diff options
| author | James Moger <james.moger@gitblit.com> | 2013-06-17 15:56:14 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2013-06-17 15:56:14 -0400 |
| commit | 9b54923f4ee5411966016f91224e4f4f545f1416 (patch) | |
| tree | ab5d381f6aa1501fe351502fb2d88736414e354e | |
| parent | de3474a1ddd9201dec8246d7fd81e240b98bb6a5 (diff) | |
| download | gitblit-9b54923f4ee5411966016f91224e4f4f545f1416.tar.gz gitblit-9b54923f4ee5411966016f91224e4f4f545f1416.zip | |
Option to auto-create accounts based on authenticated container principals (issue-246)
| -rw-r--r-- | releases.moxie | 3 | ||||
| -rw-r--r-- | src/main/distrib/data/gitblit.properties | 7 | ||||
| -rw-r--r-- | src/main/java/com/gitblit/GitBlit.java | 13 |
3 files changed, 22 insertions, 1 deletions
diff --git a/releases.moxie b/releases.moxie index f419992e..50a54e7e 100644 --- a/releases.moxie +++ b/releases.moxie @@ -66,6 +66,7 @@ r17: { - Added weblogic.xml to WAR for deployment on WebLogic (issue 199)
- Support username substitution in web.otherUrls (issue 213)
- Option to force client-side basic authentication instead of form-based authentication if web.authenticateViewPages=true (issue 222)
+ - Setting to automatically create an user account based on an authenticated user principal from the servlet container (issue-246)
contributors:
- Bandarupalli Satyanarayana
@@ -86,6 +87,7 @@ r17: { - Matthias Bauer
- Micha�l Pailloncy
- Michael Schaefers
+ - Oliver Doepner
- Philip Boutros
- Rafael Cavazin
- Ryan Schneider
@@ -109,6 +111,7 @@ r17: { - { name: 'git.daemonPort', defaultValue: 0 }
- { name: 'git.defaultIncrementalPushTagPrefix', defaultValue: 'r' }
- { name: 'mail.smtps', defaultValue: false }
+ - { name: 'realm.container.autoCreateAccounts', defaultValue: 'false' }
- { name: 'realm.salesforce.backingUserService', defaultValue: 'users.conf' }
- { name: 'realm.salesforce.orgId', defaultValue: 0 }
- { name: 'web.activityDurationChoices', defaultValue: '7 14 28 60 90 180' }
diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties index 1671507f..412bcae2 100644 --- a/src/main/distrib/data/gitblit.properties +++ b/src/main/distrib/data/gitblit.properties @@ -1110,6 +1110,13 @@ federation.sets = # Advanced Realm Settings
#
+# Auto-creates user accounts based on the servlet container principal. This
+# assumes that your Gitblit install is a protected resource and your container's
+# authentication process intercepts all Gitblit requests.
+#
+# SINCE 1.3.0
+realm.container.autoCreateAccounts = false
+
# The SalesforceUserService must be backed by another user service for standard user
# and team management.
# default: users.conf
diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java index c538acea..25ffaba8 100644 --- a/src/main/java/com/gitblit/GitBlit.java +++ b/src/main/java/com/gitblit/GitBlit.java @@ -827,13 +827,24 @@ public class GitBlit implements ServletContextListener { Principal principal = httpRequest.getUserPrincipal(); if (principal != null) { String username = principal.getName(); - if (StringUtils.isEmpty(username)) { + if (!StringUtils.isEmpty(username)) { UserModel user = getUserModel(username); if (user != null) { + // existing user flagWicketSession(AuthenticationType.CONTAINER); logger.debug(MessageFormat.format("{0} authenticated by servlet container principal from {1}", user.username, httpRequest.getRemoteAddr())); return user; + } else if (settings.getBoolean(Keys.realm.container.autoCreateAccounts, true)) { + // auto-create user from an authenticated container principal + user = new UserModel(username.toLowerCase()); + user.displayName = username; + user.password = Constants.EXTERNAL_ACCOUNT; + userService.updateUserModel(user); + flagWicketSession(AuthenticationType.CONTAINER); + logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}", + user.username, httpRequest.getRemoteAddr())); + return user; } else { logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted servlet container authentication from {1}", principal.getName(), httpRequest.getRemoteAddr())); |