githubFork/gitblit.git - Solinfo Gitblit

			@@ -18,6 +18,8 @@
			import java.io.IOException;
			import java.text.MessageFormat;

			import javax.inject.Inject;
			import javax.inject.Singleton;
			import javax.servlet.Filter;
			import javax.servlet.FilterChain;
			import javax.servlet.FilterConfig;
			@@ -30,6 +32,8 @@
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;

			import com.gitblit.manager.IRuntimeManager;
			import com.gitblit.manager.ISessionManager;
			import com.gitblit.models.UserModel;

			/**
			@@ -40,63 +44,66 @@
			* @author Laurens Vrijnsen
			*
			*/
			@Singleton
			public class EnforceAuthenticationFilter implements Filter {


			protected transient Logger logger = LoggerFactory.getLogger(getClass());

			/*
			private final IStoredSettings settings;

			private final ISessionManager sessionManager;

			@Inject
			public EnforceAuthenticationFilter(
			IRuntimeManager runtimeManager,
			ISessionManager sessionManager) {

			super();
			this.settings = runtimeManager.getSettings();
			this.sessionManager = sessionManager;
			}

			/*
			* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
			*/
			@Override
			public void init(FilterConfig filterConfig) throws ServletException {
			// nothing to be done
			}

			} //init


			/*
			/*
			* This does the actual filtering: is the user authenticated? If not, enforce HTTP authentication (401)
			*
			*
			* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
			*/
			@Override
			public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

			/*
			* Determine whether to enforce the BASIC authentication:
			*/
			@SuppressWarnings("static-access")
			Boolean mustForceAuth = GitBlit.self().getBoolean(Keys.web.authenticateViewPages, false)
			&& GitBlit.self().getBoolean(Keys.web.enforceHttpBasicAuthentication, false);

			HttpServletRequest HttpRequest = (HttpServletRequest)request;
			HttpServletResponse HttpResponse = (HttpServletResponse)response;
			UserModel user = GitBlit.self().authenticate(HttpRequest);


			Boolean mustForceAuth = settings.getBoolean(Keys.web.authenticateViewPages, false)
			&& settings.getBoolean(Keys.web.enforceHttpBasicAuthentication, false);

			HttpServletRequest httpRequest = (HttpServletRequest) request;
			HttpServletResponse httpResponse = (HttpServletResponse) response;
			UserModel user = sessionManager.authenticate(httpRequest);

			if (mustForceAuth && (user == null)) {
			// not authenticated, enforce now:
			logger.debug(MessageFormat.format("EnforceAuthFilter: user not authenticated for URL {0}!", request.toString()));
			@SuppressWarnings("static-access")
			String CHALLENGE = MessageFormat.format("Basic realm=\"{0}\"", GitBlit.self().getString("web.siteName",""));
			HttpResponse.setHeader("WWW-Authenticate", CHALLENGE);
			HttpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
			String challenge = MessageFormat.format("Basic realm=\"{0}\"", settings.getString(Keys.web.siteName, ""));
			httpResponse.setHeader("WWW-Authenticate", challenge);
			httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
			return;

			} else {
			// user is authenticated, or don't care, continue handling
			chain.doFilter( request, response );

			} // authenticated
			} // doFilter
			chain.doFilter(request, response);
			}
			}


			/*

			/*
			* @see javax.servlet.Filter#destroy()
			*/
			@Override
			public void destroy() {
			// Nothing to be done

			} // destroy

			}
			}