From a2ce62e1f360e9cdb2221cfa3b091c02bda857eb Mon Sep 17 00:00:00 2001
From: Laurens Vrijnsen <laurens.vrijnsen@sioux.eu>
Date: Fri, 22 Mar 2013 07:36:52 -0400
Subject: [PATCH] Added enforced HTTP Basic Authentication

---
 src/com/gitblit/wicket/AuthorizationStrategy.java |   38 ++++++++++++++++++++++++++++----------
 1 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/src/com/gitblit/wicket/AuthorizationStrategy.java b/src/com/gitblit/wicket/AuthorizationStrategy.java
index 42d2522..51183a2 100644
--- a/src/com/gitblit/wicket/AuthorizationStrategy.java
+++ b/src/com/gitblit/wicket/AuthorizationStrategy.java
@@ -15,14 +15,21 @@
  */
 package com.gitblit.wicket;
 
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.wicket.Component;
-import org.apache.wicket.RestartResponseAtInterceptPageException;
+import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;
 import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;
+import org.apache.wicket.protocol.http.WebResponse;
+import org.apache.wicket.protocol.http.servlet.AbortWithWebErrorCodeException;
 
 import com.gitblit.GitBlit;
 import com.gitblit.Keys;
-import com.gitblit.wicket.models.UserModel;
+import com.gitblit.models.UserModel;
+import com.gitblit.wicket.pages.BasePage;
 import com.gitblit.wicket.pages.RepositoriesPage;
 
 public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements
@@ -34,6 +41,12 @@
 	@SuppressWarnings({ "unchecked", "rawtypes" })
 	@Override
 	protected boolean isPageAuthorized(Class pageClass) {
+		if (RepositoriesPage.class.equals(pageClass)) {
+			// allow all requests to get to the RepositoriesPage with its inline
+			// authentication form
+			return true;
+		}
+
 		if (BasePage.class.isAssignableFrom(pageClass)) {
 			boolean authenticateView = GitBlit.getBoolean(Keys.web.authenticateViewPages, true);
 			boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
@@ -42,17 +55,18 @@
 			GitBlitWebSession session = GitBlitWebSession.get();
 			if (authenticateView && !session.isLoggedIn()) {
 				// authentication required
+				session.cacheRequest(pageClass);
 				return false;
 			}
 
 			UserModel user = session.getUser();
-			if (pageClass.isAnnotationPresent(AdminPage.class)) {
+			if (pageClass.isAnnotationPresent(RequiresAdminRole.class)) {
 				// admin page
 				if (allowAdmin) {
 					if (authenticateAdmin) {
 						// authenticate admin
 						if (user != null) {
-							return user.canAdmin;
+							return user.canAdmin();
 						}
 						return false;
 					} else {
@@ -70,13 +84,17 @@
 
 	@Override
 	public void onUnauthorizedInstantiation(Component component) {
+		
 		if (component instanceof BasePage) {
-			GitBlitWebSession session = GitBlitWebSession.get();
-			if (!session.isLoggedIn()) {
-				throw new RestartResponseAtInterceptPageException(LoginPage.class);
-			} else {
-				throw new RestartResponseAtInterceptPageException(RepositoriesPage.class);
-			}
+			throw new RestartResponseException(RepositoriesPage.class);
 		}
+		/*** DISABLED CODE ***
+		if (component instanceof BasePage) {
+			HttpServletResponse response = ((WebResponse)component.getResponse()).getHttpServletResponse();
+			response.setHeader("WWW-Authenticate", "Basic realm=test");
+			throw new AbortWithWebErrorCodeException(HttpServletResponse.SC_UNAUTHORIZED);
+			
+		} 
+		*** END DISABLED ***/
 	}
 }

--
Gitblit v1.9.1