From 124382da3d308483b068df7a65122ff6d98f2e21 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 12 Dec 2013 08:19:33 -0500
Subject: [PATCH] Fixed regression in /r/ security due to Servlet 2.5 rollback

---
 src/main/java/com/gitblit/servlet/AuthenticationFilter.java |   34 +++++++++++-----------------------
 1 files changed, 11 insertions(+), 23 deletions(-)

diff --git a/src/main/java/com/gitblit/servlet/AuthenticationFilter.java b/src/main/java/com/gitblit/servlet/AuthenticationFilter.java
index 214f204..97ca438 100644
--- a/src/main/java/com/gitblit/servlet/AuthenticationFilter.java
+++ b/src/main/java/com/gitblit/servlet/AuthenticationFilter.java
@@ -21,9 +21,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -36,10 +34,13 @@
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.Constants;
-import com.gitblit.manager.ISessionManager;
+import com.gitblit.dagger.DaggerFilter;
+import com.gitblit.manager.IAuthenticationManager;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.DeepCopier;
 import com.gitblit.utils.StringUtils;
+
+import dagger.ObjectGraph;
 
 /**
  * The AuthenticationFilter is a servlet filter that preprocesses requests that
@@ -50,7 +51,7 @@
  * @author James Moger
  *
  */
-public abstract class AuthenticationFilter implements Filter {
+public abstract class AuthenticationFilter extends DaggerFilter {
 
 	protected static final String CHALLENGE = "Basic realm=\"" + Constants.NAME + "\"";
 
@@ -58,10 +59,11 @@
 
 	protected transient Logger logger = LoggerFactory.getLogger(getClass());
 
-	protected final ISessionManager sessionManager;
+	protected IAuthenticationManager authenticationManager;
 
-	protected AuthenticationFilter(ISessionManager sessionManager) {
-		this.sessionManager = sessionManager;
+	@Override
+	protected void inject(ObjectGraph dagger) {
+		this.authenticationManager = dagger.get(IAuthenticationManager.class);
 	}
 
 	/**
@@ -108,7 +110,7 @@
 	 * @return user
 	 */
 	protected UserModel getUser(HttpServletRequest httpRequest) {
-		UserModel user = sessionManager.authenticate(httpRequest, requiresClientCertificate());
+		UserModel user = authenticationManager.authenticate(httpRequest, requiresClientCertificate());
 		return user;
 	}
 
@@ -135,20 +137,6 @@
 				}
 			}
 		}
-	}
-
-	/**
-	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
-	 */
-	@Override
-	public void init(final FilterConfig config) throws ServletException {
-	}
-
-	/**
-	 * @see javax.servlet.Filter#destroy()
-	 */
-	@Override
-	public void destroy() {
 	}
 
 	/**
@@ -184,7 +172,7 @@
 			// Gitblit does not currently use actual roles in the traditional
 			// servlet container sense.  That is the reason this is marked
 			// deprecated, but I may want to revisit this.
-			return user.canAccessRepository(role);
+			return user.hasRepositoryPermission(role);
 		}
 
 		@Override

--
Gitblit v1.9.1