| commit | author | age | ||
| f6b200 | 1 | /* |
| JM | 2 | * Copyright 2013 Laurens Vrijnsen |
| 3 | * Copyright 2013 gitblit.com. | |
| 4 | * | |
| 5 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 6 | * you may not use this file except in compliance with the License. | |
| 7 | * You may obtain a copy of the License at | |
| 8 | * | |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 10 | * | |
| 11 | * Unless required by applicable law or agreed to in writing, software | |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 14 | * See the License for the specific language governing permissions and | |
| 15 | * limitations under the License. | |
| 7bf6e1 | 16 | */package com.gitblit.servlet; |
| f6b200 | 17 | |
| JM | 18 | import java.io.IOException; |
| 19 | import java.text.MessageFormat; | |
| 20 | ||
| cdb2fe | 21 | import com.google.inject.Inject; |
| JM | 22 | import com.google.inject.Singleton; |
| 1b34b0 | 23 | import javax.servlet.Filter; |
| f6b200 | 24 | import javax.servlet.FilterChain; |
| ec2456 | 25 | import javax.servlet.FilterConfig; |
| f6b200 | 26 | import javax.servlet.ServletException; |
| JM | 27 | import javax.servlet.ServletRequest; |
| 28 | import javax.servlet.ServletResponse; | |
| 29 | import javax.servlet.http.HttpServletRequest; | |
| 30 | import javax.servlet.http.HttpServletResponse; | |
| 31 | ||
| 32 | import org.slf4j.Logger; | |
| 33 | import org.slf4j.LoggerFactory; | |
| 34 | ||
| 7bf6e1 | 35 | import com.gitblit.IStoredSettings; |
| JM | 36 | import com.gitblit.Keys; |
| 04a985 | 37 | import com.gitblit.manager.IAuthenticationManager; |
| f6b200 | 38 | import com.gitblit.models.UserModel; |
| JM | 39 | |
| 40 | /** | |
| 41 | * This filter enforces authentication via HTTP Basic Authentication, if the settings indicate so. | |
| 42 | * It looks at the settings "web.authenticateViewPages" and "web.enforceHttpBasicAuthentication"; if | |
| 43 | * both are true, any unauthorized access will be met with a HTTP Basic Authentication header. | |
| 44 | * | |
| 45 | * @author Laurens Vrijnsen | |
| 46 | * | |
| 47 | */ | |
| 1b34b0 | 48 | @Singleton |
| JM | 49 | public class EnforceAuthenticationFilter implements Filter { |
| 699e71 | 50 | |
| f6b200 | 51 | protected transient Logger logger = LoggerFactory.getLogger(getClass()); |
| JM | 52 | |
| 65d5bb | 53 | private IStoredSettings settings; |
| cacf8b | 54 | |
| 65d5bb | 55 | private IAuthenticationManager authenticationManager; |
| cacf8b | 56 | |
| 1b34b0 | 57 | @Inject |
| JM | 58 | public EnforceAuthenticationFilter( |
| 59 | IStoredSettings settings, | |
| 60 | IAuthenticationManager authenticationManager) { | |
| 61 | ||
| 62 | this.settings = settings; | |
| 63 | this.authenticationManager = authenticationManager; | |
| 64 | } | |
| 65 | ||
| f6b200 | 66 | @Override |
| 1b34b0 | 67 | public void init(FilterConfig config) { |
| JM | 68 | } |
| 69 | ||
| 70 | @Override | |
| 71 | public void destroy() { | |
| db4f6b | 72 | } |
| f6b200 | 73 | |
| 699e71 | 74 | /* |
| f6b200 | 75 | * This does the actual filtering: is the user authenticated? If not, enforce HTTP authentication (401) |
| 699e71 | 76 | * |
| f6b200 | 77 | * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) |
| JM | 78 | */ |
| 79 | @Override | |
| 80 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { | |
| 699e71 | 81 | |
| db4f6b | 82 | Boolean mustForceAuth = settings.getBoolean(Keys.web.authenticateViewPages, false) |
| JM | 83 | && settings.getBoolean(Keys.web.enforceHttpBasicAuthentication, false); |
| 699e71 | 84 | |
| db4f6b | 85 | HttpServletRequest httpRequest = (HttpServletRequest) request; |
| JM | 86 | HttpServletResponse httpResponse = (HttpServletResponse) response; |
| 04a985 | 87 | UserModel user = authenticationManager.authenticate(httpRequest); |
| 699e71 | 88 | |
| f6b200 | 89 | if (mustForceAuth && (user == null)) { |
| JM | 90 | // not authenticated, enforce now: |
| 91 | logger.debug(MessageFormat.format("EnforceAuthFilter: user not authenticated for URL {0}!", request.toString())); | |
| db4f6b | 92 | String challenge = MessageFormat.format("Basic realm=\"{0}\"", settings.getString(Keys.web.siteName, "")); |
| JM | 93 | httpResponse.setHeader("WWW-Authenticate", challenge); |
| 94 | httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); | |
| f6b200 | 95 | return; |
| JM | 96 | |
| 97 | } else { | |
| 98 | // user is authenticated, or don't care, continue handling | |
| db4f6b | 99 | chain.doFilter(request, response); |
| JM | 100 | } |
| 101 | } | |
| f6b200 | 102 | } |
