123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452 |
- /*
- * Copyright 2011 gitblit.com.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- package com.gitblit;
-
- import java.io.File;
- import java.io.FileReader;
- import java.io.FileWriter;
- import java.io.IOException;
- import java.security.Principal;
- import java.text.MessageFormat;
- import java.util.ArrayList;
- import java.util.HashSet;
- import java.util.List;
- import java.util.Map;
- import java.util.Properties;
- import java.util.Set;
-
- import javax.security.auth.Subject;
-
- import org.eclipse.jetty.http.security.Credential;
- import org.eclipse.jetty.security.IdentityService;
- import org.eclipse.jetty.security.MappedLoginService;
- import org.eclipse.jetty.server.UserIdentity;
- import org.eclipse.jetty.util.log.Log;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
-
- import com.gitblit.wicket.models.UserModel;
-
- public class JettyLoginService extends MappedLoginService implements ILoginService {
-
- private final Logger logger = LoggerFactory.getLogger(JettyLoginService.class);
-
- private final File realmFile;
-
- public JettyLoginService(File realmFile) {
- super();
- setName(Constants.NAME);
- this.realmFile = realmFile;
- }
-
- @Override
- public UserModel authenticate(String username, char[] password) {
- UserIdentity identity = login(username, new String(password));
- if (identity == null || identity.equals(UserIdentity.UNAUTHENTICATED_IDENTITY)) {
- return null;
- }
- UserModel user = new UserModel(username);
- user.canAdmin(identity.isUserInRole(Constants.ADMIN_ROLE, null));
-
- // Add repositories
- for (Principal principal : identity.getSubject().getPrincipals()) {
- if (principal instanceof RolePrincipal) {
- RolePrincipal role = (RolePrincipal) principal;
- String roleName = role.getName();
- if (roleName.charAt(0) != '#') {
- user.addRepository(roleName);
- }
- }
- }
- return user;
- }
-
- @Override
- public UserModel getUserModel(String username) {
- UserIdentity identity = _users.get(username);
- if (identity == null) {
- return null;
- }
- UserModel model = new UserModel(username);
- Subject subject = identity.getSubject();
- for (Principal principal : subject.getPrincipals()) {
- if (principal instanceof RolePrincipal) {
- RolePrincipal role = (RolePrincipal) principal;
- String name = role.getName();
- switch (name.charAt(0)) {
- case '#':
- // Permissions
- if (name.equalsIgnoreCase(Constants.ADMIN_ROLE)) {
- model.canAdmin(true);
- }
- break;
- default:
- model.addRepository(name);
- }
- }
- }
- // Retrieve the password from the realm file.
- // Stupid, I know, but the password is buried within protected inner
- // classes in private variables. Too much work to reflectively retrieve.
- try {
- Properties allUsers = readRealmFile();
- String value = allUsers.getProperty(username);
- String password = value.split(",")[0];
- model.setPassword(password);
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to read password for user {0}!", username), t);
- }
- return model;
- }
-
- @Override
- public boolean updateUserModel(UserModel model) {
- return updateUserModel(model.getUsername(), model);
- }
-
- @Override
- public boolean updateUserModel(String username, UserModel model) {
- try {
- Properties allUsers = readRealmFile();
- ArrayList<String> roles = new ArrayList<String>(model.getRepositories());
-
- // Permissions
- if (model.canAdmin()) {
- roles.add(Constants.ADMIN_ROLE);
- }
-
- StringBuilder sb = new StringBuilder();
- sb.append(model.getPassword());
- sb.append(',');
- for (String role : roles) {
- sb.append(role);
- sb.append(',');
- }
- // trim trailing comma
- sb.setLength(sb.length() - 1);
- allUsers.remove(username);
- allUsers.put(model.getUsername(), sb.toString());
-
- writeRealmFile(allUsers);
-
- // Update login service
- removeUser(username);
- putUser(model.getUsername(), Credential.getCredential(model.getPassword()), roles.toArray(new String[0]));
- return true;
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to update user model {0}!", model.getUsername()), t);
- }
- return false;
- }
-
- @Override
- public boolean deleteUserModel(UserModel model) {
