From: James Moger Date: Mon, 17 Jun 2013 19:56:14 +0000 (-0400) Subject: Option to auto-create accounts based on authenticated container principals (issue... X-Git-Tag: v1.3.0~78 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=9b54923f4ee5411966016f91224e4f4f545f1416;p=gitblit.git Option to auto-create accounts based on authenticated container principals (issue-246) --- diff --git a/releases.moxie b/releases.moxie index f419992e..50a54e7e 100644 --- a/releases.moxie +++ b/releases.moxie @@ -66,6 +66,7 @@ r17: { - Added weblogic.xml to WAR for deployment on WebLogic (issue 199) - Support username substitution in web.otherUrls (issue 213) - Option to force client-side basic authentication instead of form-based authentication if web.authenticateViewPages=true (issue 222) + - Setting to automatically create an user account based on an authenticated user principal from the servlet container (issue-246) contributors: - Bandarupalli Satyanarayana @@ -86,6 +87,7 @@ r17: { - Matthias Bauer - Micha�l Pailloncy - Michael Schaefers + - Oliver Doepner - Philip Boutros - Rafael Cavazin - Ryan Schneider @@ -109,6 +111,7 @@ r17: { - { name: 'git.daemonPort', defaultValue: 0 } - { name: 'git.defaultIncrementalPushTagPrefix', defaultValue: 'r' } - { name: 'mail.smtps', defaultValue: false } + - { name: 'realm.container.autoCreateAccounts', defaultValue: 'false' } - { name: 'realm.salesforce.backingUserService', defaultValue: 'users.conf' } - { name: 'realm.salesforce.orgId', defaultValue: 0 } - { name: 'web.activityDurationChoices', defaultValue: '7 14 28 60 90 180' } diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties index 1671507f..412bcae2 100644 --- a/src/main/distrib/data/gitblit.properties +++ b/src/main/distrib/data/gitblit.properties @@ -1110,6 +1110,13 @@ federation.sets = # Advanced Realm Settings # +# Auto-creates user accounts based on the servlet container principal. This +# assumes that your Gitblit install is a protected resource and your container's +# authentication process intercepts all Gitblit requests. +# +# SINCE 1.3.0 +realm.container.autoCreateAccounts = false + # The SalesforceUserService must be backed by another user service for standard user # and team management. # default: users.conf diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java index c538acea..25ffaba8 100644 --- a/src/main/java/com/gitblit/GitBlit.java +++ b/src/main/java/com/gitblit/GitBlit.java @@ -827,13 +827,24 @@ public class GitBlit implements ServletContextListener { Principal principal = httpRequest.getUserPrincipal(); if (principal != null) { String username = principal.getName(); - if (StringUtils.isEmpty(username)) { + if (!StringUtils.isEmpty(username)) { UserModel user = getUserModel(username); if (user != null) { + // existing user flagWicketSession(AuthenticationType.CONTAINER); logger.debug(MessageFormat.format("{0} authenticated by servlet container principal from {1}", user.username, httpRequest.getRemoteAddr())); return user; + } else if (settings.getBoolean(Keys.realm.container.autoCreateAccounts, true)) { + // auto-create user from an authenticated container principal + user = new UserModel(username.toLowerCase()); + user.displayName = username; + user.password = Constants.EXTERNAL_ACCOUNT; + userService.updateUserModel(user); + flagWicketSession(AuthenticationType.CONTAINER); + logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}", + user.username, httpRequest.getRemoteAddr())); + return user; } else { logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted servlet container authentication from {1}", principal.getName(), httpRequest.getRemoteAddr()));