From 2f64a2810e14fb990fb7333d257864e67d49acd8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 17 Jun 2013 15:57:45 -0400
Subject: [PATCH] Disallow credential changes for container authenticated sessions

---
 src/main/java/com/gitblit/GitBlit.java |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java
index 25ffaba..ef73978 100644
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -681,7 +681,15 @@
 	 * @return true if the user service supports credential changes
 	 */
 	public boolean supportsCredentialChanges(UserModel user) {
-		return (user != null && user.isLocalAccount()) || userService.supportsCredentialChanges();
+		if (user == null) {
+			return false;
+		} else if (!Constants.EXTERNAL_ACCOUNT.equals(user.password)) {
+			// credentials likely maintained by Gitblit
+			return userService.supportsCredentialChanges();
+		} else {
+			// credentials are externally maintained
+			return false;
+		}
 	}
 
 	/**

--
Gitblit v1.9.1