- return deleteUser(model.getUsername());
- }
-
- @Override
- public boolean deleteUser(String username) {
- try {
- // Read realm file
- Properties allUsers = readRealmFile();
- allUsers.remove(username);
- writeRealmFile(allUsers);
-
- // Drop user from map
- removeUser(username);
- return true;
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to delete user {0}!", username), t);
- }
- return false;
- }
-
- @Override
- public List<String> getAllUsernames() {
- List<String> list = new ArrayList<String>();
- list.addAll(_users.keySet());
- return list;
- }
-
- @Override
- public List<String> getUsernamesForRole(String role) {
- List<String> list = new ArrayList<String>();
- try {
- Properties allUsers = readRealmFile();
- for (String username : allUsers.stringPropertyNames()) {
- String value = allUsers.getProperty(username);
- String[] values = value.split(",");
- // skip first value (password)
- for (int i = 1; i < values.length; i++) {
- String r = values[i];
- if (r.equalsIgnoreCase(role)) {
- list.add(username);
- break;
- }
- }
- }
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to get usernames for role {0}!", role), t);
- }
- return list;
- }
-
- @Override
- public boolean setUsernamesForRole(String role, List<String> usernames) {
- try {
- Set<String> specifiedUsers = new HashSet<String>(usernames);
- Set<String> needsAddRole = new HashSet<String>(specifiedUsers);
- Set<String> needsRemoveRole = new HashSet<String>();
-
- // identify users which require add and remove role
- Properties allUsers = readRealmFile();
- for (String username : allUsers.stringPropertyNames()) {
- String value = allUsers.getProperty(username);
- String[] values = value.split(",");
- // skip first value (password)
- for (int i = 1; i < values.length; i++) {
- String r = values[i];
- if (r.equalsIgnoreCase(role)) {
- // user has role, check against revised user list
- if (specifiedUsers.contains(username)) {
- needsAddRole.remove(username);
- } else {
- // remove role from user
- needsRemoveRole.add(username);
- }
- break;
- }
- }
- }
-
- // add roles to users
- for (String user : needsAddRole) {
- String userValues = allUsers.getProperty(user);
- userValues += ("," + role);
- allUsers.put(user, userValues);
- String[] values = userValues.split(",");
- String password = values[0];
- String[] roles = new String[values.length - 1];
- System.arraycopy(values, 1, roles, 0, values.length - 1);
- putUser(user, Credential.getCredential(password), roles);
- }
-
- // remove role from user
- for (String user : needsRemoveRole) {
- String[] values = allUsers.getProperty(user).split(",");
- String password = values[0];
- StringBuilder sb = new StringBuilder();
- sb.append(password);
- sb.append(',');
- List<String> revisedRoles = new ArrayList<String>();
- // skip first value (password)
- for (int i = 1; i < values.length; i++) {
- String value = values[i];
- if (!value.equalsIgnoreCase(role)) {
- revisedRoles.add(value);
- sb.append(value);
- sb.append(',');
- }
- }
- sb.setLength(sb.length() - 1);
-
- // update properties
- allUsers.put(user, sb.toString());
-
- // update memory
- putUser(user, Credential.getCredential(password), revisedRoles.toArray(new String[0]));
- }
-
- // persist changes
- writeRealmFile(allUsers);
- return true;
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to set usernames for role {0}!", role), t);
- }
- return false;
- }
-
- @Override
- public boolean renameRole(String oldRole, String newRole) {
- try {
- Properties allUsers = readRealmFile();
- Set<String> needsRenameRole = new HashSet<String>();
-
- // identify users which require role rename
- for (String username : allUsers.stringPropertyNames()) {
- String value = allUsers.getProperty(username);
- String[] roles = value.split(",");
- // skip first value (password)
- for (int i = 1; i < roles.length; i++) {
- String r = roles[i];
- if (r.equalsIgnoreCase(oldRole)) {
- needsRenameRole.remove(username);
- break;
- }
- }
- }
-
- // rename role for identified users
- for (String user : needsRenameRole) {
- String userValues = allUsers.getProperty(user);
- String[] values = userValues.split(",");
