Moved cookie and certificate authentication to http request authentication method

diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index c05a9248a9d014a987ed9951507137a8cfa61b4e..c8deee1286a2622ec5f41028cbbc64665075fbb3 100644 (file)
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -537,7 +537,7 @@ public class GitBlit implements ServletContextListener {
         * @param cookies\r
         * @return a user object or null\r
         */\r
-       public UserModel authenticate(Cookie[] cookies) {\r
+       protected UserModel authenticate(Cookie[] cookies) {\r
                if (userService == null) {\r
                        return null;\r
                }\r
@@ -555,22 +555,33 @@ public class GitBlit implements ServletContextListener {
        }\r
 \r
        /**\r
-        * Authenticate a user based on HTTP request paramters.\r
-        * This method is inteded to be used as fallback when other\r
-        * means of authentication are failing (username / password or cookies).\r
+        * Authenticate a user based on HTTP request parameters.\r
+        * \r
+        * Authentication by X509Certificate is tried first and then by cookie.\r
+        * \r
         * @param httpRequest\r
         * @return a user object or null\r
         */\r
        public UserModel authenticate(HttpServletRequest httpRequest) {\r
+               // try to authenticate by certificate\r
                boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true);\r
                String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);\r
                UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);\r
                if (model != null) {\r
-                       UserModel user = GitBlit.self().getUserModel(model.username);\r
+                       // grab real user model and preserve certificate serial number\r
+                       UserModel user = getUserModel(model.username);\r
                        logger.info(MessageFormat.format("{0} authenticated by client certificate from {1}",\r
                                        user.username, httpRequest.getRemoteAddr()));\r
                        return user;\r
                }\r
+               \r
+               // try to authenticate by cookie\r
+               Cookie[] cookies = httpRequest.getCookies();\r
+               if (allowCookieAuthentication() && cookies != null && cookies.length > 0) {\r
+                       // Grab cookie from Browser Session\r
+                       UserModel user = authenticate(cookies);\r
+                       return user;\r
+               }\r
                return null;\r
        }\r
 \r

diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java
index 05640ad0d4706c022e00b819fbe4b7637eec3797..d04271db92795be9d80cd0de6df4d0bf7b6f34c5 100644 (file)
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -29,7 +29,6 @@ import java.util.Set;
 import java.util.TimeZone;\r
 import java.util.regex.Pattern;\r
 \r
-import javax.servlet.http.Cookie;\r
 import javax.servlet.http.HttpServletRequest;\r
 \r
 import org.apache.wicket.Application;\r
@@ -132,16 +131,8 @@ public abstract class BasePage extends WebPage {
 \r
        private void login() {\r
                // try to authenticate by servlet request\r
-               UserModel user = GitBlit.self().authenticate(((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest());\r
-\r
-               if (user == null) {\r
-                       // try to authenticate by cookie\r
-                       Cookie[] cookies = ((WebRequest) getRequestCycle().getRequest()).getCookies();\r
-                       if (GitBlit.self().allowCookieAuthentication() && cookies != null && cookies.length > 0) {\r
-                               // Grab cookie from Browser Session\r
-                               user = GitBlit.self().authenticate(cookies);\r
-                       }\r
-               }\r
+               HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();\r
+               UserModel user = GitBlit.self().authenticate(httpRequest);\r
 \r
                // Login the user\r
                if (user != null) {\r