Added AccessRestrictionFilter and simplified authentication.

Replaced servlet container basic authentication with a custom servlet
filter which performs the same function.  The advantage to this is
that the servlet container is now divorced from the webapp.

The login service (realm) also simplified a great deal and removes its
Jetty dependencies.

Additionally, the basic authorization pop-up will be displayed as
needed based on the repository's access restriction.  This was
necessary for view-restricted repositories with the RSS feature.  Its
also necessary for completely open repositories as before it would
prompt for credentials.

Improved feed syndication feature.

1 files changed, 0 insertions, 108 deletions

diff --git a/src/com/gitblit/GitBlitServlet.java b/src/com/gitblit/GitBlitServlet.java
deleted file mode 100644
index a71012b4..00000000
--- a/src/com/gitblit/GitBlitServlet.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*

- * Copyright 2011 gitblit.com.

- *

- * Licensed under the Apache License, Version 2.0 (the "License");

- * you may not use this file except in compliance with the License.

- * You may obtain a copy of the License at

- *

- *     http://www.apache.org/licenses/LICENSE-2.0

- *

- * Unless required by applicable law or agreed to in writing, software

- * distributed under the License is distributed on an "AS IS" BASIS,

- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

- * See the License for the specific language governing permissions and

- * limitations under the License.

- */

-package com.gitblit;

-

-import java.io.IOException;

-import java.text.MessageFormat;

-

-import javax.servlet.ServletException;

-import javax.servlet.http.HttpServletRequest;

-import javax.servlet.http.HttpServletResponse;

-

-import org.eclipse.jgit.http.server.GitServlet;

-import org.slf4j.Logger;

-import org.slf4j.LoggerFactory;

-

-import com.gitblit.Constants.AccessRestrictionType;

-import com.gitblit.models.RepositoryModel;

-

-public class GitBlitServlet extends GitServlet {

-

-	private static final long serialVersionUID = 1L;

-

-	private transient Logger logger = LoggerFactory.getLogger(GitBlitServlet.class);

-

-	public GitBlitServlet() {

-		super();

-	}

-

-	@Override

-	protected void service(final HttpServletRequest req, final HttpServletResponse rsp)

-			throws ServletException, IOException {

-		// admins have full git access to all repositories

-		if (req.isUserInRole(Constants.ADMIN_ROLE)) {

-			// admins can do whatever

-			super.service(req, rsp);

-			return;

-		}

-

-		// try to intercept repository names for authenticated access

-		String url = req.getRequestURI().substring(req.getServletPath().length());

-		if (url.charAt(0) == '/' && url.length() > 1) {

-			url = url.substring(1);

-		}

-		int forwardSlash = url.indexOf('/');

-		if (forwardSlash > -1) {

-			String repository = url.substring(0, forwardSlash).toLowerCase();

-			String function = url.substring(forwardSlash + 1);

-			String query = req.getQueryString() == null ? "" : req.getQueryString();

-			RepositoryModel model = GitBlit.self().getRepositoryModel(repository);

-			if (model != null) {

-				if (model.isFrozen || model.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {

-					boolean authorizedUser = req.isUserInRole(repository);

-					if (function.startsWith("git-receive-pack")

-							|| (query.indexOf("service=git-receive-pack") > -1)) {

-						// Push request

-						if (!model.isFrozen && authorizedUser) {

-							// clone-restricted or push-authorized

-							super.service(req, rsp);

-							return;

-						} else {

-							// user is unauthorized to push to this repository

-							logger.warn(MessageFormat.format(

-									"user {0} is not authorized to push to {1}", req

-											.getUserPrincipal().getName(), repository));

-							rsp.sendError(HttpServletResponse.SC_FORBIDDEN, MessageFormat.format(

-									"you are not authorized to push to {0}", repository));

-							return;

-						}

-					} else if (function.startsWith("git-upload-pack")

-							|| (query.indexOf("service=git-upload-pack") > -1)) {

-						// Clone request

-						boolean cloneRestricted = model.accessRestriction

-								.atLeast(AccessRestrictionType.CLONE);

-						if (!cloneRestricted || (cloneRestricted && authorizedUser)) {

-							// push-restricted or clone-authorized

-							super.service(req, rsp);

-							return;

-						} else {

-							// user is unauthorized to clone this repository

-							logger.warn(MessageFormat.format(

-									"user {0} is not authorized to clone {1}", req

-											.getUserPrincipal().getName(), repository));

-							rsp.sendError(HttpServletResponse.SC_FORBIDDEN, MessageFormat.format(

-									"you are not authorized to clone {0}", repository));

-							return;

-						}

-					}

-				}

-			}

-		}

-

-		// pass-through to git servlet

-		super.service(req, rsp);

-	}

-}