From 28980c3d6d989b900d02e3357473294561334e4a Mon Sep 17 00:00:00 2001
From: Joel Johnson <joel.johnson@issinc.com>
Date: Mon, 29 Jun 2015 12:19:07 -0400
Subject: [PATCH] use JEE 3.0 to allow cookie session tracking
---
src/main/java/com/gitblit/manager/AuthenticationManager.java | 77 ++++++++++++++++++++++++++++++++++++++
1 files changed, 77 insertions(+), 0 deletions(-)
diff --git a/src/main/java/com/gitblit/manager/AuthenticationManager.java b/src/main/java/com/gitblit/manager/AuthenticationManager.java
index 29221e6..38e45a6 100644
--- a/src/main/java/com/gitblit/manager/AuthenticationManager.java
+++ b/src/main/java/com/gitblit/manager/AuthenticationManager.java
@@ -215,6 +215,29 @@
user.displayName = username;
user.password = Constants.EXTERNAL_ACCOUNT;
user.accountType = AccountType.CONTAINER;
+
+ // Try to extract user's informations for the session
+ // it uses "realm.container.autoAccounts.*" as the attribute name to look for
+ HttpSession session = httpRequest.getSession();
+ String emailAddress = resolveAttribute(session, Keys.realm.container.autoAccounts.emailAddress);
+ if(emailAddress != null) {
+ user.emailAddress = emailAddress;
+ }
+ String displayName = resolveAttribute(session, Keys.realm.container.autoAccounts.displayName);
+ if(displayName != null) {
+ user.displayName = displayName;
+ }
+ String userLocale = resolveAttribute(session, Keys.realm.container.autoAccounts.locale);
+ if(userLocale != null) {
+ user.getPreferences().setLocale(userLocale);
+ }
+ String adminRole = settings.getString(Keys.realm.container.autoAccounts.adminRole, null);
+ if(adminRole != null && ! adminRole.isEmpty()) {
+ if(httpRequest.isUserInRole(adminRole)) {
+ user.canAdmin = true;
+ }
+ }
+
userManager.updateUserModel(user);
flagSession(httpRequest, AuthenticationType.CONTAINER);
logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}",
@@ -293,6 +316,31 @@
}
return null;
}
+
+ /**
+ * Extract given attribute from the session and return it's content
+ * it return null if attributeMapping is empty, or if the value is
+ * empty
+ *
+ * @param session The user session
+ * @param attributeMapping
+ * @return
+ */
+ private String resolveAttribute(HttpSession session, String attributeMapping) {
+ String attributeName = settings.getString(attributeMapping, null);
+ if(StringUtils.isEmpty(attributeName)) {
+ return null;
+ }
+ Object attributeValue = session.getAttribute(attributeName);
+ if(attributeValue == null) {
+ return null;
+ }
+ String value = attributeValue.toString();
+ if(value.isEmpty()) {
+ return null;
+ }
+ return value;
+ }
/**
* Authenticate a user based on a public key.
@@ -326,6 +374,35 @@
/**
+ * Return the UserModel for already authenticated user.
+ *
+ * This implementation assumes that the authentication has already take place
+ * (e.g. SSHDaemon) and that this is a validation/verification of the user.
+ *
+ * @param username
+ * @return a user object or null
+ */
+ @Override
+ public UserModel authenticate(String username) {
+ if (username != null) {
+ if (!StringUtils.isEmpty(username)) {
+ UserModel user = userManager.getUserModel(username);
+ if (user != null) {
+ // existing user
+ logger.debug(MessageFormat.format("{0} authenticated externally", user.username));
+ return validateAuthentication(user, AuthenticationType.CONTAINER);
+ }
+ logger.warn(MessageFormat.format("Failed to find UserModel for {0} during external authentication",
+ username));
+ }
+ } else {
+ logger.warn("Empty user passed to AuthenticationManager.authenticate!");
+ }
+ return null;
+ }
+
+
+ /**
* This method allows the authentication manager to reject authentication
* attempts. It is called after the username/secret have been verified to
* ensure that the authentication technique has been logged.
--
Gitblit v1.9.1