| | |
|---|
| | | import java.io.IOException; |
|---|
| | | import java.text.MessageFormat; |
|---|
| | | |
|---|
| | | import javax.inject.Inject; |
|---|
| | | import javax.inject.Singleton; |
|---|
| | | import javax.servlet.Filter; |
|---|
| | | import javax.servlet.FilterChain; |
|---|
| | | import javax.servlet.FilterConfig; |
|---|
| | | import javax.servlet.ServletException; |
|---|
| | | import javax.servlet.ServletRequest; |
|---|
| | | import javax.servlet.ServletResponse; |
|---|
| | |
|---|
| | | |
|---|
| | | import com.gitblit.IStoredSettings; |
|---|
| | | import com.gitblit.Keys; |
|---|
| | | import com.gitblit.Keys.web; |
|---|
| | | import com.gitblit.manager.IRuntimeManager; |
|---|
| | | import com.gitblit.manager.ISessionManager; |
|---|
| | | import com.gitblit.dagger.DaggerFilter; |
|---|
| | | import com.gitblit.manager.IAuthenticationManager; |
|---|
| | | import com.gitblit.models.UserModel; |
|---|
| | | |
|---|
| | | import dagger.ObjectGraph; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This filter enforces authentication via HTTP Basic Authentication, if the settings indicate so. |
|---|
| | |
|---|
| | | * @author Laurens Vrijnsen |
|---|
| | | * |
|---|
| | | */ |
|---|
| | | @Singleton |
|---|
| | | public class EnforceAuthenticationFilter implements Filter { |
|---|
| | | public class EnforceAuthenticationFilter extends DaggerFilter { |
|---|
| | | |
|---|
| | | protected transient Logger logger = LoggerFactory.getLogger(getClass()); |
|---|
| | | |
|---|
| | | private final IStoredSettings settings; |
|---|
| | | private IStoredSettings settings; |
|---|
| | | |
|---|
| | | private final ISessionManager sessionManager; |
|---|
| | | private IAuthenticationManager authenticationManager; |
|---|
| | | |
|---|
| | | @Inject |
|---|
| | | public EnforceAuthenticationFilter( |
|---|
| | | IRuntimeManager runtimeManager, |
|---|
| | | ISessionManager sessionManager) { |
|---|
| | | |
|---|
| | | super(); |
|---|
| | | this.settings = runtimeManager.getSettings(); |
|---|
| | | this.sessionManager = sessionManager; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | | * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | public void init(FilterConfig filterConfig) throws ServletException { |
|---|
| | | protected void inject(ObjectGraph dagger) { |
|---|
| | | this.settings = dagger.get(IStoredSettings.class); |
|---|
| | | this.authenticationManager = dagger.get(IAuthenticationManager.class); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /* |
|---|
| | |
|---|
| | | |
|---|
| | | HttpServletRequest httpRequest = (HttpServletRequest) request; |
|---|
| | | HttpServletResponse httpResponse = (HttpServletResponse) response; |
|---|
| | | UserModel user = sessionManager.authenticate(httpRequest); |
|---|
| | | UserModel user = authenticationManager.authenticate(httpRequest); |
|---|
| | | |
|---|
| | | if (mustForceAuth && (user == null)) { |
|---|
| | | // not authenticated, enforce now: |
|---|
