githubFork/gitblit.git - Solinfo Gitblit

			@@ -25,6 +25,9 @@
			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;

			import com.gitblit.manager.IRepositoryManager;
			import com.gitblit.manager.IRuntimeManager;
			import com.gitblit.manager.ISessionManager;
			import com.gitblit.models.RepositoryModel;
			import com.gitblit.models.UserModel;
			import com.gitblit.utils.StringUtils;
			@@ -32,22 +35,35 @@
			/**
			* The AccessRestrictionFilter is an AuthenticationFilter that confirms that the
			* requested repository can be accessed by the anonymous or named user.
			*
			*
			* The filter extracts the name of the repository from the url and determines if
			* the requested action for the repository requires a Basic authentication
			* prompt. If authentication is required and no credentials are stored in the
			* "Authorization" header, then a basic authentication challenge is issued.
			*
			*
			* http://en.wikipedia.org/wiki/Basic_access_authentication
			*
			*
			* @author James Moger
			*
			*
			*/
			public abstract class AccessRestrictionFilter extends AuthenticationFilter {

			protected final IRuntimeManager runtimeManager;

			protected final IRepositoryManager repositoryManager;

			protected AccessRestrictionFilter(
			IRuntimeManager runtimeManager,
			ISessionManager sessionManager,
			IRepositoryManager repositoryManager) {
			super(sessionManager);
			this.runtimeManager = runtimeManager;
			this.repositoryManager = repositoryManager;
			}

			/**
			* Extract the repository name from the url.
			*
			*
			* @param url
			* @return repository name
			*/
			@@ -55,7 +71,7 @@

			/**
			* Analyze the url and returns the action of the request.
			*
			*
			* @param url
			* @return action of the request
			*/
			@@ -63,14 +79,14 @@

			/**
			* Determine if a non-existing repository can be created using this filter.
			*
			*
			* @return true if the filter allows repository creation
			*/
			protected abstract boolean isCreationAllowed();


			/**
			* Determine if the action may be executed on the repository.
			*
			*
			* @param repository
			* @param action
			* @return true if the action may be performed
			@@ -79,7 +95,7 @@

			/**
			* Determine if the repository requires authentication.
			*
			*
			* @param repository
			* @param action
			* @return true if authentication required
			@@ -89,7 +105,7 @@
			/**
			* Determine if the user can access the repository and perform the specified
			* action.
			*
			*
			* @param repository
			* @param user
			* @param action
			@@ -99,7 +115,7 @@

			/**
			* Allows a filter to create a repository, if one does not exist.
			*
			*
			* @param user
			* @param repository
			* @param action
			@@ -108,11 +124,11 @@
			protected RepositoryModel createRepository(UserModel user, String repository, String action) {
			return null;
			}


			/**
			* doFilter does the actual work of preprocessing the request to ensure that
			* the user may proceed.
			*
			*
			* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
			* javax.servlet.ServletResponse, javax.servlet.FilterChain)
			*/
			@@ -125,8 +141,8 @@

			String fullUrl = getFullUrl(httpRequest);
			String repository = extractRepositoryName(fullUrl);

			if (GitBlit.self().isCollectingGarbage(repository)) {

			if (repositoryManager.isCollectingGarbage(repository)) {
			logger.info(MessageFormat.format("ARF: Rejecting request for {0}, busy collecting garbage!", repository));
			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
			return;
			@@ -139,12 +155,12 @@
			UserModel user = getUser(httpRequest);

			// Load the repository model
			RepositoryModel model = GitBlit.self().getRepositoryModel(repository);
			RepositoryModel model = repositoryManager.getRepositoryModel(repository);
			if (model == null) {
			if (isCreationAllowed()) {
			if (user == null) {
			// challenge client to provide credentials for creation. send 401.
			if (GitBlit.isDebugMode()) {
			if (runtimeManager.isDebugMode()) {
			logger.info(MessageFormat.format("ARF: CREATE CHALLENGE {0}", fullUrl));
			}
			httpResponse.setHeader("WWW-Authenticate", CHALLENGE);
			@@ -155,7 +171,7 @@
			model = createRepository(user, repository, urlRequestType);
			}
			}


			if (model == null) {
			// repository not found. send 404.
			logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl,
			@@ -164,7 +180,7 @@
			return;
			}
			}


			// Confirm that the action may be executed on the repository
			if (!isActionAllowed(model, urlRequestType)) {
			logger.info(MessageFormat.format("ARF: action {0} on {1} forbidden ({2})",
			@@ -191,7 +207,7 @@
			if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model, urlRequestType)) {
			if (user == null) {
			// challenge client to provide credentials. send 401.
			if (GitBlit.isDebugMode()) {
			if (runtimeManager.isDebugMode()) {
			logger.info(MessageFormat.format("ARF: CHALLENGE {0}", fullUrl));
			}
			httpResponse.setHeader("WWW-Authenticate", CHALLENGE);
			@@ -209,7 +225,7 @@
			return;
			}
			// valid user, but not for requested access. send 403.
			if (GitBlit.isDebugMode()) {
			if (runtimeManager.isDebugMode()) {
			logger.info(MessageFormat.format("ARF: {0} forbidden to access {1}",
			user.username, fullUrl));
			}
			@@ -218,7 +234,7 @@
			}
			}

			if (GitBlit.isDebugMode()) {
			if (runtimeManager.isDebugMode()) {
			logger.info(MessageFormat.format("ARF: {0} ({1}) unauthenticated", fullUrl,
			HttpServletResponse.SC_CONTINUE));
			}