| | |
|---|
| | |
|
|---|
| | | import com.gitblit.Constants.AccessPermission;
|
|---|
| | | import com.gitblit.Constants.AccessRestrictionType;
|
|---|
| | | import com.gitblit.Constants.AuthenticationType;
|
|---|
| | | import com.gitblit.Constants.AuthorizationControl;
|
|---|
| | | import com.gitblit.Constants.FederationRequest;
|
|---|
| | | import com.gitblit.Constants.FederationStrategy;
|
|---|
| | |
|---|
| | | import com.gitblit.utils.ContainerUtils;
|
|---|
| | | import com.gitblit.utils.DeepCopier;
|
|---|
| | | import com.gitblit.utils.FederationUtils;
|
|---|
| | | import com.gitblit.utils.HttpUtils;
|
|---|
| | | import com.gitblit.utils.JGitUtils;
|
|---|
| | | import com.gitblit.utils.JsonUtils;
|
|---|
| | | import com.gitblit.utils.MetricUtils;
|
|---|
| | | import com.gitblit.utils.ObjectCache;
|
|---|
| | | import com.gitblit.utils.StringUtils;
|
|---|
| | | import com.gitblit.utils.TimeUtils;
|
|---|
| | | import com.gitblit.wicket.GitBlitWebSession;
|
|---|
| | | import com.gitblit.wicket.WicketUtils;
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | |
|---|
| | | * @param cookies
|
|---|
| | | * @return a user object or null
|
|---|
| | | */
|
|---|
| | | public UserModel authenticate(Cookie[] cookies) {
|
|---|
| | | protected UserModel authenticate(Cookie[] cookies) {
|
|---|
| | | if (userService == null) {
|
|---|
| | | return null;
|
|---|
| | | }
|
|---|
| | |
|---|
| | | }
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * Authenticate a user based on HTTP request paramters.
|
|---|
| | | * This method is inteded to be used as fallback when other
|
|---|
| | | * means of authentication are failing (username / password or cookies).
|
|---|
| | | * Authenticate a user based on HTTP request parameters.
|
|---|
| | | * |
|---|
| | | * Authentication by X509Certificate is tried first and then by cookie.
|
|---|
| | | * |
|---|
| | | * @param httpRequest
|
|---|
| | | * @return a user object or null
|
|---|
| | | */
|
|---|
| | | public UserModel authenticate(HttpServletRequest httpRequest) {
|
|---|
| | | // try to authenticate by certificate
|
|---|
| | | boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true);
|
|---|
| | | String [] oids = getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]);
|
|---|
| | | UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids);
|
|---|
| | | if (model != null) {
|
|---|
| | | // grab real user model and preserve certificate serial number
|
|---|
| | | GitBlitWebSession session = GitBlitWebSession.get();
|
|---|
| | | session.authenticationType = AuthenticationType.CERTIFICATE;
|
|---|
| | | UserModel user = getUserModel(model.username);
|
|---|
| | | logger.info(MessageFormat.format("{0} authenticated by client certificate from {1}",
|
|---|
| | | user.username, httpRequest.getRemoteAddr()));
|
|---|
| | | return user;
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | // try to authenticate by cookie
|
|---|
| | | Cookie[] cookies = httpRequest.getCookies();
|
|---|
| | | if (allowCookieAuthentication() && cookies != null && cookies.length > 0) {
|
|---|
| | | // Grab cookie from Browser Session
|
|---|
| | | UserModel user = authenticate(cookies);
|
|---|
| | | if (user != null) {
|
|---|
| | | GitBlitWebSession session = GitBlitWebSession.get();
|
|---|
| | | session.authenticationType = AuthenticationType.COOKIE;
|
|---|
| | | return user;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | return null;
|
|---|
| | | }
|
|---|
| | |
|
|---|
