commit | author | age
|
f6b200
|
1 |
/* |
JM |
2 |
* Copyright 2013 Laurens Vrijnsen |
|
3 |
* Copyright 2013 gitblit.com. |
|
4 |
* |
|
5 |
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
6 |
* you may not use this file except in compliance with the License. |
|
7 |
* You may obtain a copy of the License at |
|
8 |
* |
|
9 |
* http://www.apache.org/licenses/LICENSE-2.0 |
|
10 |
* |
|
11 |
* Unless required by applicable law or agreed to in writing, software |
|
12 |
* distributed under the License is distributed on an "AS IS" BASIS, |
|
13 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
14 |
* See the License for the specific language governing permissions and |
|
15 |
* limitations under the License. |
7bf6e1
|
16 |
*/package com.gitblit.servlet; |
f6b200
|
17 |
|
JM |
18 |
import java.io.IOException; |
|
19 |
import java.text.MessageFormat; |
|
20 |
|
cdb2fe
|
21 |
import com.google.inject.Inject; |
JM |
22 |
import com.google.inject.Singleton; |
1b34b0
|
23 |
import javax.servlet.Filter; |
f6b200
|
24 |
import javax.servlet.FilterChain; |
ec2456
|
25 |
import javax.servlet.FilterConfig; |
f6b200
|
26 |
import javax.servlet.ServletException; |
JM |
27 |
import javax.servlet.ServletRequest; |
|
28 |
import javax.servlet.ServletResponse; |
|
29 |
import javax.servlet.http.HttpServletRequest; |
|
30 |
import javax.servlet.http.HttpServletResponse; |
|
31 |
|
|
32 |
import org.slf4j.Logger; |
|
33 |
import org.slf4j.LoggerFactory; |
|
34 |
|
7bf6e1
|
35 |
import com.gitblit.IStoredSettings; |
JM |
36 |
import com.gitblit.Keys; |
04a985
|
37 |
import com.gitblit.manager.IAuthenticationManager; |
f6b200
|
38 |
import com.gitblit.models.UserModel; |
JM |
39 |
|
|
40 |
/** |
|
41 |
* This filter enforces authentication via HTTP Basic Authentication, if the settings indicate so. |
|
42 |
* It looks at the settings "web.authenticateViewPages" and "web.enforceHttpBasicAuthentication"; if |
|
43 |
* both are true, any unauthorized access will be met with a HTTP Basic Authentication header. |
|
44 |
* |
|
45 |
* @author Laurens Vrijnsen |
|
46 |
* |
|
47 |
*/ |
1b34b0
|
48 |
@Singleton |
JM |
49 |
public class EnforceAuthenticationFilter implements Filter { |
699e71
|
50 |
|
f6b200
|
51 |
protected transient Logger logger = LoggerFactory.getLogger(getClass()); |
JM |
52 |
|
65d5bb
|
53 |
private IStoredSettings settings; |
cacf8b
|
54 |
|
65d5bb
|
55 |
private IAuthenticationManager authenticationManager; |
cacf8b
|
56 |
|
1b34b0
|
57 |
@Inject |
JM |
58 |
public EnforceAuthenticationFilter( |
|
59 |
IStoredSettings settings, |
|
60 |
IAuthenticationManager authenticationManager) { |
|
61 |
|
|
62 |
this.settings = settings; |
|
63 |
this.authenticationManager = authenticationManager; |
|
64 |
} |
|
65 |
|
f6b200
|
66 |
@Override |
1b34b0
|
67 |
public void init(FilterConfig config) { |
JM |
68 |
} |
|
69 |
|
|
70 |
@Override |
|
71 |
public void destroy() { |
db4f6b
|
72 |
} |
f6b200
|
73 |
|
699e71
|
74 |
/* |
f6b200
|
75 |
* This does the actual filtering: is the user authenticated? If not, enforce HTTP authentication (401) |
699e71
|
76 |
* |
f6b200
|
77 |
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) |
JM |
78 |
*/ |
|
79 |
@Override |
|
80 |
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { |
699e71
|
81 |
|
db4f6b
|
82 |
Boolean mustForceAuth = settings.getBoolean(Keys.web.authenticateViewPages, false) |
JM |
83 |
&& settings.getBoolean(Keys.web.enforceHttpBasicAuthentication, false); |
699e71
|
84 |
|
db4f6b
|
85 |
HttpServletRequest httpRequest = (HttpServletRequest) request; |
JM |
86 |
HttpServletResponse httpResponse = (HttpServletResponse) response; |
04a985
|
87 |
UserModel user = authenticationManager.authenticate(httpRequest); |
699e71
|
88 |
|
f6b200
|
89 |
if (mustForceAuth && (user == null)) { |
JM |
90 |
// not authenticated, enforce now: |
|
91 |
logger.debug(MessageFormat.format("EnforceAuthFilter: user not authenticated for URL {0}!", request.toString())); |
db4f6b
|
92 |
String challenge = MessageFormat.format("Basic realm=\"{0}\"", settings.getString(Keys.web.siteName, "")); |
JM |
93 |
httpResponse.setHeader("WWW-Authenticate", challenge); |
|
94 |
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); |
f6b200
|
95 |
return; |
JM |
96 |
|
|
97 |
} else { |
|
98 |
// user is authenticated, or don't care, continue handling |
db4f6b
|
99 |
chain.doFilter(request, response); |
JM |
100 |
} |
|
101 |
} |
f6b200
|
102 |
} |