diff options
| author | James Moger <james.moger@gitblit.com> | 2012-11-29 17:24:37 -0500 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2012-11-29 17:24:37 -0500 |
| commit | 86a9855288ef73380a5de613a45052bb7cda7a0a (patch) | |
| tree | dc09f65625d3456380462255d60647caee6e4d5c | |
| parent | 87d72e9d7b175142f8de9856a0e2e497646eda2f (diff) | |
| download | gitblit-86a9855288ef73380a5de613a45052bb7cda7a0a.tar.gz gitblit-86a9855288ef73380a5de613a45052bb7cda7a0a.zip | |
Moved cookie and certificate authentication to http request authentication method
| -rw-r--r-- | src/com/gitblit/GitBlit.java | 21 | ||||
| -rw-r--r-- | src/com/gitblit/wicket/pages/BasePage.java | 13 |
2 files changed, 18 insertions, 16 deletions
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java index c05a9248..c8deee12 100644 --- a/src/com/gitblit/GitBlit.java +++ b/src/com/gitblit/GitBlit.java @@ -537,7 +537,7 @@ public class GitBlit implements ServletContextListener { * @param cookies
* @return a user object or null
*/
- public UserModel authenticate(Cookie[] cookies) {
+ protected UserModel authenticate(Cookie[] cookies) {
if (userService == null) {
return null;
}
@@ -555,22 +555,33 @@ public class GitBlit implements ServletContextListener { }
/**
- * Authenticate a user based on HTTP request paramters.
- * This method is inteded to be used as fallback when other
- * means of authentication are failing (username / password or cookies).
+ * Authenticate a user based on HTTP request parameters.
+ *
+ * Authentication by X509Certificate is tried first and then by cookie.
+ *
* @param httpRequest
* @return a user object or null
*/
public UserModel authenticate(HttpServletRequest httpRequest) {
+ // try to authenticate by certificate
boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true);
String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);
UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);
if (model != null) {
- UserModel user = GitBlit.self().getUserModel(model.username);
+ // grab real user model and preserve certificate serial number
+ UserModel user = getUserModel(model.username);
logger.info(MessageFormat.format("{0} authenticated by client certificate from {1}",
user.username, httpRequest.getRemoteAddr()));
return user;
}
+
+ // try to authenticate by cookie
+ Cookie[] cookies = httpRequest.getCookies();
+ if (allowCookieAuthentication() && cookies != null && cookies.length > 0) {
+ // Grab cookie from Browser Session
+ UserModel user = authenticate(cookies);
+ return user;
+ }
return null;
}
diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java index 05640ad0..d04271db 100644 --- a/src/com/gitblit/wicket/pages/BasePage.java +++ b/src/com/gitblit/wicket/pages/BasePage.java @@ -29,7 +29,6 @@ import java.util.Set; import java.util.TimeZone;
import java.util.regex.Pattern;
-import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.wicket.Application;
@@ -132,16 +131,8 @@ public abstract class BasePage extends WebPage { private void login() {
// try to authenticate by servlet request
- UserModel user = GitBlit.self().authenticate(((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest());
-
- if (user == null) {
- // try to authenticate by cookie
- Cookie[] cookies = ((WebRequest) getRequestCycle().getRequest()).getCookies();
- if (GitBlit.self().allowCookieAuthentication() && cookies != null && cookies.length > 0) {
- // Grab cookie from Browser Session
- user = GitBlit.self().authenticate(cookies);
- }
- }
+ HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest()).getHttpServletRequest();
+ UserModel user = GitBlit.self().authenticate(httpRequest);
// Login the user
if (user != null) {
|