From 8c9a2037b5c0fed881a3ad6dd9cff364eed603d9 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 14 Jun 2011 16:55:13 -0400
Subject: Added AccessRestrictionFilter and simplified authentication.

Replaced servlet container basic authentication with a custom servlet
filter which performs the same function.  The advantage to this is
that the servlet container is now divorced from the webapp.

The login service (realm) also simplified a great deal and removes its
Jetty dependencies.

Additionally, the basic authorization pop-up will be displayed as
needed based on the repository's access restriction.  This was
necessary for view-restricted repositories with the RSS feature.  Its
also necessary for completely open repositories as before it would
prompt for credentials.

Improved feed syndication feature.
---
 src/com/gitblit/GitBlitServlet.java | 108 ------------------------------------
 1 file changed, 108 deletions(-)
 delete mode 100644 src/com/gitblit/GitBlitServlet.java

(limited to 'src/com/gitblit/GitBlitServlet.java')

diff --git a/src/com/gitblit/GitBlitServlet.java b/src/com/gitblit/GitBlitServlet.java
deleted file mode 100644
index a71012b4..00000000
--- a/src/com/gitblit/GitBlitServlet.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright 2011 gitblit.com.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gitblit;
-
-import java.io.IOException;
-import java.text.MessageFormat;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.eclipse.jgit.http.server.GitServlet;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.gitblit.Constants.AccessRestrictionType;
-import com.gitblit.models.RepositoryModel;
-
-public class GitBlitServlet extends GitServlet {
-
-	private static final long serialVersionUID = 1L;
-
-	private transient Logger logger = LoggerFactory.getLogger(GitBlitServlet.class);
-
-	public GitBlitServlet() {
-		super();
-	}
-
-	@Override
-	protected void service(final HttpServletRequest req, final HttpServletResponse rsp)
-			throws ServletException, IOException {
-		// admins have full git access to all repositories
-		if (req.isUserInRole(Constants.ADMIN_ROLE)) {
-			// admins can do whatever
-			super.service(req, rsp);
-			return;
-		}
-
-		// try to intercept repository names for authenticated access
-		String url = req.getRequestURI().substring(req.getServletPath().length());
-		if (url.charAt(0) == '/' && url.length() > 1) {
-			url = url.substring(1);
-		}
-		int forwardSlash = url.indexOf('/');
-		if (forwardSlash > -1) {
-			String repository = url.substring(0, forwardSlash).toLowerCase();
-			String function = url.substring(forwardSlash + 1);
-			String query = req.getQueryString() == null ? "" : req.getQueryString();
-			RepositoryModel model = GitBlit.self().getRepositoryModel(repository);
-			if (model != null) {
-				if (model.isFrozen || model.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
-					boolean authorizedUser = req.isUserInRole(repository);
-					if (function.startsWith("git-receive-pack")
-							|| (query.indexOf("service=git-receive-pack") > -1)) {
-						// Push request
-						if (!model.isFrozen && authorizedUser) {
-							// clone-restricted or push-authorized
-							super.service(req, rsp);
-							return;
-						} else {
-							// user is unauthorized to push to this repository
-							logger.warn(MessageFormat.format(
-									"user {0} is not authorized to push to {1}", req
-											.getUserPrincipal().getName(), repository));
-							rsp.sendError(HttpServletResponse.SC_FORBIDDEN, MessageFormat.format(
-									"you are not authorized to push to {0}", repository));
-							return;
-						}
-					} else if (function.startsWith("git-upload-pack")
-							|| (query.indexOf("service=git-upload-pack") > -1)) {
-						// Clone request
-						boolean cloneRestricted = model.accessRestriction
-								.atLeast(AccessRestrictionType.CLONE);
-						if (!cloneRestricted || (cloneRestricted && authorizedUser)) {
-							// push-restricted or clone-authorized
-							super.service(req, rsp);
-							return;
-						} else {
-							// user is unauthorized to clone this repository
-							logger.warn(MessageFormat.format(
-									"user {0} is not authorized to clone {1}", req
-											.getUserPrincipal().getName(), repository));
-							rsp.sendError(HttpServletResponse.SC_FORBIDDEN, MessageFormat.format(
-									"you are not authorized to clone {0}", repository));
-							return;
-						}
-					}
-				}
-			}
-		}
-
-		// pass-through to git servlet
-		super.service(req, rsp);
-	}
-}
-- 
cgit v1.2.3