From d7eb67bba682c4c59fb2480d9e1830c8477ce71e Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 31 Dec 2012 16:13:51 -0500
Subject: [PATCH] Reset build identifiers for the next release

---
 src/com/gitblit/AuthenticationFilter.java |   45 ++++++++++++++-------------------------------
 1 files changed, 14 insertions(+), 31 deletions(-)

diff --git a/src/com/gitblit/AuthenticationFilter.java b/src/com/gitblit/AuthenticationFilter.java
index caa8a07..eb6e95b 100644
--- a/src/com/gitblit/AuthenticationFilter.java
+++ b/src/com/gitblit/AuthenticationFilter.java
@@ -16,9 +16,7 @@
 package com.gitblit;
 
 import java.io.IOException;
-import java.nio.charset.Charset;
 import java.security.Principal;
-import java.text.MessageFormat;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Map;
@@ -37,7 +35,6 @@
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.models.UserModel;
-import com.gitblit.utils.Base64;
 import com.gitblit.utils.StringUtils;
 
 /**
@@ -51,9 +48,7 @@
  */
 public abstract class AuthenticationFilter implements Filter {
 
-	protected static final String BASIC = "Basic";
-
-	protected static final String CHALLENGE = BASIC + " realm=\"" + Constants.NAME + "\"";
+	protected static final String CHALLENGE = "Basic realm=\"" + Constants.NAME + "\"";
 
 	protected static final String SESSION_SECURED = "com.gitblit.secured";
 
@@ -69,6 +64,15 @@
 	@Override
 	public abstract void doFilter(final ServletRequest request, final ServletResponse response,
 			final FilterChain chain) throws IOException, ServletException;
+	
+	/**
+	 * Allow the filter to require a client certificate to continue processing.
+	 * 
+	 * @return true, if a client certificate is required
+	 */
+	protected boolean requiresClientCertificate() {
+		return false;
+	}
 
 	/**
 	 * Returns the full relative url of the request.
@@ -94,30 +98,8 @@
 	 * @return user
 	 */
 	protected UserModel getUser(HttpServletRequest httpRequest) {
-		UserModel user = null;
-		// look for client authorization credentials in header
-		final String authorization = httpRequest.getHeader("Authorization");
-		if (authorization != null && authorization.startsWith(BASIC)) {
-			// Authorization: Basic base64credentials
-			String base64Credentials = authorization.substring(BASIC.length()).trim();
-			String credentials = new String(Base64.decode(base64Credentials),
-					Charset.forName("UTF-8"));
-			// credentials = username:password
-			final String[] values = credentials.split(":");
-
-			if (values.length == 2) {
-				String username = values[0];
-				char[] password = values[1].toCharArray();
-				user = GitBlit.self().authenticate(username, password);
-				if (user != null) {
-					return user;
-				}
-			}
-			if (GitBlit.isDebugMode()) {
-				logger.info(MessageFormat.format("AUTH: invalid credentials ({0})", credentials));
-			}
-		}
-		return null;
+		UserModel user = GitBlit.self().authenticate(httpRequest, requiresClientCertificate());
+		return user;
 	}
 
 	/**
@@ -170,6 +152,7 @@
 		public AuthenticatedRequest(HttpServletRequest req) {
 			super(req);
 			user = new UserModel("anonymous");
+			user.isAuthenticated = false;
 		}
 
 		UserModel getUser() {
@@ -188,7 +171,7 @@
 		@Override
 		public boolean isUserInRole(String role) {
 			if (role.equals(Constants.ADMIN_ROLE)) {
-				return user.canAdmin;
+				return user.canAdmin();
 			}
 			// Gitblit does not currently use actual roles in the traditional
 			// servlet container sense.  That is the reason this is marked

--
Gitblit v1.9.1