diff options
| -rw-r--r-- | gitblit.properties | 7 | ||||
| -rw-r--r-- | src/com/gitblit/wicket/AuthorizationStrategy.java | 30 | ||||
| -rw-r--r-- | src/com/gitblit/wicket/BasePage.java | 13 | ||||
| -rw-r--r-- | src/com/gitblit/wicket/GitBlitWebApp.java | 5 | ||||
| -rw-r--r-- | src/com/gitblit/wicket/pages/RepositoriesPage.java | 2 |
5 files changed, 45 insertions, 12 deletions
diff --git a/gitblit.properties b/gitblit.properties index 1adadc8a..a4828108 100644 --- a/gitblit.properties +++ b/gitblit.properties @@ -26,8 +26,11 @@ git.cloneUrl = https://localhost/git/ # Require authentication for http/https push/pull access of git repositories
git.authenticate = true
-# Require authentication to see the web ui
-web.authenticate = true
+# Require authentication to see everything but the admin pages
+web.authenticateViewPages = false
+
+# Require admin authentication for the admin functions and pages
+web.authenticateAdminPages = true
# Simple user realm file to authenticate users
server.realmFile = users.properties
diff --git a/src/com/gitblit/wicket/AuthorizationStrategy.java b/src/com/gitblit/wicket/AuthorizationStrategy.java index 0a9d652b..3e7df36b 100644 --- a/src/com/gitblit/wicket/AuthorizationStrategy.java +++ b/src/com/gitblit/wicket/AuthorizationStrategy.java @@ -5,6 +5,8 @@ import org.apache.wicket.RestartResponseAtInterceptPageException; import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;
import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;
+import com.gitblit.GitBlit;
+import com.gitblit.Keys;
import com.gitblit.wicket.pages.RepositoriesPage;
public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener {
@@ -16,12 +18,34 @@ public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy imp @Override
protected boolean isPageAuthorized(Class pageClass) {
if (BasePage.class.isAssignableFrom(pageClass)) {
- GitBlitWebSession session = GitBlitWebSession.get();
- if (!session.isLoggedIn())
+ boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true);
+ boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);
+ boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);
+
+ GitBlitWebSession session = GitBlitWebSession.get();
+ if (authenticateView && !session.isLoggedIn()) {
+ // authentication required
return false;
+ }
+
User user = session.getUser();
if (pageClass.isAnnotationPresent(AdminPage.class)) {
- return user.canAdmin();
+ // admin page
+ if (allowAdmin) {
+ if (authenticateAdmin) {
+ // authenticate admin
+ if (user != null) {
+ return user.canAdmin();
+ }
+ return false;
+ } else {
+ // no admin authentication required
+ return true;
+ }
+ } else {
+ //admin prohibited
+ return false;
+ }
}
}
return true;
diff --git a/src/com/gitblit/wicket/BasePage.java b/src/com/gitblit/wicket/BasePage.java index 2540ce18..33feacb3 100644 --- a/src/com/gitblit/wicket/BasePage.java +++ b/src/com/gitblit/wicket/BasePage.java @@ -46,10 +46,15 @@ public abstract class BasePage extends WebPage { add(new Label("pageName", pageName));
// footer
- User user = null;
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {
- user = GitBlitWebSession.get().getUser();
- add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + user.toString(), LogoutPage.class));
+ if (GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true)
+ || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) {
+ if (GitBlitWebSession.get().isLoggedIn()) {
+ // logout
+ add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + GitBlitWebSession.get().getUser().toString(), LogoutPage.class));
+ } else {
+ // login
+ add(new LinkPanel("userPanel", null, getString("gb.login"), LoginPage.class));
+ }
} else {
add(new Label("userPanel", ""));
}
diff --git a/src/com/gitblit/wicket/GitBlitWebApp.java b/src/com/gitblit/wicket/GitBlitWebApp.java index b70c95f8..29d6b515 100644 --- a/src/com/gitblit/wicket/GitBlitWebApp.java +++ b/src/com/gitblit/wicket/GitBlitWebApp.java @@ -35,7 +35,8 @@ public class GitBlitWebApp extends WebApplication { super.init();
// Setup page authorization mechanism
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, false)) {
+ boolean useAuthentication = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, false) || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, false);
+ if (useAuthentication) {
AuthorizationStrategy authStrategy = new AuthorizationStrategy();
getSecuritySettings().setAuthorizationStrategy(authStrategy);
getSecuritySettings().setUnauthorizedComponentInstantiationListener(authStrategy);
@@ -65,7 +66,7 @@ public class GitBlitWebApp extends WebApplication { mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" }));
// setup login/logout urls, if we are using authentication
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {
+ if (useAuthentication) {
mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {}));
mount(new MixedParamUrlCodingStrategy("/logout", LogoutPage.class, new String[] {}));
}
diff --git a/src/com/gitblit/wicket/pages/RepositoriesPage.java b/src/com/gitblit/wicket/pages/RepositoriesPage.java index fd7ab52d..a0f7299f 100644 --- a/src/com/gitblit/wicket/pages/RepositoriesPage.java +++ b/src/com/gitblit/wicket/pages/RepositoriesPage.java @@ -33,7 +33,7 @@ public class RepositoriesPage extends BasePage { setupPage("", "");
boolean showAdmin = false;
- if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {
+ if (GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) {
boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, false);
showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin();
} else {
|