- String password = values[0];
- StringBuilder sb = new StringBuilder();
- sb.append(password);
- sb.append(',');
- List<String> revisedRoles = new ArrayList<String>();
- revisedRoles.add(newRole);
- // skip first value (password)
- for (int i = 1; i < values.length; i++) {
- String value = values[i];
- if (!value.equalsIgnoreCase(oldRole)) {
- revisedRoles.add(value);
- sb.append(value);
- sb.append(',');
- }
- }
- sb.setLength(sb.length() - 1);
-
- // update properties
- allUsers.put(user, sb.toString());
-
- // update memory
- putUser(user, Credential.getCredential(password), revisedRoles.toArray(new String[0]));
- }
-
- // persist changes
- writeRealmFile(allUsers);
- return true;
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to rename role {0} to {1}!", oldRole, newRole), t);
- }
- return false;
- }
-
- @Override
- public boolean deleteRole(String role) {
- try {
- Properties allUsers = readRealmFile();
- Set<String> needsDeleteRole = new HashSet<String>();
-
- // identify users which require role rename
- for (String username : allUsers.stringPropertyNames()) {
- String value = allUsers.getProperty(username);
- String[] roles = value.split(",");
- // skip first value (password)
- for (int i = 1; i < roles.length; i++) {
- String r = roles[i];
- if (r.equalsIgnoreCase(role)) {
- needsDeleteRole.remove(username);
- break;
- }
- }
- }
-
- // delete role for identified users
- for (String user : needsDeleteRole) {
- String userValues = allUsers.getProperty(user);
- String[] values = userValues.split(",");
- String password = values[0];
- StringBuilder sb = new StringBuilder();
- sb.append(password);
- sb.append(',');
- List<String> revisedRoles = new ArrayList<String>();
- // skip first value (password)
- for (int i = 1; i < values.length; i++) {
- String value = values[i];
- if (!value.equalsIgnoreCase(role)) {
- revisedRoles.add(value);
- sb.append(value);
- sb.append(',');
- }
- }
- sb.setLength(sb.length() - 1);
-
- // update properties
- allUsers.put(user, sb.toString());
-
- // update memory
- putUser(user, Credential.getCredential(password), revisedRoles.toArray(new String[0]));
- }
-
- // persist changes
- writeRealmFile(allUsers);
- return true;
- } catch (Throwable t) {
- logger.error(MessageFormat.format("Failed to delete role {0}!", role), t);
- }
- return false;
- }
-
- private Properties readRealmFile() throws IOException {
- Properties allUsers = new Properties();
- FileReader reader = new FileReader(realmFile);
- allUsers.load(reader);
- reader.close();
- return allUsers;
- }
-
- private void writeRealmFile(Properties properties) throws IOException {
- // Update realm file
- File realmFileCopy = new File(realmFile.getAbsolutePath() + ".tmp");
- FileWriter writer = new FileWriter(realmFileCopy);
- properties.store(writer, "# Git:Blit realm file format: username=password,\\#permission,repository1,repository2...");
- writer.close();
- if (realmFileCopy.exists() && realmFileCopy.length() > 0) {
- realmFile.delete();
- realmFileCopy.renameTo(realmFile);
- } else {
- throw new IOException("Failed to save realmfile!");
- }
- }
-
- /* ------------------------------------------------------------ */
- @Override
- public void loadUsers() throws IOException {
- if (realmFile == null)
- return;
-
- if (Log.isDebugEnabled())
- Log.debug("Load " + this + " from " + realmFile);
- Properties allUsers = readRealmFile();
-
- // Map Users
- for (Map.Entry<Object, Object> entry : allUsers.entrySet()) {
- String username = ((String) entry.getKey()).trim();
- String credentials = ((String) entry.getValue()).trim();
- String roles = null;
- int c = credentials.indexOf(',');
- if (c > 0) {
- roles = credentials.substring(c + 1).trim();
- credentials = credentials.substring(0, c).trim();
- }
-
- if (username != null && username.length() > 0 && credentials != null && credentials.length() > 0) {
- String[] roleArray = IdentityService.NO_ROLES;
- if (roles != null && roles.length() > 0) {
- roleArray = roles.split(",");
- }
- putUser(username, Credential.getCredential(credentials), roleArray);
- }
- }
- }
-
- @Override
- protected UserIdentity loadUser(String username) {
- return null;
- }
- }
|