From 0d32645ba2eafb1abfdb85bbe358d4db5e929aba Mon Sep 17 00:00:00 2001
From: Glenn Matthys <glenn@webmind.be>
Date: Sun, 17 Jan 2016 17:15:53 -0500
Subject: [PATCH] Typo in setup_transport_http.mkd

---
 src/main/java/com/gitblit/manager/AuthenticationManager.java |   30 +++++++++++++++++++++++++++---
 1 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/manager/AuthenticationManager.java b/src/main/java/com/gitblit/manager/AuthenticationManager.java
index 7e0b07b..4978763 100644
--- a/src/main/java/com/gitblit/manager/AuthenticationManager.java
+++ b/src/main/java/com/gitblit/manager/AuthenticationManager.java
@@ -41,6 +41,7 @@
 import com.gitblit.auth.AuthenticationProvider;
 import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider;
 import com.gitblit.auth.HtpasswdAuthProvider;
+import com.gitblit.auth.HttpHeaderAuthProvider;
 import com.gitblit.auth.LdapAuthProvider;
 import com.gitblit.auth.PAMAuthProvider;
 import com.gitblit.auth.RedmineAuthProvider;
@@ -92,6 +93,7 @@
 		// map of shortcut provider names
 		providerNames = new HashMap<String, Class<? extends AuthenticationProvider>>();
 		providerNames.put("htpasswd", HtpasswdAuthProvider.class);
+		providerNames.put("httpheader", HttpHeaderAuthProvider.class);
 		providerNames.put("ldap", LdapAuthProvider.class);
 		providerNames.put("pam", PAMAuthProvider.class);
 		providerNames.put("redmine", RedmineAuthProvider.class);
@@ -170,7 +172,11 @@
 	}
 
 	/**
-	 * Authenticate a user based on HTTP request parameters.
+	 * Used to handle authentication for page requests.
+	 *
+	 * This allows authentication to occur based on the contents of the request
+	 * itself. If no configured @{AuthenticationProvider}s authenticate succesffully,
+	 * a request for login will be shown.
 	 *
 	 * Authentication by X509Certificate is tried first and then by cookie.
 	 *
@@ -185,7 +191,7 @@
 	/**
 	 * Authenticate a user based on HTTP request parameters.
 	 *
-	 * Authentication by servlet container principal, X509Certificate, cookie,
+	 * Authentication by custom HTTP header, servlet container principal, X509Certificate, cookie,
 	 * and finally BASIC header.
 	 *
 	 * @param httpRequest
@@ -198,7 +204,7 @@
 		// Check if this request has already been authenticated, and trust that instead of re-processing
 		String reqAuthUser = (String) httpRequest.getAttribute(Constants.ATTRIB_AUTHUSER);
 		if (!StringUtils.isEmpty(reqAuthUser)) {
-			logger.warn("Called servlet authenticate when request is already authenticated.");
+			logger.debug("Called servlet authenticate when request is already authenticated.");
 			return userManager.getUserModel(reqAuthUser);
 		}
 
@@ -317,6 +323,18 @@
 							user.username, httpRequest.getRemoteAddr()));
 					return validateAuthentication(user, AuthenticationType.CREDENTIALS);
 				}
+			}
+		}
+
+		// Check each configured AuthenticationProvider
+		for (AuthenticationProvider ap : authenticationProviders) {
+			UserModel authedUser = ap.authenticate(httpRequest);
+			if (null != authedUser) {
+				flagRequest(httpRequest, ap.getAuthenticationType(), authedUser.username);
+				logger.debug(MessageFormat.format("{0} authenticated by {1} from {2} for {3}",
+						authedUser.username, ap.getServiceName(), httpRequest.getRemoteAddr(),
+						httpRequest.getPathInfo()));
+				return validateAuthentication(authedUser, ap.getAuthenticationType());
 			}
 		}
 		return null;
@@ -448,6 +466,12 @@
 			return null;
 		}
 
+		if (username.equalsIgnoreCase(Constants.FEDERATION_USER)) {
+			// can not authenticate internal FEDERATION_USER at this point
+			// it must be routed to FederationManager
+			return null;
+		}
+		
 		String usernameDecoded = StringUtils.decodeUsername(username);
 		String pw = new String(password);
 		if (StringUtils.isEmpty(pw)) {

--
Gitblit v1.9.1