mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3115 Commits
11 Branches
Tree: 9bde5212fe
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9bde5212fe'
${ noResults }
gitblit/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java

AccessRestrictionFilter.java 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304 
  1. /*

  2.  * Copyright 2011 gitblit.com.

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *     http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. package com.gitblit.servlet;

  17. 

  18. import java.io.IOException;

  19. import java.text.MessageFormat;

  20. import java.util.Collections;

  21. import java.util.Iterator;

  22. 

  23. import javax.servlet.FilterChain;

  24. import javax.servlet.ServletException;

  25. import javax.servlet.ServletRequest;

  26. import javax.servlet.ServletResponse;

  27. import javax.servlet.http.HttpServletRequest;

  28. import javax.servlet.http.HttpServletResponse;

  29. 

  30. import com.gitblit.manager.IAuthenticationManager;

  31. import com.gitblit.manager.IRepositoryManager;

  32. import com.gitblit.manager.IRuntimeManager;

  33. import com.gitblit.models.RepositoryModel;

  34. import com.gitblit.models.UserModel;

  35. import com.gitblit.utils.StringUtils;

  36. 

  37. /**

  38.  * The AccessRestrictionFilter is an AuthenticationFilter that confirms that the

  39.  * requested repository can be accessed by the anonymous or named user.

  40.  *

  41.  * The filter extracts the name of the repository from the url and determines if

  42.  * the requested action for the repository requires a Basic authentication

  43.  * prompt. If authentication is required and no credentials are stored in the

  44.  * "Authorization" header, then a basic authentication challenge is issued.

  45.  *

  46.  * http://en.wikipedia.org/wiki/Basic_access_authentication

  47.  *

  48.  * @author James Moger

  49.  *

  50.  */

  51. public abstract class AccessRestrictionFilter extends AuthenticationFilter {

  52. 

  53. 	protected IRuntimeManager runtimeManager;

  54. 

  55. 	protected IRepositoryManager repositoryManager;

  56. 

  57. 	protected AccessRestrictionFilter(

  58. 			IRuntimeManager runtimeManager,

  59. 			IAuthenticationManager authenticationManager,

  60. 			IRepositoryManager repositoryManager) {

  61. 

  62. 		super(authenticationManager);

  63. 

  64. 		this.runtimeManager = runtimeManager;

  65. 		this.repositoryManager = repositoryManager;

  66. 	}

  67. 

  68. 	/**

  69. 	 * Extract the repository name from the url.

  70. 	 *

  71. 	 * @param url

  72. 	 * @return repository name

  73. 	 */

  74. 	protected abstract String extractRepositoryName(String url);

  75. 

  76. 	/**

  77. 	 * Analyze the url and returns the action of the request.

  78. 	 *

  79. 	 * @param url

  80. 	 * @return action of the request

  81. 	 */

  82. 	protected abstract String getUrlRequestAction(String url);

  83. 

  84. 	/**

  85. 	 * Determine if a non-existing repository can be created using this filter.

  86. 	 *

  87. 	 * @return true if the filter allows repository creation

  88. 	 */

  89. 	protected abstract boolean isCreationAllowed(String action);

  90. 

  91. 	/**

  92. 	 * Determine if the action may be executed on the repository.

  93. 	 *

  94. 	 * @param repository

  95. 	 * @param action

  96. 	 * @param method

  97. 	 * @return true if the action may be performed

  98. 	 */

  99. 	protected abstract boolean isActionAllowed(RepositoryModel repository, String action, String method);

  100. 

  101. 	/**

  102. 	 * Determine if the repository requires authentication.

  103. 	 *

  104. 	 * @param repository

  105. 	 * @param action

  106. 	 * @return true if authentication required

  107. 	 */

  108. 	protected abstract boolean requiresAuthentication(RepositoryModel repository, String action, String method);

  109. 

  110. 	/**

  111. 	 * Determine if the user can access the repository and perform the specified

  112. 	 * action.

  113. 	 *

  114. 	 * @param repository

  115. 	 * @param user

  116. 	 * @param action

  117. 	 * @return true if user may execute the action on the repository

  118. 	 */

  119. 	protected abstract boolean canAccess(RepositoryModel repository, UserModel user, String action);

  120. 

