From b55030a765f040a15609c60d3f69b6cb7f00bdae Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sat, 16 Apr 2011 09:27:57 -0400
Subject: [PATCH] More flexible authentication. Anonymous view, authenticated admin.
---
gitblit.properties | 7 +++++--
src/com/gitblit/wicket/pages/RepositoriesPage.java | 2 +-
src/com/gitblit/wicket/AuthorizationStrategy.java | 30 +++++++++++++++++++++++++++---
src/com/gitblit/wicket/GitBlitWebApp.java | 5 +++--
src/com/gitblit/wicket/BasePage.java | 13 +++++++++----
5 files changed, 45 insertions(+), 12 deletions(-)
diff --git a/gitblit.properties b/gitblit.properties
index 1adadc8..a482810 100644
--- a/gitblit.properties
+++ b/gitblit.properties
@@ -26,8 +26,11 @@
# Require authentication for http/https push/pull access of git repositories
git.authenticate = true
-# Require authentication to see the web ui
-web.authenticate = true
+# Require authentication to see everything but the admin pages
+web.authenticateViewPages = false
+
+# Require admin authentication for the admin functions and pages
+web.authenticateAdminPages = true
# Simple user realm file to authenticate users
server.realmFile = users.properties
diff --git a/src/com/gitblit/wicket/AuthorizationStrategy.java b/src/com/gitblit/wicket/AuthorizationStrategy.java
index 0a9d652..3e7df36 100644
--- a/src/com/gitblit/wicket/AuthorizationStrategy.java
+++ b/src/com/gitblit/wicket/AuthorizationStrategy.java
@@ -5,6 +5,8 @@
import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;
import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;
+import com.gitblit.GitBlit;
+import com.gitblit.Keys;
import com.gitblit.wicket.pages.RepositoriesPage;
public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener {
@@ -16,12 +18,34 @@
@Override
protected boolean isPageAuthorized(Class pageClass) {
if (BasePage.class.isAssignableFrom(pageClass)) {
- GitBlitWebSession session = GitBlitWebSession.get();
- if (!session.isLoggedIn())
+ boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true);
+ boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);
+ boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);
+
+ GitBlitWebSession session = GitBlitWebSession.get();
+ if (authenticateView && !session.isLoggedIn()) {
+ // authentication required
return false;
+ }
+
User user = session.getUser();
if (pageClass.isAnnotationPresent(AdminPage.class)) {
- return user.canAdmin();
+ // admin page
+ if (allowAdmin) {
+ if (authenticateAdmin) {
+ // authenticate admin
+ if (user != null) {
+ return user.canAdmin();
+ }
+ return false;
+ } else {
+ // no admin authentication required
+ return true;
+ }
+ } else {
+ //admin prohibited
+ return false;
+ }
}
}
return true;
diff --git a/src/com/gitblit/wicket/BasePage.java b/src/com/gitblit/wicket/BasePage.java
index 2540ce1..33feacb 100644
--- a/src/com/gitblit/wicket/BasePage.java
+++ b/src/com/gitblit/wicket/BasePage.java
@@ -46,10 +46,15 @@
add(new Label("pageName", pageName));
// footer
- User user = null;
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {
- user = GitBlitWebSession.get().getUser();
- add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + user.toString(), LogoutPage.class));
+ if (GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true)
+ || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) {
+ if (GitBlitWebSession.get().isLoggedIn()) {
+ // logout
+ add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + GitBlitWebSession.get().getUser().toString(), LogoutPage.class));
+ } else {
+ // login
+ add(new LinkPanel("userPanel", null, getString("gb.login"), LoginPage.class));
+ }
} else {
add(new Label("userPanel", ""));
}
diff --git a/src/com/gitblit/wicket/GitBlitWebApp.java b/src/com/gitblit/wicket/GitBlitWebApp.java
index b70c95f..29d6b51 100644
--- a/src/com/gitblit/wicket/GitBlitWebApp.java
+++ b/src/com/gitblit/wicket/GitBlitWebApp.java
@@ -35,7 +35,8 @@
super.init();
// Setup page authorization mechanism
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, false)) {
+ boolean useAuthentication = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, false) || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, false);
+ if (useAuthentication) {
AuthorizationStrategy authStrategy = new AuthorizationStrategy();
getSecuritySettings().setAuthorizationStrategy(authStrategy);
getSecuritySettings().setUnauthorizedComponentInstantiationListener(authStrategy);
@@ -65,7 +66,7 @@
mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" }));
// setup login/logout urls, if we are using authentication
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {
+ if (useAuthentication) {
mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {}));
mount(new MixedParamUrlCodingStrategy("/logout", LogoutPage.class, new String[] {}));
}
diff --git a/src/com/gitblit/wicket/pages/RepositoriesPage.java b/src/com/gitblit/wicket/pages/RepositoriesPage.java
index fd7ab52..a0f7299 100644
--- a/src/com/gitblit/wicket/pages/RepositoriesPage.java
+++ b/src/com/gitblit/wicket/pages/RepositoriesPage.java
@@ -33,7 +33,7 @@
setupPage("", "");
boolean showAdmin = false;
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {
+ if (GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) {
boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, false);
showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin();
} else {
--
Gitblit v1.9.1