From b55030a765f040a15609c60d3f69b6cb7f00bdae Mon Sep 17 00:00:00 2001 From: James Moger Date: Sat, 16 Apr 2011 09:27:57 -0400 Subject: [PATCH] More flexible authentication. Anonymous view, authenticated admin. --- gitblit.properties | 7 +++-- .../gitblit/wicket/AuthorizationStrategy.java | 30 +++++++++++++++++-- src/com/gitblit/wicket/BasePage.java | 13 +++++--- src/com/gitblit/wicket/GitBlitWebApp.java | 5 ++-- .../wicket/pages/RepositoriesPage.java | 2 +- 5 files changed, 45 insertions(+), 12 deletions(-) diff --git a/gitblit.properties b/gitblit.properties index 1adadc8a..a4828108 100644 --- a/gitblit.properties +++ b/gitblit.properties @@ -26,8 +26,11 @@ git.cloneUrl = https://localhost/git/ # Require authentication for http/https push/pull access of git repositories git.authenticate = true -# Require authentication to see the web ui -web.authenticate = true +# Require authentication to see everything but the admin pages +web.authenticateViewPages = false + +# Require admin authentication for the admin functions and pages +web.authenticateAdminPages = true # Simple user realm file to authenticate users server.realmFile = users.properties diff --git a/src/com/gitblit/wicket/AuthorizationStrategy.java b/src/com/gitblit/wicket/AuthorizationStrategy.java index 0a9d652b..3e7df36b 100644 --- a/src/com/gitblit/wicket/AuthorizationStrategy.java +++ b/src/com/gitblit/wicket/AuthorizationStrategy.java @@ -5,6 +5,8 @@ import org.apache.wicket.RestartResponseAtInterceptPageException; import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener; import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy; +import com.gitblit.GitBlit; +import com.gitblit.Keys; import com.gitblit.wicket.pages.RepositoriesPage; public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener { @@ -16,12 +18,34 @@ public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy imp @Override protected boolean isPageAuthorized(Class pageClass) { if (BasePage.class.isAssignableFrom(pageClass)) { - GitBlitWebSession session = GitBlitWebSession.get(); - if (!session.isLoggedIn()) + boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true); + boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true); + boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true); + + GitBlitWebSession session = GitBlitWebSession.get(); + if (authenticateView && !session.isLoggedIn()) { + // authentication required return false; + } + User user = session.getUser(); if (pageClass.isAnnotationPresent(AdminPage.class)) { - return user.canAdmin(); + // admin page + if (allowAdmin) { + if (authenticateAdmin) { + // authenticate admin + if (user != null) { + return user.canAdmin(); + } + return false; + } else { + // no admin authentication required + return true; + } + } else { + //admin prohibited + return false; + } } } return true; diff --git a/src/com/gitblit/wicket/BasePage.java b/src/com/gitblit/wicket/BasePage.java index 2540ce18..33feacb3 100644 --- a/src/com/gitblit/wicket/BasePage.java +++ b/src/com/gitblit/wicket/BasePage.java @@ -46,10 +46,15 @@ public abstract class BasePage extends WebPage { add(new Label("pageName", pageName)); // footer - User user = null; - if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { - user = GitBlitWebSession.get().getUser(); - add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + user.toString(), LogoutPage.class)); + if (GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true) + || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) { + if (GitBlitWebSession.get().isLoggedIn()) { + // logout + add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + GitBlitWebSession.get().getUser().toString(), LogoutPage.class)); + } else { + // login + add(new LinkPanel("userPanel", null, getString("gb.login"), LoginPage.class)); + } } else { add(new Label("userPanel", "")); } diff --git a/src/com/gitblit/wicket/GitBlitWebApp.java b/src/com/gitblit/wicket/GitBlitWebApp.java index b70c95f8..29d6b515 100644 --- a/src/com/gitblit/wicket/GitBlitWebApp.java +++ b/src/com/gitblit/wicket/GitBlitWebApp.java @@ -35,7 +35,8 @@ public class GitBlitWebApp extends WebApplication { super.init(); // Setup page authorization mechanism - if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, false)) { + boolean useAuthentication = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, false) || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, false); + if (useAuthentication) { AuthorizationStrategy authStrategy = new AuthorizationStrategy(); getSecuritySettings().setAuthorizationStrategy(authStrategy); getSecuritySettings().setUnauthorizedComponentInstantiationListener(authStrategy); @@ -65,7 +66,7 @@ public class GitBlitWebApp extends WebApplication { mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" })); // setup login/logout urls, if we are using authentication - if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { + if (useAuthentication) { mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {})); mount(new MixedParamUrlCodingStrategy("/logout", LogoutPage.class, new String[] {})); } diff --git a/src/com/gitblit/wicket/pages/RepositoriesPage.java b/src/com/gitblit/wicket/pages/RepositoriesPage.java index fd7ab52d..a0f7299f 100644 --- a/src/com/gitblit/wicket/pages/RepositoriesPage.java +++ b/src/com/gitblit/wicket/pages/RepositoriesPage.java @@ -33,7 +33,7 @@ public class RepositoriesPage extends BasePage { setupPage("", ""); boolean showAdmin = false; - if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { + if (GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) { boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, false); showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin(); } else { -- 2.39.5