From 3983a6e74d69ed38853c3e89616de3266dcca40d Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 23 Nov 2012 10:17:51 -0500
Subject: [PATCH] X509 certificate authentication based on Kevin Anderson's implementation

---
 src/com/gitblit/AuthenticationFilter.java |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/src/com/gitblit/AuthenticationFilter.java b/src/com/gitblit/AuthenticationFilter.java
index 4762c42..64aa441 100644
--- a/src/com/gitblit/AuthenticationFilter.java
+++ b/src/com/gitblit/AuthenticationFilter.java
@@ -69,6 +69,15 @@
 	@Override
 	public abstract void doFilter(final ServletRequest request, final ServletResponse response,
 			final FilterChain chain) throws IOException, ServletException;
+	
+	/**
+	 * Allow the filter to require a client certificate to continue processing.
+	 * 
+	 * @return true, if a client certificate is required
+	 */
+	protected boolean requiresClientCertificate() {
+		return false;
+	}
 
 	/**
 	 * Returns the full relative url of the request.
@@ -95,6 +104,16 @@
 	 */
 	protected UserModel getUser(HttpServletRequest httpRequest) {
 		UserModel user = null;
+		// try request authentication
+		user = GitBlit.self().authenticate(httpRequest);
+		if (user != null) {
+			return user;
+		} else if (requiresClientCertificate()) {
+			// http request does not have a valid certificate
+			// and the filter requires one
+			return null;
+		}
+		
 		// look for client authorization credentials in header
 		final String authorization = httpRequest.getHeader("Authorization");
 		if (authorization != null && authorization.startsWith(BASIC)) {

--
Gitblit v1.9.1