  121. 	/**

  122. 	 * Allows a filter to create a repository, if one does not exist.

  123. 	 *

  124. 	 * @param user

  125. 	 * @param repository

  126. 	 * @param action

  127. 	 * @return the repository model, if it is created, null otherwise

  128. 	 */

  129. 	protected RepositoryModel createRepository(UserModel user, String repository, String action) {

  130. 		return null;

  131. 	}

  132. 	

  133. 	/**

  134. 	 * Allows authentication header to be altered based on the action requested

  135. 	 * Default is WWW-Authenticate

  136. 	 * @param httpRequest

  137. 	 * @param action

  138. 	 * @return authentication type header

  139. 	 */

  140. 	protected String getAuthenticationHeader(HttpServletRequest httpRequest, String action) {

  141. 		return "WWW-Authenticate";

  142. 	}

  143. 	

  144. 	/**

  145. 	 * Allows request headers to be used as part of filtering

  146. 	 * @param request

  147. 	 * @return true (default) if headers are valid, false otherwise

  148. 	 */

  149. 	protected boolean hasValidRequestHeader(String action, HttpServletRequest request) {

  150. 		return true;

  151. 	}

  152. 	

  153. 	/**

  154. 	 * doFilter does the actual work of preprocessing the request to ensure that

  155. 	 * the user may proceed.

  156. 	 *

  157. 	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,

  158. 	 *      javax.servlet.ServletResponse, javax.servlet.FilterChain)

  159. 	 */

  160. 	@Override

  161. 	public void doFilter(final ServletRequest request, final ServletResponse response,

  162. 			final FilterChain chain) throws IOException, ServletException {

  163. 

  164. 		HttpServletRequest httpRequest = (HttpServletRequest) request;

  165. 		HttpServletResponse httpResponse = (HttpServletResponse) response;

  166. 

  167. 		String fullUrl = getFullUrl(httpRequest);

  168. 		String repository = extractRepositoryName(fullUrl);

  169. 		if (StringUtils.isEmpty(repository)) {

  170. 			logger.info("ARF: Rejecting request, empty repository name in URL {}", fullUrl);

  171. 			httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);

  172. 			return;

  173. 		}

  174. 

  175. 		if (repositoryManager.isCollectingGarbage(repository)) {

  176. 			logger.info(MessageFormat.format("ARF: Rejecting request for {0}, busy collecting garbage!", repository));

  177. 			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);

  178. 			return;

  179. 		}

  180. 

  181. 		// Determine if the request URL is restricted

  182. 		String fullSuffix = fullUrl.substring(repository.length());

  183. 		String urlRequestType = getUrlRequestAction(fullSuffix);

  184. 

  185. 		if (StringUtils.isEmpty(urlRequestType)) {

  186. 			logger.info("ARF: Rejecting request for {}, no supported action found in URL {}", repository, fullSuffix);

  187. 			httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);

  188. 			return;

  189. 		}

  190. 

  191. 		// TODO: Maybe checking for clone bundle should be done somewhere else? Like other stuff?

  192. 		//       In any way, the access to the constant from here is messed up an needs some cleaning up.

  193. 		if (GitFilter.CLONE_BUNDLE.equalsIgnoreCase(urlRequestType)) {

  194. 			logger.info(MessageFormat.format("ARF: Rejecting request for {0}, clone bundle is not implemented.", repository));

  195. 			httpResponse.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, "The 'clone.bundle' command is currently not implemented. " +

  196. 					"Please use a normal clone command.");

  197. 			return;

  198. 		}

  199. 

  200. 		UserModel user = getUser(httpRequest);

  201. 

  202. 		// Load the repository model

  203. 		RepositoryModel model = repositoryManager.getRepositoryModel(repository);

  204. 		if (model == null) {

  205. 			if (isCreationAllowed(urlRequestType)) {

  206. 				if (user == null) {

  207. 					// challenge client to provide credentials for creation. send 401.

  208. 					if (runtimeManager.isDebugMode()) {

  209. 						logger.info(MessageFormat.format("ARF: CREATE CHALLENGE {0}", fullUrl));

  210. 					}

  211. 					

