| | |
|---|
| | | import com.gitblit.auth.AuthenticationProvider; |
|---|
| | | import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider; |
|---|
| | | import com.gitblit.auth.HtpasswdAuthProvider; |
|---|
| | | import com.gitblit.auth.HttpHeaderAuthProvider; |
|---|
| | | import com.gitblit.auth.LdapAuthProvider; |
|---|
| | | import com.gitblit.auth.PAMAuthProvider; |
|---|
| | | import com.gitblit.auth.RedmineAuthProvider; |
|---|
| | |
|---|
| | | // map of shortcut provider names |
|---|
| | | providerNames = new HashMap<String, Class<? extends AuthenticationProvider>>(); |
|---|
| | | providerNames.put("htpasswd", HtpasswdAuthProvider.class); |
|---|
| | | providerNames.put("httpheader", HttpHeaderAuthProvider.class); |
|---|
| | | providerNames.put("ldap", LdapAuthProvider.class); |
|---|
| | | providerNames.put("pam", PAMAuthProvider.class); |
|---|
| | | providerNames.put("redmine", RedmineAuthProvider.class); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Authenticate a user based on HTTP request parameters. |
|---|
| | | * Used to handle authentication for page requests. |
|---|
| | | * |
|---|
| | | * This allows authentication to occur based on the contents of the request |
|---|
| | | * itself. If no configured @{AuthenticationProvider}s authenticate succesffully, |
|---|
| | | * a request for login will be shown. |
|---|
| | | * |
|---|
| | | * Authentication by X509Certificate is tried first and then by cookie. |
|---|
| | | * |
|---|
| | |
|---|
| | | /** |
|---|
| | | * Authenticate a user based on HTTP request parameters. |
|---|
| | | * |
|---|
| | | * Authentication by servlet container principal, X509Certificate, cookie, |
|---|
| | | * Authentication by custom HTTP header, servlet container principal, X509Certificate, cookie, |
|---|
| | | * and finally BASIC header. |
|---|
| | | * |
|---|
| | | * @param httpRequest |
|---|
| | |
|---|
| | | // Check if this request has already been authenticated, and trust that instead of re-processing |
|---|
| | | String reqAuthUser = (String) httpRequest.getAttribute(Constants.ATTRIB_AUTHUSER); |
|---|
| | | if (!StringUtils.isEmpty(reqAuthUser)) { |
|---|
| | | logger.warn("Called servlet authenticate when request is already authenticated."); |
|---|
| | | logger.debug("Called servlet authenticate when request is already authenticated."); |
|---|
| | | return userManager.getUserModel(reqAuthUser); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | user.username, httpRequest.getRemoteAddr())); |
|---|
| | | return validateAuthentication(user, AuthenticationType.CREDENTIALS); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Check each configured AuthenticationProvider |
|---|
| | | for (AuthenticationProvider ap : authenticationProviders) { |
|---|
| | | UserModel authedUser = ap.authenticate(httpRequest); |
|---|
| | | if (null != authedUser) { |
|---|
| | | flagRequest(httpRequest, ap.getAuthenticationType(), authedUser.username); |
|---|
| | | logger.debug(MessageFormat.format("{0} authenticated by {1} from {2} for {3}", |
|---|
| | | authedUser.username, ap.getServiceName(), httpRequest.getRemoteAddr(), |
|---|
| | | httpRequest.getPathInfo())); |
|---|
| | | return validateAuthentication(authedUser, ap.getAuthenticationType()); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | return null; |
|---|
| | |
|---|
| | | return null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (username.equalsIgnoreCase(Constants.FEDERATION_USER)) { |
|---|
| | | // can not authenticate internal FEDERATION_USER at this point |
|---|
| | | // it must be routed to FederationManager |
|---|
| | | return null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | String usernameDecoded = StringUtils.decodeUsername(username); |
|---|
| | | String pw = new String(password); |
|---|
| | | if (StringUtils.isEmpty(pw)) { |
|---|
