From d65a6baca9a20461f976a2455d70eecc7faf2db5 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 26 Nov 2013 16:07:04 -0500
Subject: [PATCH] Update to Jetty 8.1.13 for Servlet 3
---
src/main/java/com/gitblit/EnforceAuthenticationFilter.java | 59 ++++++++++++++++++++++++++---------------------------------
1 files changed, 26 insertions(+), 33 deletions(-)
diff --git a/src/main/java/com/gitblit/EnforceAuthenticationFilter.java b/src/main/java/com/gitblit/EnforceAuthenticationFilter.java
index 2a17996..93057b4 100644
--- a/src/main/java/com/gitblit/EnforceAuthenticationFilter.java
+++ b/src/main/java/com/gitblit/EnforceAuthenticationFilter.java
@@ -30,6 +30,8 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.gitblit.manager.IRuntimeManager;
+import com.gitblit.manager.ISessionManager;
import com.gitblit.models.UserModel;
/**
@@ -41,62 +43,53 @@
*
*/
public class EnforceAuthenticationFilter implements Filter {
-
+
protected transient Logger logger = LoggerFactory.getLogger(getClass());
- /*
+ /*
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
- // nothing to be done
+ }
- } //init
-
- /*
+ /*
* This does the actual filtering: is the user authenticated? If not, enforce HTTP authentication (401)
- *
+ *
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-
- /*
- * Determine whether to enforce the BASIC authentication:
- */
- @SuppressWarnings("static-access")
- Boolean mustForceAuth = GitBlit.self().getBoolean(Keys.web.authenticateViewPages, false)
- && GitBlit.self().getBoolean(Keys.web.enforceHttpBasicAuthentication, false);
-
- HttpServletRequest HttpRequest = (HttpServletRequest)request;
- HttpServletResponse HttpResponse = (HttpServletResponse)response;
- UserModel user = GitBlit.self().authenticate(HttpRequest);
-
+
+ IStoredSettings settings = GitBlit.getManager(IRuntimeManager.class).getSettings();
+ ISessionManager sessionManager = GitBlit.getManager(ISessionManager.class);
+ Boolean mustForceAuth = settings.getBoolean(Keys.web.authenticateViewPages, false)
+ && settings.getBoolean(Keys.web.enforceHttpBasicAuthentication, false);
+
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ UserModel user = sessionManager.authenticate(httpRequest);
+
if (mustForceAuth && (user == null)) {
// not authenticated, enforce now:
logger.debug(MessageFormat.format("EnforceAuthFilter: user not authenticated for URL {0}!", request.toString()));
- @SuppressWarnings("static-access")
- String CHALLENGE = MessageFormat.format("Basic realm=\"{0}\"", GitBlit.self().getString("web.siteName",""));
- HttpResponse.setHeader("WWW-Authenticate", CHALLENGE);
- HttpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ String challenge = MessageFormat.format("Basic realm=\"{0}\"", settings.getString(Keys.web.siteName, ""));
+ httpResponse.setHeader("WWW-Authenticate", challenge);
+ httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
} else {
// user is authenticated, or don't care, continue handling
- chain.doFilter( request, response );
-
- } // authenticated
- } // doFilter
+ chain.doFilter(request, response);
+ }
+ }
-
- /*
+
+ /*
* @see javax.servlet.Filter#destroy()
*/
@Override
public void destroy() {
- // Nothing to be done
-
- } // destroy
-
+ }
}
--
Gitblit v1.9.1