From aa6d43e8b28ff73d69a920e9b3a7b284cfce00c3 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 29 Nov 2013 11:05:51 -0500
Subject: [PATCH] Extract SessionManager from GitBlit singleton
---
src/main/java/com/gitblit/EnforceAuthenticationFilter.java | 75 ++++++++++++++++++++-----------------
1 files changed, 41 insertions(+), 34 deletions(-)
diff --git a/src/main/java/com/gitblit/EnforceAuthenticationFilter.java b/src/main/java/com/gitblit/EnforceAuthenticationFilter.java
index 2a17996..48fc005 100644
--- a/src/main/java/com/gitblit/EnforceAuthenticationFilter.java
+++ b/src/main/java/com/gitblit/EnforceAuthenticationFilter.java
@@ -18,6 +18,8 @@
import java.io.IOException;
import java.text.MessageFormat;
+import javax.inject.Inject;
+import javax.inject.Singleton;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -30,6 +32,8 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.gitblit.manager.IRuntimeManager;
+import com.gitblit.manager.ISessionManager;
import com.gitblit.models.UserModel;
/**
@@ -40,63 +44,66 @@
* @author Laurens Vrijnsen
*
*/
+@Singleton
public class EnforceAuthenticationFilter implements Filter {
-
+
protected transient Logger logger = LoggerFactory.getLogger(getClass());
- /*
+ private final IStoredSettings settings;
+
+ private final ISessionManager sessionManager;
+
+ @Inject
+ public EnforceAuthenticationFilter(
+ IRuntimeManager runtimeManager,
+ ISessionManager sessionManager) {
+
+ super();
+ this.settings = runtimeManager.getSettings();
+ this.sessionManager = sessionManager;
+ }
+
+ /*
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
- // nothing to be done
+ }
- } //init
-
-
- /*
+ /*
* This does the actual filtering: is the user authenticated? If not, enforce HTTP authentication (401)
- *
+ *
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-
- /*
- * Determine whether to enforce the BASIC authentication:
- */
- @SuppressWarnings("static-access")
- Boolean mustForceAuth = GitBlit.self().getBoolean(Keys.web.authenticateViewPages, false)
- && GitBlit.self().getBoolean(Keys.web.enforceHttpBasicAuthentication, false);
-
- HttpServletRequest HttpRequest = (HttpServletRequest)request;
- HttpServletResponse HttpResponse = (HttpServletResponse)response;
- UserModel user = GitBlit.self().authenticate(HttpRequest);
-
+
+ Boolean mustForceAuth = settings.getBoolean(Keys.web.authenticateViewPages, false)
+ && settings.getBoolean(Keys.web.enforceHttpBasicAuthentication, false);
+
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ UserModel user = sessionManager.authenticate(httpRequest);
+
if (mustForceAuth && (user == null)) {
// not authenticated, enforce now:
logger.debug(MessageFormat.format("EnforceAuthFilter: user not authenticated for URL {0}!", request.toString()));
- @SuppressWarnings("static-access")
- String CHALLENGE = MessageFormat.format("Basic realm=\"{0}\"", GitBlit.self().getString("web.siteName",""));
- HttpResponse.setHeader("WWW-Authenticate", CHALLENGE);
- HttpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ String challenge = MessageFormat.format("Basic realm=\"{0}\"", settings.getString(Keys.web.siteName, ""));
+ httpResponse.setHeader("WWW-Authenticate", challenge);
+ httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
} else {
// user is authenticated, or don't care, continue handling
- chain.doFilter( request, response );
-
- } // authenticated
- } // doFilter
+ chain.doFilter(request, response);
+ }
+ }
-
- /*
+
+ /*
* @see javax.servlet.Filter#destroy()
*/
@Override
public void destroy() {
- // Nothing to be done
-
- } // destroy
-
+ }
}
--
Gitblit v1.9.1