From 9b54923f4ee5411966016f91224e4f4f545f1416 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 17 Jun 2013 15:56:14 -0400
Subject: [PATCH] Option to auto-create accounts based on authenticated container principals (issue-246)
---
releases.moxie | 3 +++
src/main/distrib/data/gitblit.properties | 7 +++++++
src/main/java/com/gitblit/GitBlit.java | 13 ++++++++++++-
3 files changed, 22 insertions(+), 1 deletions(-)
diff --git a/releases.moxie b/releases.moxie
index f419992..50a54e7 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -66,6 +66,7 @@
- Added weblogic.xml to WAR for deployment on WebLogic (issue 199)
- Support username substitution in web.otherUrls (issue 213)
- Option to force client-side basic authentication instead of form-based authentication if web.authenticateViewPages=true (issue 222)
+ - Setting to automatically create an user account based on an authenticated user principal from the servlet container (issue-246)
contributors:
- Bandarupalli Satyanarayana
@@ -86,6 +87,7 @@
- Matthias Bauer
- Micha�l Pailloncy
- Michael Schaefers
+ - Oliver Doepner
- Philip Boutros
- Rafael Cavazin
- Ryan Schneider
@@ -109,6 +111,7 @@
- { name: 'git.daemonPort', defaultValue: 0 }
- { name: 'git.defaultIncrementalPushTagPrefix', defaultValue: 'r' }
- { name: 'mail.smtps', defaultValue: false }
+ - { name: 'realm.container.autoCreateAccounts', defaultValue: 'false' }
- { name: 'realm.salesforce.backingUserService', defaultValue: 'users.conf' }
- { name: 'realm.salesforce.orgId', defaultValue: 0 }
- { name: 'web.activityDurationChoices', defaultValue: '7 14 28 60 90 180' }
diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index 1671507..412bcae 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -1110,6 +1110,13 @@
# Advanced Realm Settings
#
+# Auto-creates user accounts based on the servlet container principal. This
+# assumes that your Gitblit install is a protected resource and your container's
+# authentication process intercepts all Gitblit requests.
+#
+# SINCE 1.3.0
+realm.container.autoCreateAccounts = false
+
# The SalesforceUserService must be backed by another user service for standard user
# and team management.
# default: users.conf
diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java
index c538ace..25ffaba 100644
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -827,13 +827,24 @@
Principal principal = httpRequest.getUserPrincipal();
if (principal != null) {
String username = principal.getName();
- if (StringUtils.isEmpty(username)) {
+ if (!StringUtils.isEmpty(username)) {
UserModel user = getUserModel(username);
if (user != null) {
+ // existing user
flagWicketSession(AuthenticationType.CONTAINER);
logger.debug(MessageFormat.format("{0} authenticated by servlet container principal from {1}",
user.username, httpRequest.getRemoteAddr()));
return user;
+ } else if (settings.getBoolean(Keys.realm.container.autoCreateAccounts, true)) {
+ // auto-create user from an authenticated container principal
+ user = new UserModel(username.toLowerCase());
+ user.displayName = username;
+ user.password = Constants.EXTERNAL_ACCOUNT;
+ userService.updateUserModel(user);
+ flagWicketSession(AuthenticationType.CONTAINER);
+ logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}",
+ user.username, httpRequest.getRemoteAddr()));
+ return user;
} else {
logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted servlet container authentication from {1}",
principal.getName(), httpRequest.getRemoteAddr()));
--
Gitblit v1.9.1