxy/router/DefaultRepositoryRouterTest.java b/nexus-core/src/test/java/org/sonatype/nexus/proxy/router/DefaultRepositoryRouterTest.java
@@ -12,32 +12,30 @@
  */
 package org.sonatype.nexus.proxy.router;
 
-import java.io.File;
-import java.net.URL;
+import static org.hamcrest.MatcherAssert.assertThat;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 
-import org.apache.shiro.realm.Realm;
-import org.junit.Assert;
-import org.junit.Test;
-
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
-import org.codehaus.plexus.util.FileUtils;
 import org.codehaus.plexus.util.xml.Xpp3Dom;
+import org.junit.Assert;
+import org.junit.Test;
 import org.sonatype.nexus.NexusAppTestSupport;
 import org.sonatype.nexus.configuration.application.ApplicationConfiguration;
 import org.sonatype.nexus.configuration.application.NexusConfiguration;
 import org.sonatype.nexus.configuration.model.CRepository;
 import org.sonatype.nexus.configuration.model.DefaultCRepository;
-import org.sonatype.nexus.proxy.NexusProxyTestSupport;
 import org.sonatype.nexus.proxy.ResourceStoreRequest;
+import org.sonatype.nexus.proxy.access.Action;
 import org.sonatype.nexus.proxy.item.StorageCollectionItem;
 import org.sonatype.nexus.proxy.item.StorageItem;
+import org.sonatype.nexus.proxy.maven.MavenGroupRepository;
 import org.sonatype.nexus.proxy.maven.maven1.M1LayoutedM2ShadowRepositoryConfiguration;
 import org.sonatype.nexus.proxy.maven.maven1.M1Repository;
 import org.sonatype.nexus.proxy.maven.maven2.M2GroupRepository;
@@ -65,6 +63,8 @@ public class DefaultRepositoryRouterTest
 
     private ApplicationConfiguration applicationConfiguration;
 
+    private TargetRegistry targetRegistry;
+
     @Override
     protected void setUp()
         throws Exception
@@ -99,7 +99,7 @@ protected void setUp()
         // URL url = Thread.currentThread().getContextClassLoader().getResource( resource );
         // FileUtils.copyURLToFile( url, new File( getConfHomeDir(), "security-configuration.xml" ) );
 
-        TargetRegistry targetRegistry = this.lookup( TargetRegistry.class );
+        targetRegistry = this.lookup( TargetRegistry.class );
 
         // shave off defaults
         final Collection<Target> targets = new ArrayList<Target>( targetRegistry.getRepositoryTargets() );
@@ -141,6 +141,59 @@ protected boolean loadConfigurationAtSetUp()
         return false;
     }
 
+    @Test
+    public void testNXCM4999UseInRepoPathForTargetMatching()
+        throws Exception
+    {
+        // add repo1 to group1
+        repositoryRegistry.getRepositoryWithFacet( "group1", MavenGroupRepository.class ).addMemberRepositoryId(
+            "repo1" );
+        // create a path specific target
+        Target t =
+            new Target( "nxcm4999", "NXCM4999", new Maven2ContentClass(),
+                Arrays.asList( new String[] { "(?!/com/.*-sources.jar).*" } ) );
+        targetRegistry.addRepositoryTarget( t );
+        // flush changes
+        applicationConfiguration.saveConfiguration();
+
+        {
+            final Subject subject = loginUser( "nxcm4999user" );
+            try
+            {
+                final ResourceStoreRequest request1 =
+                    new ResourceStoreRequest( "/repositories/repo1/com/mycorp/artifact/1.0/artifact-1.0.jar" );
+                assertThat( "User should have access to this resource as it has all the needed perms.",
+                    router.authorizePath( request1, Action.read ) );
+                final ResourceStoreRequest request2 =
+                    new ResourceStoreRequest( "/repositories/repo1/com/mycorp/artifact/1.0/artifact-1.0-sources.jar" );
+                assertThat( "User should have access to this resource as it has all the needed perms.",
+                    router.authorizePath( request2, Action.read ) );
+            }
+            finally
+            {
+                securitySystem.logout( subject );
+            }
+        }
+        {
+            final Subject subject = loginUser( "nxcm4999userNoSources" );
+            try
+            {
+                final ResourceStoreRequest request1 =
+                    new ResourceStoreRequest( "/repositories/repo1/com/mycorp/artifact/1.0/artifact-1.0.jar" );
+                assertThat( "User should have access to this resource as it has no needed perms.",
+                    router.authorizePath( request1, Action.read ) );
+                final ResourceStoreRequest request2 =
+                    new ResourceStoreRequest( "/repositories/repo1/com/mycorp/artifact/1.0/artifact-1.0-sources.jar" );
+                assertThat( "User should NOT have access to this resource as it has no needed perms.",
+                    !router.authorizePath( request2, Action.read ) );
+            }
+            finally
+            {
+                securitySystem.logout( subject );
+            }
+        }
+    }
+
     @Test
     public void testRouterWithViewAccess()
         throws Exception

diff --git a/...s-core/src/test/resources/org/sonatype/nexus/proxy/router/DefaultRepositoryRouterTest.xml b/...s-core/src/test/resources/org/sonatype/nexus/proxy/router/DefaultRepositoryRouterTest.xml
@@ -9,6 +9,10 @@
             <repo1user>nexus:target:*:repo1:*,nexus:view:repository:repo1</repo1user>
             <repo1userNoView>nexus:target:*:repo1:*</repo1userNoView>
             <admin>nexus:target:*:*:*,nexus:view:repository:*</admin>
+            <!-- Have "maven2-all" perm, and that targets all ALL in maven2 reposes -->
+            <nxcm4999user>nexus:view:repository:group1,nexus:target:maven2-all:group1:*</nxcm4999user>
+            <!-- Have "nxcm4999" perm, that targets allow ALL except sources in maven2 reposes -->
+            <nxcm4999userNoSources>nexus:view:repository:group1,nexus:target:nxcm4999:group1:*</nxcm4999userNoSources>
           </userPrivilageMap>
         </configuration>
     </component>