From 79cad53bba094cffa1d25581edbf4972a5158cd4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 29 Nov 2013 11:03:01 -0500
Subject: [PATCH] Update to Moxie 0.9.1

---
 src/main/java/com/gitblit/AuthenticationFilter.java |   28 +++++++++++++++-------------
 1 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/main/java/com/gitblit/AuthenticationFilter.java b/src/main/java/com/gitblit/AuthenticationFilter.java
index eb6e95b..9aeb89f 100644
--- a/src/main/java/com/gitblit/AuthenticationFilter.java
+++ b/src/main/java/com/gitblit/AuthenticationFilter.java
@@ -28,23 +28,26 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.gitblit.manager.ISessionManager;
 import com.gitblit.models.UserModel;
+import com.gitblit.utils.DeepCopier;
 import com.gitblit.utils.StringUtils;
 
 /**
  * The AuthenticationFilter is a servlet filter that preprocesses requests that
  * match its url pattern definition in the web.xml file.
- * 
+ *
  * http://en.wikipedia.org/wiki/Basic_access_authentication
- * 
+ *
  * @author James Moger
- * 
+ *
  */
 public abstract class AuthenticationFilter implements Filter {
 
@@ -57,17 +60,17 @@
 	/**
 	 * doFilter does the actual work of preprocessing the request to ensure that
 	 * the user may proceed.
-	 * 
+	 *
 	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
 	 *      javax.servlet.ServletResponse, javax.servlet.FilterChain)
 	 */
 	@Override
 	public abstract void doFilter(final ServletRequest request, final ServletResponse response,
 			final FilterChain chain) throws IOException, ServletException;
-	
+
 	/**
 	 * Allow the filter to require a client certificate to continue processing.
-	 * 
+	 *
 	 * @return true, if a client certificate is required
 	 */
 	protected boolean requiresClientCertificate() {
@@ -76,7 +79,7 @@
 
 	/**
 	 * Returns the full relative url of the request.
-	 * 
+	 *
 	 * @param httpRequest
 	 * @return url
 	 */
@@ -93,19 +96,19 @@
 
 	/**
 	 * Returns the user making the request, if the user has authenticated.
-	 * 
+	 *
 	 * @param httpRequest
 	 * @return user
 	 */
 	protected UserModel getUser(HttpServletRequest httpRequest) {
-		UserModel user = GitBlit.self().authenticate(httpRequest, requiresClientCertificate());
+		ISessionManager sessionManager = GitBlit.getManager(ISessionManager.class);
+		UserModel user = sessionManager.authenticate(httpRequest, requiresClientCertificate());
 		return user;
 	}
 
 	/**
 	 * Taken from Jetty's LoginAuthenticator.renewSessionOnAuthentication()
 	 */
-	@SuppressWarnings("unchecked")
 	protected void newSession(HttpServletRequest request, HttpServletResponse response) {
 		HttpSession oldSession = request.getSession(false);
 		if (oldSession != null && oldSession.getAttribute(SESSION_SECURED) == null) {
@@ -145,14 +148,13 @@
 	/**
 	 * Wraps a standard HttpServletRequest and overrides user principal methods.
 	 */
-	public static class AuthenticatedRequest extends ServletRequestWrapper {
+	public static class AuthenticatedRequest extends HttpServletRequestWrapper {
 
 		private UserModel user;
 
 		public AuthenticatedRequest(HttpServletRequest req) {
 			super(req);
-			user = new UserModel("anonymous");
-			user.isAuthenticated = false;
+			user = DeepCopier.copy(UserModel.ANONYMOUS);
 		}
 
 		UserModel getUser() {

--
Gitblit v1.9.1