@@ -26,8 +26,11 @@ git.cloneUrl = https://localhost/git/ | |||
# Require authentication for http/https push/pull access of git repositories | |||
git.authenticate = true | |||
# Require authentication to see the web ui | |||
web.authenticate = true | |||
# Require authentication to see everything but the admin pages | |||
web.authenticateViewPages = false | |||
# Require admin authentication for the admin functions and pages | |||
web.authenticateAdminPages = true | |||
# Simple user realm file to authenticate users | |||
server.realmFile = users.properties |
@@ -5,6 +5,8 @@ import org.apache.wicket.RestartResponseAtInterceptPageException; | |||
import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener; | |||
import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy; | |||
import com.gitblit.GitBlit; | |||
import com.gitblit.Keys; | |||
import com.gitblit.wicket.pages.RepositoriesPage; | |||
public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener { | |||
@@ -16,12 +18,34 @@ public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy imp | |||
@Override | |||
protected boolean isPageAuthorized(Class pageClass) { | |||
if (BasePage.class.isAssignableFrom(pageClass)) { | |||
GitBlitWebSession session = GitBlitWebSession.get(); | |||
if (!session.isLoggedIn()) | |||
boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true); | |||
boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true); | |||
boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true); | |||
GitBlitWebSession session = GitBlitWebSession.get(); | |||
if (authenticateView && !session.isLoggedIn()) { | |||
// authentication required | |||
return false; | |||
} | |||
User user = session.getUser(); | |||
if (pageClass.isAnnotationPresent(AdminPage.class)) { | |||
return user.canAdmin(); | |||
// admin page | |||
if (allowAdmin) { | |||
if (authenticateAdmin) { | |||
// authenticate admin | |||
if (user != null) { | |||
return user.canAdmin(); | |||
} | |||
return false; | |||
} else { | |||
// no admin authentication required | |||
return true; | |||
} | |||
} else { | |||
//admin prohibited | |||
return false; | |||
} | |||
} | |||
} | |||
return true; |
@@ -46,10 +46,15 @@ public abstract class BasePage extends WebPage { | |||
add(new Label("pageName", pageName)); | |||
// footer | |||
User user = null; | |||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { | |||
user = GitBlitWebSession.get().getUser(); | |||
add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + user.toString(), LogoutPage.class)); | |||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true) | |||
|| GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) { | |||
if (GitBlitWebSession.get().isLoggedIn()) { | |||
// logout | |||
add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + GitBlitWebSession.get().getUser().toString(), LogoutPage.class)); | |||
} else { | |||
// login | |||
add(new LinkPanel("userPanel", null, getString("gb.login"), LoginPage.class)); | |||
} | |||
} else { | |||
add(new Label("userPanel", "")); | |||
} |
@@ -35,7 +35,8 @@ public class GitBlitWebApp extends WebApplication { | |||
super.init(); | |||
// Setup page authorization mechanism | |||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, false)) { | |||
boolean useAuthentication = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, false) || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, false); | |||
if (useAuthentication) { | |||
AuthorizationStrategy authStrategy = new AuthorizationStrategy(); | |||
getSecuritySettings().setAuthorizationStrategy(authStrategy); | |||
getSecuritySettings().setUnauthorizedComponentInstantiationListener(authStrategy); | |||
@@ -65,7 +66,7 @@ public class GitBlitWebApp extends WebApplication { | |||
mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" })); | |||
// setup login/logout urls, if we are using authentication | |||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { | |||
if (useAuthentication) { | |||
mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {})); | |||
mount(new MixedParamUrlCodingStrategy("/logout", LogoutPage.class, new String[] {})); | |||
} |
@@ -33,7 +33,7 @@ public class RepositoriesPage extends BasePage { | |||
setupPage("", ""); | |||
boolean showAdmin = false; | |||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { | |||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) { | |||
boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, false); | |||
showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin(); | |||
} else { |