From 73f1adb2e84b8b9cd4045bcdd7d9afa72d3875b5 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 27 Nov 2012 17:13:03 -0500
Subject: [PATCH] Added short commit id column to log and history tables (issue 168)

---
 src/com/gitblit/AuthenticationFilter.java |   31 +++++++++++++++++++++++++++----
 1 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/com/gitblit/AuthenticationFilter.java b/src/com/gitblit/AuthenticationFilter.java
index 6b7a0af..64aa441 100644
--- a/src/com/gitblit/AuthenticationFilter.java
+++ b/src/com/gitblit/AuthenticationFilter.java
@@ -33,11 +33,11 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.eclipse.jgit.util.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.models.UserModel;
+import com.gitblit.utils.Base64;
 import com.gitblit.utils.StringUtils;
 
 /**
@@ -69,6 +69,15 @@
 	@Override
 	public abstract void doFilter(final ServletRequest request, final ServletResponse response,
 			final FilterChain chain) throws IOException, ServletException;
+	
+	/**
+	 * Allow the filter to require a client certificate to continue processing.
+	 * 
+	 * @return true, if a client certificate is required
+	 */
+	protected boolean requiresClientCertificate() {
+		return false;
+	}
 
 	/**
 	 * Returns the full relative url of the request.
@@ -95,6 +104,16 @@
 	 */
 	protected UserModel getUser(HttpServletRequest httpRequest) {
 		UserModel user = null;
+		// try request authentication
+		user = GitBlit.self().authenticate(httpRequest);
+		if (user != null) {
+			return user;
+		} else if (requiresClientCertificate()) {
+			// http request does not have a valid certificate
+			// and the filter requires one
+			return null;
+		}
+		
 		// look for client authorization credentials in header
 		final String authorization = httpRequest.getHeader("Authorization");
 		if (authorization != null && authorization.startsWith(BASIC)) {
@@ -103,7 +122,7 @@
 			String credentials = new String(Base64.decode(base64Credentials),
 					Charset.forName("UTF-8"));
 			// credentials = username:password
-			final String[] values = credentials.split(":");
+			final String[] values = credentials.split(":",2);
 
 			if (values.length == 2) {
 				String username = values[0];
@@ -170,8 +189,9 @@
 		public AuthenticatedRequest(HttpServletRequest req) {
 			super(req);
 			user = new UserModel("anonymous");
+			user.isAuthenticated = false;
 		}
-		
+
 		UserModel getUser() {
 			return user;
 		}
@@ -188,8 +208,11 @@
 		@Override
 		public boolean isUserInRole(String role) {
 			if (role.equals(Constants.ADMIN_ROLE)) {
-				return user.canAdmin;
+				return user.canAdmin();
 			}
+			// Gitblit does not currently use actual roles in the traditional
+			// servlet container sense.  That is the reason this is marked
+			// deprecated, but I may want to revisit this.
 			return user.canAccessRepository(role);
 		}
 

--
Gitblit v1.9.1