# Require authentication for http/https push/pull access of git repositories\r
git.authenticate = true\r
\r
-# Require authentication to see the web ui\r
-web.authenticate = true\r
+# Require authentication to see everything but the admin pages\r
+web.authenticateViewPages = false\r
+\r
+# Require admin authentication for the admin functions and pages\r
+web.authenticateAdminPages = true\r
\r
# Simple user realm file to authenticate users\r
server.realmFile = users.properties\r
import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;\r
import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;\r
\r
+import com.gitblit.GitBlit;\r
+import com.gitblit.Keys;\r
import com.gitblit.wicket.pages.RepositoriesPage;\r
\r
public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener {\r
@Override\r
protected boolean isPageAuthorized(Class pageClass) {\r
if (BasePage.class.isAssignableFrom(pageClass)) {\r
- GitBlitWebSession session = GitBlitWebSession.get();\r
- if (!session.isLoggedIn())\r
+ boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true);\r
+ boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);\r
+ boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);\r
+ \r
+ GitBlitWebSession session = GitBlitWebSession.get(); \r
+ if (authenticateView && !session.isLoggedIn()) {\r
+ // authentication required\r
return false;\r
+ }\r
+ \r
User user = session.getUser();\r
if (pageClass.isAnnotationPresent(AdminPage.class)) {\r
- return user.canAdmin();\r
+ // admin page\r
+ if (allowAdmin) {\r
+ if (authenticateAdmin) {\r
+ // authenticate admin\r
+ if (user != null) {\r
+ return user.canAdmin();\r
+ }\r
+ return false;\r
+ } else {\r
+ // no admin authentication required\r
+ return true;\r
+ }\r
+ } else {\r
+ //admin prohibited\r
+ return false;\r
+ }\r
}\r
}\r
return true;\r
add(new Label("pageName", pageName));\r
\r
// footer\r
- User user = null;\r
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {\r
- user = GitBlitWebSession.get().getUser();\r
- add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + user.toString(), LogoutPage.class));\r
+ if (GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true)\r
+ || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) {\r
+ if (GitBlitWebSession.get().isLoggedIn()) {\r
+ // logout\r
+ add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + GitBlitWebSession.get().getUser().toString(), LogoutPage.class));\r
+ } else {\r
+ // login\r
+ add(new LinkPanel("userPanel", null, getString("gb.login"), LoginPage.class)); \r
+ }\r
} else {\r
add(new Label("userPanel", ""));\r
}\r
super.init();\r
\r
// Setup page authorization mechanism\r
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, false)) {\r
+ boolean useAuthentication = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, false) || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, false);\r
+ if (useAuthentication) {\r
AuthorizationStrategy authStrategy = new AuthorizationStrategy();\r
getSecuritySettings().setAuthorizationStrategy(authStrategy);\r
getSecuritySettings().setUnauthorizedComponentInstantiationListener(authStrategy);\r
mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" }));\r
\r
// setup login/logout urls, if we are using authentication\r
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {\r
+ if (useAuthentication) {\r
mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {}));\r
mount(new MixedParamUrlCodingStrategy("/logout", LogoutPage.class, new String[] {}));\r
}\r
setupPage("", "");\r
\r
boolean showAdmin = false;\r
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {\r
+ if (GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) {\r
boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, false);\r
showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin();\r
} else {\r
projects / gitblit.git / commitdiff