More flexible authentication. Anonymous view, authenticated admin.

James Moger

2011-04-16 b55030a765f040a15609c60d3f69b6cb7f00bdae

More flexible authentication.  Anonymous view, authenticated admin.

 gitblit.properties

@@ -26,8 +26,11 @@
# Require authentication for http/https push/pull access of git repositories

git.authenticate = true



# Require authentication to see the web ui

web.authenticate = true

# Require authentication to see everything but the admin pages

web.authenticateViewPages = false



# Require admin authentication for the admin functions and pages

web.authenticateAdminPages = true



# Simple user realm file to authenticate users

server.realmFile = users.properties


 src/com/gitblit/wicket/AuthorizationStrategy.java

@@ -5,6 +5,8 @@
import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;

import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;



import com.gitblit.GitBlit;

import com.gitblit.Keys;

import com.gitblit.wicket.pages.RepositoriesPage;



public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener {

@@ -16,12 +18,34 @@
    @Override

    protected boolean isPageAuthorized(Class pageClass) {

        if (BasePage.class.isAssignableFrom(pageClass)) {

            GitBlitWebSession session = GitBlitWebSession.get();

            if (!session.isLoggedIn())

            boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true);

            boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);

            boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);

			
            GitBlitWebSession session = GitBlitWebSession.get();			
            if (authenticateView && !session.isLoggedIn()) {

                // authentication required

                return false;

            }

			
            User user = session.getUser();

            if (pageClass.isAnnotationPresent(AdminPage.class)) {

                return user.canAdmin();

                // admin page

                if (allowAdmin) {

                    if (authenticateAdmin) {

                        // authenticate admin

                        if (user != null) {

                            return user.canAdmin();

                        }

                        return false;

                    } else {

                        // no admin authentication required

                        return true;

                    }

                } else {

                    //admin prohibited

                    return false;

                }

            }

        }

        return true;


 src/com/gitblit/wicket/BasePage.java

@@ -46,10 +46,15 @@
        add(new Label("pageName", pageName));



        // footer

        User user = null;

        if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {

            user = GitBlitWebSession.get().getUser();

            add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + user.toString(), LogoutPage.class));

        if (GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true)

                || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) {

            if (GitBlitWebSession.get().isLoggedIn()) {

                // logout

                add(new LinkPanel("userPanel", null, getString("gb.logout") + " " + GitBlitWebSession.get().getUser().toString(), LogoutPage.class));

            } else {

                // login

                add(new LinkPanel("userPanel", null, getString("gb.login"), LoginPage.class));				
            }

        } else {

            add(new Label("userPanel", ""));

        }


 src/com/gitblit/wicket/GitBlitWebApp.java

@@ -35,7 +35,8 @@
        super.init();



        // Setup page authorization mechanism

        if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, false)) {

        boolean useAuthentication = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, false) || GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, false);

        if (useAuthentication) {

            AuthorizationStrategy authStrategy = new AuthorizationStrategy();

            getSecuritySettings().setAuthorizationStrategy(authStrategy);

            getSecuritySettings().setUnauthorizedComponentInstantiationListener(authStrategy);

@@ -65,7 +66,7 @@
        mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" }));



        // setup login/logout urls, if we are using authentication

        if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {

        if (useAuthentication) {

            mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {}));

            mount(new MixedParamUrlCodingStrategy("/logout", LogoutPage.class, new String[] {}));

        }


 src/com/gitblit/wicket/pages/RepositoriesPage.java

@@ -33,7 +33,7 @@
        setupPage("", "");



        boolean showAdmin = false;

        if (GitBlit.self().settings().getBoolean(Keys.web.authenticate, true)) {

        if (GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true)) {

            boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, false);

            showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin();

        } else {