  212. 					httpResponse.setHeader(getAuthenticationHeader(httpRequest, urlRequestType), CHALLENGE);

  213. 					httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);

  214. 					return;

  215. 				} else {

  216. 					// see if we can create a repository for this request

  217. 					model = createRepository(user, repository, urlRequestType);

  218. 				}

  219. 			}

  220. 

  221. 			if (model == null) {

  222. 				// repository not found. send 404.

  223. 				logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl,

  224. 						HttpServletResponse.SC_NOT_FOUND));

  225. 				httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);

  226. 				return;

  227. 			}

  228. 		}

  229. 

  230. 		// Confirm that the action may be executed on the repository

  231. 		if (!isActionAllowed(model, urlRequestType, httpRequest.getMethod())) {

  232. 			logger.info(MessageFormat.format("ARF: action {0} on {1} forbidden ({2})",

  233. 					urlRequestType, model, HttpServletResponse.SC_FORBIDDEN));

  234. 			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);

  235. 			return;

  236. 		}

  237. 

  238. 		// Wrap the HttpServletRequest with the AccessRestrictionRequest which

  239. 		// overrides the servlet container user principal methods.

  240. 		// JGit requires either:

  241. 		//

  242. 		// 1. servlet container authenticated user

  243. 		// 2. http.receivepack = true in each repository's config

  244. 		//

  245. 		// Gitblit must conditionally authenticate users per-repository so just

  246. 		// enabling http.receivepack is insufficient.

  247. 		AuthenticatedRequest authenticatedRequest = new AuthenticatedRequest(httpRequest);

  248. 		if (user != null) {

  249. 			authenticatedRequest.setUser(user);

  250. 		}

  251. 

  252. 		// BASIC authentication challenge and response processing

  253. 		if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model, urlRequestType,  httpRequest.getMethod())) {

  254. 			if (user == null) {

  255. 				// challenge client to provide credentials. send 401.

  256. 				if (runtimeManager.isDebugMode()) {

  257. 					logger.info(MessageFormat.format("ARF: CHALLENGE {0}", fullUrl));

  258. 				}

  259. 				httpResponse.setHeader(getAuthenticationHeader(httpRequest, urlRequestType), CHALLENGE);

  260. 				httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);

  261. 				return;

  262. 			} else {

  263. 				// check user access for request

  264. 				if (user.canAdmin() || canAccess(model, user, urlRequestType)) {

  265. 					// authenticated request permitted.

  266. 					// pass processing to the restricted servlet.

  267. 					newSession(authenticatedRequest, httpResponse);

  268. 					logger.info(MessageFormat.format("ARF: authenticated {0} to {1} ({2})", user.username,

  269. 							fullUrl, HttpServletResponse.SC_CONTINUE));

  270. 					chain.doFilter(authenticatedRequest, httpResponse);

  271. 					return;

  272. 				}

  273. 				// valid user, but not for requested access. send 403.

  274. 				if (runtimeManager.isDebugMode()) {

  275. 					logger.info(MessageFormat.format("ARF: {0} forbidden to access {1}",

  276. 							user.username, fullUrl));

  277. 				}

  278. 				httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);

  279. 				return;

  280. 			}

  281. 		}

  282. 

  283. 		if (runtimeManager.isDebugMode()) {

  284. 			logger.info(MessageFormat.format("ARF: {0} ({1}) unauthenticated", fullUrl,

  285. 					HttpServletResponse.SC_CONTINUE));

  286. 		}

  287. 		// unauthenticated request permitted.

  288. 		// pass processing to the restricted servlet.

  289. 		chain.doFilter(authenticatedRequest, httpResponse);

  290. 	}

  291. 	

  292. 	public static boolean hasContentInRequestHeader(HttpServletRequest request, String headerName, String content)

  293. 	{

  294. 		Iterator<String> headerItr = Collections.list(request.getHeaders(headerName)).iterator();

  295. 		

  296. 		while (headerItr.hasNext()) {

  297. 			if (headerItr.next().contains(content)) {

  298. 				return true;

  299. 			}

  300. 		}

  301. 

  302. 		return false;

  303. 	}

  304. }