summaryrefslogtreecommitdiffstats
path: root/src/main/java/com/gitblit/auth/HttpHeaderAuthProvider.java
diff options
context:
space:
mode:
authorJames Moger <james.moger@gmail.com>2015-12-10 09:55:23 -0500
committerJames Moger <james.moger@gmail.com>2015-12-10 09:55:23 -0500
commit7b7b0d54b606e5a7d63ea39ec8918968f612d61d (patch)
treece2e6e349123a59cb04957eb1dcaa6d170952c51 /src/main/java/com/gitblit/auth/HttpHeaderAuthProvider.java
parent280c0c041ed830a4d5874b60adf1b72760326c6a (diff)
parentfd0fc5fc9a13456c4038d03cbc6c6b3beed38910 (diff)
downloadgitblit-7b7b0d54b606e5a7d63ea39ec8918968f612d61d.tar.gz
gitblit-7b7b0d54b606e5a7d63ea39ec8918968f612d61d.zip
Merge pull request #980 from mrjoel/mrjoel-httpheaders
Refactor authentication for servlet HTTP header handler
Diffstat (limited to 'src/main/java/com/gitblit/auth/HttpHeaderAuthProvider.java')
-rw-r--r--src/main/java/com/gitblit/auth/HttpHeaderAuthProvider.java161
1 files changed, 161 insertions, 0 deletions
diff --git a/src/main/java/com/gitblit/auth/HttpHeaderAuthProvider.java b/src/main/java/com/gitblit/auth/HttpHeaderAuthProvider.java
new file mode 100644
index 00000000..3a9c5399
--- /dev/null
+++ b/src/main/java/com/gitblit/auth/HttpHeaderAuthProvider.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2015 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gitblit.auth;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.gitblit.Constants;
+import com.gitblit.Constants.AccountType;
+import com.gitblit.Constants.AuthenticationType;
+import com.gitblit.Constants.Role;
+import com.gitblit.Keys;
+import com.gitblit.models.TeamModel;
+import com.gitblit.models.UserModel;
+import com.gitblit.utils.StringUtils;
+
+public class HttpHeaderAuthProvider extends AuthenticationProvider {
+
+ protected final Logger logger = LoggerFactory.getLogger(getClass());
+
+ protected String userHeaderName;
+ protected String teamHeaderName;
+ protected String teamHeaderSeparator;
+
+ public HttpHeaderAuthProvider() {
+ super("httpheader");
+ }
+
+ @Override
+ public void setup() {
+ // Load HTTP header configuration
+ userHeaderName = settings.getString(Keys.realm.httpheader.userheader, null);
+ teamHeaderName = settings.getString(Keys.realm.httpheader.teamheader, null);
+ teamHeaderSeparator = settings.getString(Keys.realm.httpheader.teamseparator, ",");
+
+ if (StringUtils.isEmpty(userHeaderName)) {
+ logger.warn("HTTP Header authentication is enabled, but no header is not defined in " + Keys.realm.httpheader.userheader);
+ }
+ }
+
+ @Override
+ public void stop() {}
+
+
+ @Override
+ public UserModel authenticate(HttpServletRequest httpRequest) {
+ // Try to authenticate using custom HTTP header if user header is defined
+ if (!StringUtils.isEmpty(userHeaderName)) {
+ String headerUserName = httpRequest.getHeader(userHeaderName);
+ if (!StringUtils.isEmpty(headerUserName) && !userManager.isInternalAccount(headerUserName)) {
+ // We have a user, try to load team names as well
+ Set<TeamModel> userTeams = new HashSet<>();
+ if (!StringUtils.isEmpty(teamHeaderName)) {
+ String headerTeamValue = httpRequest.getHeader(teamHeaderName);
+ if (!StringUtils.isEmpty(headerTeamValue)) {
+ String[] headerTeamNames = headerTeamValue.split(teamHeaderSeparator);
+ for (String teamName : headerTeamNames) {
+ teamName = teamName.trim();
+ if (!StringUtils.isEmpty(teamName)) {
+ TeamModel team = userManager.getTeamModel(teamName);
+ if (null == team) {
+ // Create teams here so they can marked with the correct AccountType
+ team = new TeamModel(teamName);
+ team.accountType = AccountType.HTTPHEADER;
+ updateTeam(team);
+ }
+ userTeams.add(team);
+ }
+ }
+ }
+ }
+
+ UserModel user = userManager.getUserModel(headerUserName);
+ if (user != null) {
+ // If team header is provided in request, reset all team memberships, even if resetting to empty set
+ if (!StringUtils.isEmpty(teamHeaderName)) {
+ user.teams.clear();
+ user.teams.addAll(userTeams);
+ }
+ updateUser(user);
+ return user;
+ } else if (settings.getBoolean(Keys.realm.httpheader.autoCreateAccounts, false)) {
+ // auto-create user from HTTP header
+ user = new UserModel(headerUserName.toLowerCase());
+ user.displayName = headerUserName;
+ user.password = Constants.EXTERNAL_ACCOUNT;
+ user.accountType = AccountType.HTTPHEADER;
+ user.teams.addAll(userTeams);
+ updateUser(user);
+ return user;
+ }
+ }
+ }
+
+ return null;
+ }
+
+ @Override
+ public UserModel authenticate(String username, char[] password){
+ // Username/password is not supported for HTTP header authentication
+ return null;
+ }
+
+ @Override
+ public AccountType getAccountType() {
+ return AccountType.HTTPHEADER;
+ }
+
+ @Override
+ public AuthenticationType getAuthenticationType() {
+ return AuthenticationType.HTTPHEADER;
+ }
+
+ @Override
+ public boolean supportsCredentialChanges() {
+ return false;
+ }
+
+ @Override
+ public boolean supportsDisplayNameChanges() {
+ return false;
+ }
+
+ @Override
+ public boolean supportsEmailAddressChanges() {
+ return false;
+ }
+
+ @Override
+ public boolean supportsTeamMembershipChanges() {
+ return StringUtils.isEmpty(teamHeaderName);
+ }
+
+ @Override
+ public boolean supportsRoleChanges(UserModel user, Role role) {
+ return true;
+ }
+
+ @Override
+ public boolean supportsRoleChanges(TeamModel team, Role role) {
+ return true;
+ }
+} \ No newline at end of file