From 134a895dbf6db6b9784f165a3a577d6059949169 Mon Sep 17 00:00:00 2001
From: Mohamed MOUNIROU <mmounirou@MacBook-Pro-de-Mohamed.local>
Date: Tue, 04 Oct 2011 16:35:09 -0400
Subject: [PATCH] add tools to install giblet as service on linux based os
---
src/com/gitblit/AccessRestrictionFilter.java | 82 +++++++++++++++++++++++++++++++++-------
1 files changed, 67 insertions(+), 15 deletions(-)
diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index 3aca103..25adc52 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -16,6 +16,7 @@
package com.gitblit;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.Enumeration;
@@ -32,6 +33,7 @@
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.eclipse.jgit.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -40,8 +42,18 @@
import com.gitblit.utils.StringUtils;
/**
+ * The AccessRestrictionFilter is a servlet filter that preprocesses requests
+ * that match its url pattern definition in the web.xml file.
+ *
+ * The filter extracts the name of the repository from the url and determines if
+ * the requested action for the repository requires a Basic authentication
+ * prompt. If authentication is required and no credentials are stored in the
+ * "Authorization" header, then a basic authentication challenge is issued.
*
* http://en.wikipedia.org/wiki/Basic_access_authentication
+ *
+ * @author James Moger
+ *
*/
public abstract class AccessRestrictionFilter implements Filter {
@@ -57,15 +69,48 @@
logger = LoggerFactory.getLogger(getClass());
}
+ /**
+ * Extract the repository name from the url.
+ *
+ * @param url
+ * @return repository name
+ */
protected abstract String extractRepositoryName(String url);
- protected abstract String getUrlRequestType(String url);
+ /**
+ * Analyze the url and returns the action of the request.
+ *
+ * @param url
+ * @return action of the request
+ */
+ protected abstract String getUrlRequestAction(String url);
+ /**
+ * Determine if the repository requires authentication.
+ *
+ * @param repository
+ * @return true if authentication required
+ */
protected abstract boolean requiresAuthentication(RepositoryModel repository);
- protected abstract boolean canAccess(RepositoryModel repository, UserModel user,
- String restrictedUrl);
+ /**
+ * Determine if the user can access the repository and perform the specified
+ * action.
+ *
+ * @param repository
+ * @param user
+ * @param action
+ * @return true if user may execute the action on the repository
+ */
+ protected abstract boolean canAccess(RepositoryModel repository, UserModel user, String action);
+ /**
+ * doFilter does the actual work of preprocessing the request to ensure that
+ * the user may proceed.
+ *
+ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
+ * javax.servlet.ServletResponse, javax.servlet.FilterChain)
+ */
@Override
public void doFilter(final ServletRequest request, final ServletResponse response,
final FilterChain chain) throws IOException, ServletException {
@@ -85,18 +130,19 @@
AccessRestrictionRequest accessRequest = new AccessRestrictionRequest(httpRequest);
- String url = httpRequest.getRequestURI().substring(httpRequest.getServletPath().length());
+ String servletUrl = httpRequest.getContextPath() + httpRequest.getServletPath();
+ String url = httpRequest.getRequestURI().substring(servletUrl.length());
String params = httpRequest.getQueryString();
if (url.length() > 0 && url.charAt(0) == '/') {
url = url.substring(1);
}
String fullUrl = url + (StringUtils.isEmpty(params) ? "" : ("?" + params));
- String repository = extractRepositoryName(url);
+ String repository = extractRepositoryName(fullUrl);
// Determine if the request URL is restricted
String fullSuffix = fullUrl.substring(repository.length());
- String urlRequestType = getUrlRequestType(fullSuffix);
+ String urlRequestType = getUrlRequestAction(fullSuffix);
// Load the repository model
RepositoryModel model = GitBlit.self().getRepositoryModel(repository);
@@ -114,10 +160,8 @@
if (authorization != null && authorization.startsWith(BASIC)) {
// Authorization: Basic base64credentials
String base64Credentials = authorization.substring(BASIC.length()).trim();
- String credentials = StringUtils.decodeBase64(base64Credentials);
- if (GitBlit.isDebugMode()) {
- logger.info(MessageFormat.format("AUTH: {0} ({1})", authorization, credentials));
- }
+ String credentials = new String(Base64.decode(base64Credentials),
+ Charset.forName("UTF-8"));
// credentials = username:password
final String[] values = credentials.split(":");
@@ -131,7 +175,8 @@
// authenticated request permitted.
// pass processing to the restricted servlet.
newSession(accessRequest, httpResponse);
- logger.info("ARF: " + fullUrl + " (" + HttpServletResponse.SC_CONTINUE + ") authenticated");
+ logger.info("ARF: " + fullUrl + " (" + HttpServletResponse.SC_CONTINUE
+ + ") authenticated");
chain.doFilter(accessRequest, httpResponse);
return;
}
@@ -163,7 +208,8 @@
}
if (GitBlit.isDebugMode()) {
- logger.info("ARF: " + fullUrl + " (" + HttpServletResponse.SC_CONTINUE + ") unauthenticated");
+ logger.info("ARF: " + fullUrl + " (" + HttpServletResponse.SC_CONTINUE
+ + ") unauthenticated");
}
// unauthenticated request permitted.
// pass processing to the restricted servlet.
@@ -195,26 +241,32 @@
}
}
+ /**
+ * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+ */
@Override
public void init(final FilterConfig config) throws ServletException {
}
+ /**
+ * @see javax.servlet.Filter#destroy()
+ */
@Override
public void destroy() {
}
-
+
/**
* Wraps a standard HttpServletRequest and overrides user principal methods.
*/
public static class AccessRestrictionRequest extends ServletRequestWrapper {
private UserModel user;
-
+
public AccessRestrictionRequest(HttpServletRequest req) {
super(req);
user = new UserModel("anonymous");
}
-
+
void setUser(UserModel user) {
this.user = user;
}
--
Gitblit v1.9.1