From e4c2447099c0476f8de3b684aa68c1496218e0f2 Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Fri, 22 May 2015 11:39:59 -0400 Subject: [PATCH] Improve PAM documentation --- src/main/java/com/gitblit/manager/AuthenticationManager.java | 75 +++++++++++++++++++++++++++++++++++++ 1 files changed, 75 insertions(+), 0 deletions(-) diff --git a/src/main/java/com/gitblit/manager/AuthenticationManager.java b/src/main/java/com/gitblit/manager/AuthenticationManager.java index f98f7b6..cbf0a1b 100644 --- a/src/main/java/com/gitblit/manager/AuthenticationManager.java +++ b/src/main/java/com/gitblit/manager/AuthenticationManager.java @@ -35,6 +35,7 @@ import com.gitblit.Constants; import com.gitblit.Constants.AccountType; import com.gitblit.Constants.AuthenticationType; +import com.gitblit.Constants.Role; import com.gitblit.IStoredSettings; import com.gitblit.Keys; import com.gitblit.auth.AuthenticationProvider; @@ -52,6 +53,8 @@ import com.gitblit.utils.HttpUtils; import com.gitblit.utils.StringUtils; import com.gitblit.utils.X509Utils.X509Metadata; +import com.google.inject.Inject; +import com.google.inject.Singleton; /** * The authentication manager handles user login & logout. @@ -59,6 +62,7 @@ * @author James Moger * */ +@Singleton public class AuthenticationManager implements IAuthenticationManager { private final Logger logger = LoggerFactory.getLogger(getClass()); @@ -75,6 +79,7 @@ private final Map<String, String> legacyRedirects; + @Inject public AuthenticationManager( IRuntimeManager runtimeManager, IUserManager userManager) { @@ -210,6 +215,29 @@ user.displayName = username; user.password = Constants.EXTERNAL_ACCOUNT; user.accountType = AccountType.CONTAINER; + + // Try to extract user's informations for the session + // it uses "realm.container.autoAccounts.*" as the attribute name to look for + HttpSession session = httpRequest.getSession(); + String emailAddress = resolveAttribute(session, Keys.realm.container.autoAccounts.emailAddress); + if(emailAddress != null) { + user.emailAddress = emailAddress; + } + String displayName = resolveAttribute(session, Keys.realm.container.autoAccounts.displayName); + if(displayName != null) { + user.displayName = displayName; + } + String userLocale = resolveAttribute(session, Keys.realm.container.autoAccounts.locale); + if(userLocale != null) { + user.getPreferences().setLocale(userLocale); + } + String adminRole = settings.getString(Keys.realm.container.autoAccounts.adminRole, null); + if(adminRole != null && ! adminRole.isEmpty()) { + if(httpRequest.isUserInRole(adminRole)) { + user.canAdmin = true; + } + } + userManager.updateUserModel(user); flagSession(httpRequest, AuthenticationType.CONTAINER); logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}", @@ -287,6 +315,31 @@ } } return null; + } + + /** + * Extract given attribute from the session and return it's content + * it return null if attributeMapping is empty, or if the value is + * empty + * + * @param session The user session + * @param attributeMapping + * @return + */ + private String resolveAttribute(HttpSession session, String attributeMapping) { + String attributeName = settings.getString(attributeMapping, null); + if(StringUtils.isEmpty(attributeName)) { + return null; + } + Object attributeValue = session.getAttribute(attributeName); + if(attributeValue == null) { + return null; + } + String value = attributeValue.toString(); + if(value.isEmpty()) { + return null; + } + return value; } /** @@ -576,6 +629,28 @@ return (team != null && team.isLocalTeam()) || findProvider(team).supportsTeamMembershipChanges(); } + /** + * Returns true if the user's role can be changed. + * + * @param user + * @return true if the user's role can be changed + */ + @Override + public boolean supportsRoleChanges(UserModel user, Role role) { + return (user != null && user.isLocalAccount()) || findProvider(user).supportsRoleChanges(user, role); + } + + /** + * Returns true if the team's role can be changed. + * + * @param user + * @return true if the team's role can be changed + */ + @Override + public boolean supportsRoleChanges(TeamModel team, Role role) { + return (team != null && team.isLocalTeam()) || findProvider(team).supportsRoleChanges(team, role); + } + protected AuthenticationProvider findProvider(UserModel user) { for (AuthenticationProvider provider : authenticationProviders) { if (provider.getAccountType().equals(user.accountType)) { -- Gitblit v1.9.1