From a2ce62e1f360e9cdb2221cfa3b091c02bda857eb Mon Sep 17 00:00:00 2001
From: Laurens Vrijnsen <laurens.vrijnsen@sioux.eu>
Date: Fri, 22 Mar 2013 07:36:52 -0400
Subject: [PATCH] Added enforced HTTP Basic Authentication

---
 src/com/gitblit/wicket/AuthorizationStrategy.java |   69 ++++++++++++++++++++++++++--------
 1 files changed, 52 insertions(+), 17 deletions(-)

diff --git a/src/com/gitblit/wicket/AuthorizationStrategy.java b/src/com/gitblit/wicket/AuthorizationStrategy.java
index c4560ad..51183a2 100644
--- a/src/com/gitblit/wicket/AuthorizationStrategy.java
+++ b/src/com/gitblit/wicket/AuthorizationStrategy.java
@@ -1,16 +1,39 @@
+/*
+ * Copyright 2011 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package com.gitblit.wicket;
 
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.wicket.Component;
-import org.apache.wicket.RestartResponseAtInterceptPageException;
+import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;
 import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;
+import org.apache.wicket.protocol.http.WebResponse;
+import org.apache.wicket.protocol.http.servlet.AbortWithWebErrorCodeException;
 
 import com.gitblit.GitBlit;
 import com.gitblit.Keys;
-import com.gitblit.wicket.models.User;
+import com.gitblit.models.UserModel;
+import com.gitblit.wicket.pages.BasePage;
 import com.gitblit.wicket.pages.RepositoriesPage;
 
-public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener {
+public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements
+		IUnauthorizedComponentInstantiationListener {
 
 	public AuthorizationStrategy() {
 	}
@@ -18,19 +41,26 @@
 	@SuppressWarnings({ "unchecked", "rawtypes" })
 	@Override
 	protected boolean isPageAuthorized(Class pageClass) {
+		if (RepositoriesPage.class.equals(pageClass)) {
+			// allow all requests to get to the RepositoriesPage with its inline
+			// authentication form
+			return true;
+		}
+
 		if (BasePage.class.isAssignableFrom(pageClass)) {
-			boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true);
-			boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);
-			boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);
-			
-			GitBlitWebSession session = GitBlitWebSession.get();			
+			boolean authenticateView = GitBlit.getBoolean(Keys.web.authenticateViewPages, true);
+			boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
+			boolean allowAdmin = GitBlit.getBoolean(Keys.web.allowAdministration, true);
+
+			GitBlitWebSession session = GitBlitWebSession.get();
 			if (authenticateView && !session.isLoggedIn()) {
 				// authentication required
+				session.cacheRequest(pageClass);
 				return false;
 			}
-			
-			User user = session.getUser();
-			if (pageClass.isAnnotationPresent(AdminPage.class)) {
+
+			UserModel user = session.getUser();
+			if (pageClass.isAnnotationPresent(RequiresAdminRole.class)) {
 				// admin page
 				if (allowAdmin) {
 					if (authenticateAdmin) {
@@ -44,7 +74,7 @@
 						return true;
 					}
 				} else {
-					//admin prohibited
+					// admin prohibited
 					return false;
 				}
 			}
@@ -54,12 +84,17 @@
 
 	@Override
 	public void onUnauthorizedInstantiation(Component component) {
+		
 		if (component instanceof BasePage) {
-			GitBlitWebSession session = GitBlitWebSession.get();
-			if (!session.isLoggedIn())
-				throw new RestartResponseAtInterceptPageException(LoginPage.class);
-			else
-				throw new RestartResponseAtInterceptPageException(RepositoriesPage.class);
+			throw new RestartResponseException(RepositoriesPage.class);
 		}
+		/*** DISABLED CODE ***
+		if (component instanceof BasePage) {
+			HttpServletResponse response = ((WebResponse)component.getResponse()).getHttpServletResponse();
+			response.setHeader("WWW-Authenticate", "Basic realm=test");
+			throw new AbortWithWebErrorCodeException(HttpServletResponse.SC_UNAUTHORIZED);
+			
+		} 
+		*** END DISABLED ***/
 	}
 }

--
Gitblit v1.9.1