2 files changed, 19 insertions, 1 deletions

diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index 1671507f..412bcae2 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -1110,6 +1110,13 @@ federation.sets =
 # Advanced Realm Settings

 #

 

+# Auto-creates user accounts based on the servlet container principal.  This

+# assumes that your Gitblit install is a protected resource and your container's

+# authentication process intercepts all Gitblit requests.

+#

+# SINCE 1.3.0

+realm.container.autoCreateAccounts = false

+

 # The SalesforceUserService must be backed by another user service for standard user

 # and team management.

 # default: users.conf

diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java
index c538acea..25ffaba8 100644
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -827,13 +827,24 @@ public class GitBlit implements ServletContextListener {
 		Principal principal = httpRequest.getUserPrincipal();
 		if (principal != null) {
 			String username = principal.getName();
-			if (StringUtils.isEmpty(username)) {
+			if (!StringUtils.isEmpty(username)) {
 				UserModel user = getUserModel(username);
 				if (user != null) {
+					// existing user
 					flagWicketSession(AuthenticationType.CONTAINER);
 					logger.debug(MessageFormat.format("{0} authenticated by servlet container principal from {1}",
 							user.username, httpRequest.getRemoteAddr()));
 					return user;
+				} else if (settings.getBoolean(Keys.realm.container.autoCreateAccounts, true)) {
+					// auto-create user from an authenticated container principal
+					user = new UserModel(username.toLowerCase());
+					user.displayName = username;
+					user.password = Constants.EXTERNAL_ACCOUNT;
+					userService.updateUserModel(user);
+					flagWicketSession(AuthenticationType.CONTAINER);
+					logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}",
+							user.username, httpRequest.getRemoteAddr()));
+					return user;
 				} else {
 					logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted servlet container authentication from {1}",
 							principal.getName(), httpRequest.getRemoteAddr()));