From cacf8bff097fbb66a7be1bfe267b5da2605145f8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 29 Nov 2013 11:05:46 -0500
Subject: [PATCH] Use Dagger to inject managers into all filters and servlets
---
src/main/java/com/gitblit/AuthenticationFilter.java | 33 ++++++++++++++++++++-------------
1 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/src/main/java/com/gitblit/AuthenticationFilter.java b/src/main/java/com/gitblit/AuthenticationFilter.java
index eb6e95b..96d880f 100644
--- a/src/main/java/com/gitblit/AuthenticationFilter.java
+++ b/src/main/java/com/gitblit/AuthenticationFilter.java
@@ -28,23 +28,26 @@
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.gitblit.manager.ISessionManager;
import com.gitblit.models.UserModel;
+import com.gitblit.utils.DeepCopier;
import com.gitblit.utils.StringUtils;
/**
* The AuthenticationFilter is a servlet filter that preprocesses requests that
* match its url pattern definition in the web.xml file.
- *
+ *
* http://en.wikipedia.org/wiki/Basic_access_authentication
- *
+ *
* @author James Moger
- *
+ *
*/
public abstract class AuthenticationFilter implements Filter {
@@ -54,20 +57,26 @@
protected transient Logger logger = LoggerFactory.getLogger(getClass());
+ protected final ISessionManager sessionManager;
+
+ protected AuthenticationFilter(ISessionManager sessionManager) {
+ this.sessionManager = sessionManager;
+ }
+
/**
* doFilter does the actual work of preprocessing the request to ensure that
* the user may proceed.
- *
+ *
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public abstract void doFilter(final ServletRequest request, final ServletResponse response,
final FilterChain chain) throws IOException, ServletException;
-
+
/**
* Allow the filter to require a client certificate to continue processing.
- *
+ *
* @return true, if a client certificate is required
*/
protected boolean requiresClientCertificate() {
@@ -76,7 +85,7 @@
/**
* Returns the full relative url of the request.
- *
+ *
* @param httpRequest
* @return url
*/
@@ -93,19 +102,18 @@
/**
* Returns the user making the request, if the user has authenticated.
- *
+ *
* @param httpRequest
* @return user
*/
protected UserModel getUser(HttpServletRequest httpRequest) {
- UserModel user = GitBlit.self().authenticate(httpRequest, requiresClientCertificate());
+ UserModel user = sessionManager.authenticate(httpRequest, requiresClientCertificate());
return user;
}
/**
* Taken from Jetty's LoginAuthenticator.renewSessionOnAuthentication()
*/
- @SuppressWarnings("unchecked")
protected void newSession(HttpServletRequest request, HttpServletResponse response) {
HttpSession oldSession = request.getSession(false);
if (oldSession != null && oldSession.getAttribute(SESSION_SECURED) == null) {
@@ -145,14 +153,13 @@
/**
* Wraps a standard HttpServletRequest and overrides user principal methods.
*/
- public static class AuthenticatedRequest extends ServletRequestWrapper {
+ public static class AuthenticatedRequest extends HttpServletRequestWrapper {
private UserModel user;
public AuthenticatedRequest(HttpServletRequest req) {
super(req);
- user = new UserModel("anonymous");
- user.isAuthenticated = false;
+ user = DeepCopier.copy(UserModel.ANONYMOUS);
}
UserModel getUser() {
--
Gitblit v1.9.1