| | |
|---|
| | | protected abstract String getUrlRequestAction(String url);
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * Determine if the action may be executed on the repository.
|
|---|
| | | * |
|---|
| | | * @param repository
|
|---|
| | | * @param action
|
|---|
| | | * @return true if the action may be performed
|
|---|
| | | */
|
|---|
| | | protected abstract boolean isActionAllowed(RepositoryModel repository, String action);
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * Determine if the repository requires authentication.
|
|---|
| | | *
|
|---|
| | | * @param repository
|
|---|
| | | * @param action
|
|---|
| | | * @return true if authentication required
|
|---|
| | | */
|
|---|
| | | protected abstract boolean requiresAuthentication(RepositoryModel repository);
|
|---|
| | | protected abstract boolean requiresAuthentication(RepositoryModel repository, String action);
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * Determine if the user can access the repository and perform the specified
|
|---|
| | |
|---|
| | | httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
|
|---|
| | | return;
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | // Confirm that the action may be executed on the repository
|
|---|
| | | if (!isActionAllowed(model, urlRequestType)) {
|
|---|
| | | logger.info(MessageFormat.format("ARF: action {0} on {1} forbidden ({2})",
|
|---|
| | | urlRequestType, model, HttpServletResponse.SC_FORBIDDEN));
|
|---|
| | | httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
|
|---|
| | | return;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | // Wrap the HttpServletRequest with the AccessRestrictionRequest which
|
|---|
| | | // overrides the servlet container user principal methods.
|
|---|
| | |
|---|
| | | }
|
|---|
| | |
|
|---|
| | | // BASIC authentication challenge and response processing
|
|---|
| | | if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model)) {
|
|---|
| | | if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model, urlRequestType)) {
|
|---|
| | | if (user == null) {
|
|---|
| | | // challenge client to provide credentials. send 401.
|
|---|
| | | if (GitBlit.isDebugMode()) {
|
|---|
| | |
|---|
| | | return;
|
|---|
| | | } else {
|
|---|
| | | // check user access for request
|
|---|
| | | if (user.canAdmin || canAccess(model, user, urlRequestType)) {
|
|---|
| | | if (user.canAdmin() || canAccess(model, user, urlRequestType)) {
|
|---|
| | | // authenticated request permitted.
|
|---|
| | | // pass processing to the restricted servlet.
|
|---|
| | | newSession(authenticatedRequest, httpResponse);
|
|---|
