| | |
|---|
| | | import javax.servlet.http.HttpServletResponse;
|
|---|
| | |
|
|---|
| | | import com.gitblit.Constants.AccessRestrictionType;
|
|---|
| | | import com.gitblit.manager.IProjectManager;
|
|---|
| | | import com.gitblit.manager.IRepositoryManager;
|
|---|
| | | import com.gitblit.manager.IRuntimeManager;
|
|---|
| | | import com.gitblit.models.ProjectModel;
|
|---|
| | | import com.gitblit.models.RepositoryModel;
|
|---|
| | | import com.gitblit.models.UserModel;
|
|---|
| | |
|---|
| | | * The SyndicationFilter is an AuthenticationFilter which ensures that feed
|
|---|
| | | * requests for projects or view-restricted repositories have proper authentication
|
|---|
| | | * credentials and are authorized for the requested feed.
|
|---|
| | | * |
|---|
| | | *
|
|---|
| | | * @author James Moger
|
|---|
| | | * |
|---|
| | | *
|
|---|
| | | */
|
|---|
| | | public class SyndicationFilter extends AuthenticationFilter {
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * Extract the repository name from the url.
|
|---|
| | | * |
|---|
| | | *
|
|---|
| | | * @param url
|
|---|
| | | * @return repository name
|
|---|
| | | */
|
|---|
| | |
|---|
| | | /**
|
|---|
| | | * doFilter does the actual work of preprocessing the request to ensure that
|
|---|
| | | * the user may proceed.
|
|---|
| | | * |
|---|
| | | *
|
|---|
| | | * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
|
|---|
| | | * javax.servlet.ServletResponse, javax.servlet.FilterChain)
|
|---|
| | | */
|
|---|
| | |
|---|
| | | String fullUrl = getFullUrl(httpRequest);
|
|---|
| | | String name = extractRequestedName(fullUrl);
|
|---|
| | |
|
|---|
| | | ProjectModel project = GitBlit.self().getProjectModel(name);
|
|---|
| | | IRuntimeManager runtimeManager = GitBlit.getManager(IRuntimeManager.class);
|
|---|
| | | IRepositoryManager repositoryManager = GitBlit.getManager(IRepositoryManager.class);
|
|---|
| | | IProjectManager projectManager = GitBlit.getManager(IProjectManager.class);
|
|---|
| | |
|
|---|
| | | ProjectModel project = projectManager.getProjectModel(name);
|
|---|
| | | RepositoryModel model = null;
|
|---|
| | | |
|---|
| | |
|
|---|
| | | if (project == null) {
|
|---|
| | | // try loading a repository model
|
|---|
| | | model = GitBlit.self().getRepositoryModel(name);
|
|---|
| | | model = repositoryManager.getRepositoryModel(name);
|
|---|
| | | if (model == null) {
|
|---|
| | | // repository not found. send 404.
|
|---|
| | | logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl,
|
|---|
| | |
|---|
| | | return;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | |
|---|
| | |
|
|---|
| | | // Wrap the HttpServletRequest with the AccessRestrictionRequest which
|
|---|
| | | // overrides the servlet container user principal methods.
|
|---|
| | | // JGit requires either:
|
|---|
| | |
|---|
| | | if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {
|
|---|
| | | if (user == null) {
|
|---|
| | | // challenge client to provide credentials. send 401.
|
|---|
| | | if (GitBlit.isDebugMode()) {
|
|---|
| | | if (runtimeManager.isDebugMode()) {
|
|---|
| | | logger.info(MessageFormat.format("ARF: CHALLENGE {0}", fullUrl));
|
|---|
| | | }
|
|---|
| | | httpResponse.setHeader("WWW-Authenticate", CHALLENGE);
|
|---|
| | |
|---|
| | | return;
|
|---|
| | | }
|
|---|
| | | // valid user, but not for requested access. send 403.
|
|---|
| | | if (GitBlit.isDebugMode()) {
|
|---|
| | | if (runtimeManager.isDebugMode()) {
|
|---|
| | | logger.info(MessageFormat.format("ARF: {0} forbidden to access {1}",
|
|---|
| | | user.username, fullUrl));
|
|---|
| | | }
|
|---|
| | |
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | if (GitBlit.isDebugMode()) {
|
|---|
| | | if (runtimeManager.isDebugMode()) {
|
|---|
| | | logger.info(MessageFormat.format("ARF: {0} ({1}) unauthenticated", fullUrl,
|
|---|
| | | HttpServletResponse.SC_CONTINUE));
|
|---|
| | | }
|
|---|
