# Require authentication for http/https push/pull access of git repositories | # Require authentication for http/https push/pull access of git repositories | ||||
git.authenticate = true | git.authenticate = true | ||||
# Require authentication to see the web ui | |||||
web.authenticate = true | |||||
# Require authentication to see everything but the admin pages | |||||
web.authenticateViewPages = false | |||||
# Require admin authentication for the admin functions and pages | |||||
web.authenticateAdminPages = true | |||||
# Simple user realm file to authenticate users | # Simple user realm file to authenticate users | ||||
server.realmFile = users.properties | server.realmFile = users.properties |
import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener; | import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener; | ||||
import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy; | import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy; | ||||
import com.gitblit.GitBlit; | |||||
import com.gitblit.Keys; | |||||
import com.gitblit.wicket.pages.RepositoriesPage; | import com.gitblit.wicket.pages.RepositoriesPage; | ||||
public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener { | public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener { | ||||
@Override | @Override | ||||
protected boolean isPageAuthorized(Class pageClass) { | protected boolean isPageAuthorized(Class pageClass) { | ||||
if (BasePage.class.isAssignableFrom(pageClass)) { | if (BasePage.class.isAssignableFrom(pageClass)) { | ||||
GitBlitWebSession session = GitBlitWebSession.get(); | |||||
if (!session.isLoggedIn()) | |||||
boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true); | |||||
boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true); | |||||
boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true); | |||||
GitBlitWebSession session = GitBlitWebSession.get(); | |||||
if (authenticateView && !session.isLoggedIn()) { | |||||
// authentication required | |||||
return false; | return false; | ||||
} | |||||
User user = session.getUser(); | User user = session.getUser(); | ||||
if (pageClass.isAnnotationPresent(AdminPage.class)) { | if (pageClass.isAnnotationPresent(AdminPage.class)) { | ||||
return user.canAdmin(); | |||||
// admin page | |||||
if (allowAdmin) { | |||||
if (authenticateAdmin) { | |||||
// authenticate admin | |||||
if (user != null) { | |||||
return user.canAdmin(); | |||||
} | |||||
return false; | |||||
} else { | |||||
// no admin authentication required | |||||
return true; | |||||
} | |||||
} else { | |||||
//admin prohibited | |||||
return false; | |||||
} | |||||
} | } | ||||
} | } | ||||
return true; | return true; |
add(new Label("pageName", pageName)); | add(new Label("pageName", pageName)); | ||||
// footer | // footer | ||||
User user = null; | |||||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { | |||||
user = GitBlitWebSession.get().getUser(); | |||||
add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + user.toString(), LogoutPage.class)); | |||||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true) | |||||
|| GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) { | |||||
if (GitBlitWebSession.get().isLoggedIn()) { | |||||
// logout | |||||
add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + GitBlitWebSession.get().getUser().toString(), LogoutPage.class)); | |||||
} else { | |||||
// login | |||||
add(new LinkPanel("userPanel", null, getString("gb.login"), LoginPage.class)); | |||||
} | |||||
} else { | } else { | ||||
add(new Label("userPanel", "")); | add(new Label("userPanel", "")); | ||||
} | } |
super.init(); | super.init(); | ||||
// Setup page authorization mechanism | // Setup page authorization mechanism | ||||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, false)) { | |||||
boolean useAuthentication = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, false) || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, false); | |||||
if (useAuthentication) { | |||||
AuthorizationStrategy authStrategy = new AuthorizationStrategy(); | AuthorizationStrategy authStrategy = new AuthorizationStrategy(); | ||||
getSecuritySettings().setAuthorizationStrategy(authStrategy); | getSecuritySettings().setAuthorizationStrategy(authStrategy); | ||||
getSecuritySettings().setUnauthorizedComponentInstantiationListener(authStrategy); | getSecuritySettings().setUnauthorizedComponentInstantiationListener(authStrategy); | ||||
mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" })); | mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" })); | ||||
// setup login/logout urls, if we are using authentication | // setup login/logout urls, if we are using authentication | ||||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { | |||||
if (useAuthentication) { | |||||
mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {})); | mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {})); | ||||
mount(new MixedParamUrlCodingStrategy("/logout", LogoutPage.class, new String[] {})); | mount(new MixedParamUrlCodingStrategy("/logout", LogoutPage.class, new String[] {})); | ||||
} | } |
setupPage("", ""); | setupPage("", ""); | ||||
boolean showAdmin = false; | boolean showAdmin = false; | ||||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) { | |||||
if (GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) { | |||||
boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, false); | boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, false); | ||||
showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin(); | showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin(); | ||||
} else { | } else { |