From 18edd81951a034a2bda9459ff1ef2dcd686eb39b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 29 Nov 2012 18:45:55 -0500
Subject: [PATCH] Hide some user links based on authentication type
---
src/com/gitblit/GitBlit.java | 45 +++++++++++++++++++++++++++++++++++++--------
1 files changed, 37 insertions(+), 8 deletions(-)
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index 32f4c47..6a3f98b 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -75,6 +75,7 @@
import com.gitblit.Constants.AccessPermission;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthenticationType;
import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationRequest;
import com.gitblit.Constants.FederationStrategy;
@@ -100,12 +101,14 @@
import com.gitblit.utils.ContainerUtils;
import com.gitblit.utils.DeepCopier;
import com.gitblit.utils.FederationUtils;
+import com.gitblit.utils.HttpUtils;
import com.gitblit.utils.JGitUtils;
import com.gitblit.utils.JsonUtils;
import com.gitblit.utils.MetricUtils;
import com.gitblit.utils.ObjectCache;
import com.gitblit.utils.StringUtils;
import com.gitblit.utils.TimeUtils;
+import com.gitblit.wicket.GitBlitWebSession;
import com.gitblit.wicket.WicketUtils;
/**
@@ -536,7 +539,7 @@
* @param cookies
* @return a user object or null
*/
- public UserModel authenticate(Cookie[] cookies) {
+ protected UserModel authenticate(Cookie[] cookies) {
if (userService == null) {
return null;
}
@@ -554,13 +557,39 @@
}
/**
- * Authenticate a user based on HTTP request paramters.
- * This method is inteded to be used as fallback when other
- * means of authentication are failing (username / password or cookies).
+ * Authenticate a user based on HTTP request parameters.
+ *
+ * Authentication by X509Certificate is tried first and then by cookie.
+ *
* @param httpRequest
* @return a user object or null
*/
public UserModel authenticate(HttpServletRequest httpRequest) {
+ // try to authenticate by certificate
+ boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true);
+ String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);
+ UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);
+ if (model != null) {
+ // grab real user model and preserve certificate serial number
+ GitBlitWebSession session = GitBlitWebSession.get();
+ session.authenticationType = AuthenticationType.CERTIFICATE;
+ UserModel user = getUserModel(model.username);
+ logger.info(MessageFormat.format("{0} authenticated by client certificate from {1}",
+ user.username, httpRequest.getRemoteAddr()));
+ return user;
+ }
+
+ // try to authenticate by cookie
+ Cookie[] cookies = httpRequest.getCookies();
+ if (allowCookieAuthentication() && cookies != null && cookies.length > 0) {
+ // Grab cookie from Browser Session
+ UserModel user = authenticate(cookies);
+ if (user != null) {
+ GitBlitWebSession session = GitBlitWebSession.get();
+ session.authenticationType = AuthenticationType.COOKIE;
+ return user;
+ }
+ }
return null;
}
@@ -2789,15 +2818,15 @@
public void configureContext(IStoredSettings settings, boolean startFederation) {
logger.info("Reading configuration from " + settings.toString());
this.settings = settings;
-
+
+ repositoriesFolder = getRepositoriesFolder();
+ logger.info("Git repositories folder " + repositoriesFolder.getAbsolutePath());
+
// prepare service executors
mailExecutor = new MailExecutor(settings);
luceneExecutor = new LuceneExecutor(settings, repositoriesFolder);
gcExecutor = new GCExecutor(settings);
- repositoriesFolder = getRepositoriesFolder();
- logger.info("Git repositories folder " + repositoriesFolder.getAbsolutePath());
-
// calculate repository list settings checksum for future config changes
repositoryListSettingsChecksum.set(getRepositoryListSettingsChecksum());
--
Gitblit v1.9.1