From aa6d43e8b28ff73d69a920e9b3a7b284cfce00c3 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 29 Nov 2013 11:05:51 -0500
Subject: [PATCH] Extract SessionManager from GitBlit singleton

---
 src/main/java/com/gitblit/RpcFilter.java |   43 +++++++++++++++++++++++++++++++------------
 1 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/src/main/java/com/gitblit/RpcFilter.java b/src/main/java/com/gitblit/RpcFilter.java
index 1de9fcc..c4b6451 100644
--- a/src/main/java/com/gitblit/RpcFilter.java
+++ b/src/main/java/com/gitblit/RpcFilter.java
@@ -18,6 +18,8 @@
 import java.io.IOException;
 import java.text.MessageFormat;
 
+import javax.inject.Inject;
+import javax.inject.Singleton;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -26,27 +28,44 @@
 import javax.servlet.http.HttpServletResponse;
 
 import com.gitblit.Constants.RpcRequest;
+import com.gitblit.manager.IRuntimeManager;
+import com.gitblit.manager.ISessionManager;
 import com.gitblit.models.UserModel;
 
 /**
  * The RpcFilter is a servlet filter that secures the RpcServlet.
- * 
+ *
  * The filter extracts the rpc request type from the url and determines if the
  * requested action requires a Basic authentication prompt. If authentication is
  * required and no credentials are stored in the "Authorization" header, then a
  * basic authentication challenge is issued.
- * 
+ *
  * http://en.wikipedia.org/wiki/Basic_access_authentication
- * 
+ *
  * @author James Moger
- * 
+ *
  */
+@Singleton
 public class RpcFilter extends AuthenticationFilter {
+
+	private final IStoredSettings settings;
+
+	private final IRuntimeManager runtimeManager;
+
+	@Inject
+	public RpcFilter(
+			IRuntimeManager runtimeManager,
+			ISessionManager sessionManager) {
+
+		super(sessionManager);
+		this.settings = runtimeManager.getSettings();
+		this.runtimeManager = runtimeManager;
+	}
 
 	/**
 	 * doFilter does the actual work of preprocessing the request to ensure that
 	 * the user may proceed.
-	 * 
+	 *
 	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
 	 *      javax.servlet.ServletResponse, javax.servlet.FilterChain)
 	 */
@@ -67,14 +86,14 @@
 		boolean adminRequest = requestType.exceeds(RpcRequest.LIST_SETTINGS);
 
 		// conditionally reject all rpc requests
-		if (!GitBlit.getBoolean(Keys.web.enableRpcServlet, true)) {
+		if (!settings.getBoolean(Keys.web.enableRpcServlet, true)) {
 			logger.warn(Keys.web.enableRpcServlet + " must be set TRUE for rpc requests.");
 			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
 			return;
 		}
 
-		boolean authenticateView = GitBlit.getBoolean(Keys.web.authenticateViewPages, false);
-		boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
+		boolean authenticateView = settings.getBoolean(Keys.web.authenticateViewPages, false);
+		boolean authenticateAdmin = settings.getBoolean(Keys.web.authenticateAdminPages, true);
 
 		// Wrap the HttpServletRequest with the RpcServletRequest which
 		// overrides the servlet container user principal methods.
@@ -85,7 +104,7 @@
 		}
 
 		// conditionally reject rpc management/administration requests
-		if (adminRequest && !GitBlit.getBoolean(Keys.web.enableRpcManagement, false)) {
+		if (adminRequest && !settings.getBoolean(Keys.web.enableRpcManagement, false)) {
 			logger.warn(MessageFormat.format("{0} must be set TRUE for {1} rpc requests.",
 					Keys.web.enableRpcManagement, requestType.toString()));
 			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
@@ -96,7 +115,7 @@
 		if ((adminRequest && authenticateAdmin) || (!adminRequest && authenticateView)) {
 			if (user == null) {
 				// challenge client to provide credentials. send 401.
-				if (GitBlit.isDebugMode()) {
+				if (runtimeManager.isDebugMode()) {
 					logger.info(MessageFormat.format("RPC: CHALLENGE {0}", fullUrl));
 
 				}
@@ -115,7 +134,7 @@
 					return;
 				}
 				// valid user, but not for requested access. send 403.
-				if (GitBlit.isDebugMode()) {
+				if (runtimeManager.isDebugMode()) {
 					logger.info(MessageFormat.format("RPC: {0} forbidden to access {1}",
 							user.username, fullUrl));
 				}
@@ -124,7 +143,7 @@
 			}
 		}
 
-		if (GitBlit.isDebugMode()) {
+		if (runtimeManager.isDebugMode()) {
 			logger.info(MessageFormat.format("RPC: {0} ({1}) unauthenticated", fullUrl,
 					HttpServletResponse.SC_CONTINUE));
 		}

--
Gitblit v1.9.1