From 671c19d3695a165687d621690fdb52ac453070b9 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 25 Jul 2011 16:47:22 -0400
Subject: [PATCH] Cleanup imports and formatting.

---
 src/com/gitblit/AccessRestrictionFilter.java |   77 ++++++++++++++++++++++++++++++++------
 1 files changed, 64 insertions(+), 13 deletions(-)

diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index 3aca103..6ec70db 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -16,6 +16,7 @@
 package com.gitblit;
 
 import java.io.IOException;
+import java.nio.charset.Charset;
 import java.security.Principal;
 import java.text.MessageFormat;
 import java.util.Enumeration;
@@ -32,6 +33,7 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.eclipse.jgit.util.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -40,8 +42,18 @@
 import com.gitblit.utils.StringUtils;
 
 /**
+ * The AccessRestrictionFilter is a servlet filter that preprocesses requests
+ * that match its url pattern definition in the web.xml file.
+ * 
+ * The filter extracts the name of the repository from the url and determines if
+ * the requested action for the repository requires a Basic authentication
+ * prompt. If authentication is required and no credentials are stored in the
+ * "Authorization" header, then a basic authentication challenge is issued.
  * 
  * http://en.wikipedia.org/wiki/Basic_access_authentication
+ * 
+ * @author James Moger
+ * 
  */
 public abstract class AccessRestrictionFilter implements Filter {
 
@@ -57,15 +69,48 @@
 		logger = LoggerFactory.getLogger(getClass());
 	}
 
+	/**
+	 * Extract the repository name from the url.
+	 * 
+	 * @param url
+	 * @return repository name
+	 */
 	protected abstract String extractRepositoryName(String url);
 
-	protected abstract String getUrlRequestType(String url);
+	/**
+	 * Analyze the url and returns the action of the request.
+	 * 
+	 * @param url
+	 * @return action of the request
+	 */
+	protected abstract String getUrlRequestAction(String url);
 
+	/**
+	 * Determine if the repository requires authentication.
+	 * 
+	 * @param repository
+	 * @return true if authentication required
+	 */
 	protected abstract boolean requiresAuthentication(RepositoryModel repository);
 
-	protected abstract boolean canAccess(RepositoryModel repository, UserModel user,
-			String restrictedUrl);
+	/**
+	 * Determine if the user can access the repository and perform the specified
+	 * action.
+	 * 
+	 * @param repository
+	 * @param user
+	 * @param action
+	 * @return true if user may execute the action on the repository
+	 */
+	protected abstract boolean canAccess(RepositoryModel repository, UserModel user, String action);
 
+	/**
+	 * doFilter does the actual work of preprocessing the request to ensure that
+	 * the user may proceed.
+	 * 
+	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
+	 *      javax.servlet.ServletResponse, javax.servlet.FilterChain)
+	 */
 	@Override
 	public void doFilter(final ServletRequest request, final ServletResponse response,
 			final FilterChain chain) throws IOException, ServletException {
@@ -96,7 +141,7 @@
 
 		// Determine if the request URL is restricted
 		String fullSuffix = fullUrl.substring(repository.length());
-		String urlRequestType = getUrlRequestType(fullSuffix);
+		String urlRequestType = getUrlRequestAction(fullSuffix);
 
 		// Load the repository model
 		RepositoryModel model = GitBlit.self().getRepositoryModel(repository);
@@ -114,10 +159,8 @@
 			if (authorization != null && authorization.startsWith(BASIC)) {
 				// Authorization: Basic base64credentials
 				String base64Credentials = authorization.substring(BASIC.length()).trim();
-				String credentials = StringUtils.decodeBase64(base64Credentials);
-				if (GitBlit.isDebugMode()) {
-					logger.info(MessageFormat.format("AUTH: {0} ({1})", authorization, credentials));
-				}
+				String credentials = new String(Base64.decode(base64Credentials),
+						Charset.forName("UTF-8"));
 				// credentials = username:password
 				final String[] values = credentials.split(":");
 
@@ -131,7 +174,8 @@
 							// authenticated request permitted.
 							// pass processing to the restricted servlet.
 							newSession(accessRequest, httpResponse);
-							logger.info("ARF: " + fullUrl + " (" + HttpServletResponse.SC_CONTINUE + ") authenticated");
+							logger.info("ARF: " + fullUrl + " (" + HttpServletResponse.SC_CONTINUE
+									+ ") authenticated");
 							chain.doFilter(accessRequest, httpResponse);
 							return;
 						}
@@ -163,7 +207,8 @@
 		}
 
 		if (GitBlit.isDebugMode()) {
-			logger.info("ARF: " + fullUrl + " (" + HttpServletResponse.SC_CONTINUE + ") unauthenticated");
+			logger.info("ARF: " + fullUrl + " (" + HttpServletResponse.SC_CONTINUE
+					+ ") unauthenticated");
 		}
 		// unauthenticated request permitted.
 		// pass processing to the restricted servlet.
@@ -195,26 +240,32 @@
 		}
 	}
 
+	/**
+	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+	 */
 	@Override
 	public void init(final FilterConfig config) throws ServletException {
 	}
 
+	/**
+	 * @see javax.servlet.Filter#destroy()
+	 */
 	@Override
 	public void destroy() {
 	}
-	
+
 	/**
 	 * Wraps a standard HttpServletRequest and overrides user principal methods.
 	 */
 	public static class AccessRestrictionRequest extends ServletRequestWrapper {
 
 		private UserModel user;
-		
+
 		public AccessRestrictionRequest(HttpServletRequest req) {
 			super(req);
 			user = new UserModel("anonymous");
 		}
-		
+
 		void setUser(UserModel user) {
 			this.user = user;
 		}

--
Gitblit v1.9.1