mirrors
/
gitblit
镜像自地址 https://github.com/gitblit/gitblit.git
关注 1
点赞 0
派生 0
代码 工单 0 版本发布 43 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
1300 提交
11 分支
目录树: b5798e1e6c
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'b5798e1e6c'
${ noResults }
gitblit/src/main/java/com/gitblit/AuthenticationFilter.java

AuthenticationFilter.java 5.5KB
原始文件 Blame 文件历史

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. /*

  2.  * Copyright 2011 gitblit.com.

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *     http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. package com.gitblit;

  17. 

  18. import java.io.IOException;

  19. import java.security.Principal;

  20. import java.util.Enumeration;

  21. import java.util.HashMap;

  22. import java.util.Map;

  23. 

  24. import javax.servlet.Filter;

  25. import javax.servlet.FilterChain;

  26. import javax.servlet.FilterConfig;

  27. import javax.servlet.ServletException;

  28. import javax.servlet.ServletRequest;

  29. import javax.servlet.ServletResponse;

  30. import javax.servlet.http.HttpServletRequest;

  31. import javax.servlet.http.HttpServletRequestWrapper;

  32. import javax.servlet.http.HttpServletResponse;

  33. import javax.servlet.http.HttpSession;

  34. 

  35. import org.slf4j.Logger;

  36. import org.slf4j.LoggerFactory;

  37. 

  38. import com.gitblit.models.UserModel;

  39. import com.gitblit.utils.DeepCopier;

  40. import com.gitblit.utils.StringUtils;

  41. 

  42. /**

  43.  * The AuthenticationFilter is a servlet filter that preprocesses requests that

  44.  * match its url pattern definition in the web.xml file.

  45.  * 

  46.  * http://en.wikipedia.org/wiki/Basic_access_authentication

  47.  * 

  48.  * @author James Moger

  49.  * 

  50.  */

  51. public abstract class AuthenticationFilter implements Filter {

  52. 

  53. 	protected static final String CHALLENGE = "Basic realm=\"" + Constants.NAME + "\"";

  54. 

  55. 	protected static final String SESSION_SECURED = "com.gitblit.secured";

  56. 

  57. 	protected transient Logger logger = LoggerFactory.getLogger(getClass());

  58. 

  59. 	/**

  60. 	 * doFilter does the actual work of preprocessing the request to ensure that

  61. 	 * the user may proceed.

  62. 	 * 

  63. 	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,

  64. 	 *      javax.servlet.ServletResponse, javax.servlet.FilterChain)

  65. 	 */

  66. 	@Override

  67. 	public abstract void doFilter(final ServletRequest request, final ServletResponse response,

  68. 			final FilterChain chain) throws IOException, ServletException;

  69. 	

  70. 	/**

  71. 	 * Allow the filter to require a client certificate to continue processing.

  72. 	 * 

  73. 	 * @return true, if a client certificate is required

  74. 	 */

  75. 	protected boolean requiresClientCertificate() {

  76. 		return false;

  77. 	}

  78. 

  79. 	/**

  80. 	 * Returns the full relative url of the request.

  81. 	 * 

  82. 	 * @param httpRequest

  83. 	 * @return url

  84. 	 */

  85. 	protected String getFullUrl(HttpServletRequest httpRequest) {

  86. 		String servletUrl = httpRequest.getContextPath() + httpRequest.getServletPath();

  87. 		String url = httpRequest.getRequestURI().substring(servletUrl.length());

  88. 		String params = httpRequest.getQueryString();

  89. 		if (url.length() > 0 && url.charAt(0) == '/') {

  90. 			url = url.substring(1);

  91. 		}

  92. 		String fullUrl = url + (StringUtils.isEmpty(params) ? "" : ("?" + params));

  93. 		return fullUrl;

  94. 	}

  95. 

  96. 	/**

  97. 	 * Returns the user making the request, if the user has authenticated.

  98. 	 * 

  99. 	 * @param httpRequest

  100. 	 * @return user

  101. 	 */

  102. 	protected UserModel getUser(HttpServletRequest httpRequest) {

  103. 		UserModel user = GitBlit.self().authenticate(httpRequest, requiresClientCertificate());

  104. 		return user;

  105. 	}

  106. 

  107. 	/**

  108. 	 * Taken from Jetty's LoginAuthenticator.renewSessionOnAuthentication()

  109. 	 */

  110. 	protected void newSession(HttpServletRequest request, HttpServletResponse response) {

  111. 		HttpSession oldSession = request.getSession(false);

  112. 		if (oldSession != null && oldSession.getAttribute(SESSION_SECURED) == null) {

  113. 			synchronized (this) {

  114. 				Map<String, Object> attributes = new HashMap<String, Object>();

  115. 				Enumeration<String> e = oldSession.getAttributeNames();

  116. 				while (e.hasMoreElements()) {

  117. 					String name = e.nextElement();

  118. 					attributes.put(name, oldSession.getAttribute(name));

  119. 					oldSession.removeAttribute(name);

  120. 				}

  121. 				oldSession.invalidate();

  122. 

  123. 				HttpSession newSession = request.getSession(true);

  124. 				newSession.setAttribute(SESSION_SECURED, Boolean.TRUE);

  125. 				for (Map.Entry<String, Object> entry : attributes.entrySet()) {

  126. 					newSession.setAttribute(entry.getKey(), entry.getValue());

  127. 				}

  128. 			}

  129. 		}

  130. 	}

  131. 

  132. 	/**

  133. 	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)

  134. 	 */

  135. 	@Override

  136. 	public void init(final FilterConfig config) throws ServletException {

  137. 	}

  138. 

  139. 	/**

  140. 	 * @see javax.servlet.Filter#destroy()

  141. 	 */

  142. 	@Override

  143. 	public void destroy() {

  144. 	}

  145. 

  146. 	/**

  147. 	 * Wraps a standard HttpServletRequest and overrides user principal methods.

  148. 	 */

  149. 	public static class AuthenticatedRequest extends HttpServletRequestWrapper {

  150. 

  151. 		private UserModel user;

  152. 

  153. 		public AuthenticatedRequest(HttpServletRequest req) {

  154. 			super(req);

  155. 			user = DeepCopier.copy(UserModel.ANONYMOUS);

  156. 		}

  157. 

  158. 		UserModel getUser() {

  159. 			return user;

  160. 		}

  161. 

  162. 		void setUser(UserModel user) {

  163. 			this.user = user;

  164. 		}

  165. 

  166. 		@Override

  167. 		public String getRemoteUser() {

  168. 			return user.username;

  169. 		}

  170. 

  171. 		@Override

  172. 		public boolean isUserInRole(String role) {

  173. 			if (role.equals(Constants.ADMIN_ROLE)) {

  174. 				return user.canAdmin();

  175. 			}

  176. 			// Gitblit does not currently use actual roles in the traditional

  177. 			// servlet container sense.  That is the reason this is marked

  178. 			// deprecated, but I may want to revisit this.

  179. 			return user.canAccessRepository(role);

  180. 		}

  181. 

  182. 		@Override

  183. 		public Principal getUserPrincipal() {

  184. 			return user;

  185. 		}

  186. 	}

  187. }