From a502d96a860456ec5e8c96761db70f7cabb74751 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 30 Apr 2016 04:19:14 -0400
Subject: [PATCH] Merge pull request #1073 from gitblit/1062-DocEditorUpdates
---
src/main/java/com/gitblit/manager/AuthenticationManager.java | 30 +++++++++++++++++++++++++++---
1 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/main/java/com/gitblit/manager/AuthenticationManager.java b/src/main/java/com/gitblit/manager/AuthenticationManager.java
index 7e0b07b..4978763 100644
--- a/src/main/java/com/gitblit/manager/AuthenticationManager.java
+++ b/src/main/java/com/gitblit/manager/AuthenticationManager.java
@@ -41,6 +41,7 @@
import com.gitblit.auth.AuthenticationProvider;
import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider;
import com.gitblit.auth.HtpasswdAuthProvider;
+import com.gitblit.auth.HttpHeaderAuthProvider;
import com.gitblit.auth.LdapAuthProvider;
import com.gitblit.auth.PAMAuthProvider;
import com.gitblit.auth.RedmineAuthProvider;
@@ -92,6 +93,7 @@
// map of shortcut provider names
providerNames = new HashMap<String, Class<? extends AuthenticationProvider>>();
providerNames.put("htpasswd", HtpasswdAuthProvider.class);
+ providerNames.put("httpheader", HttpHeaderAuthProvider.class);
providerNames.put("ldap", LdapAuthProvider.class);
providerNames.put("pam", PAMAuthProvider.class);
providerNames.put("redmine", RedmineAuthProvider.class);
@@ -170,7 +172,11 @@
}
/**
- * Authenticate a user based on HTTP request parameters.
+ * Used to handle authentication for page requests.
+ *
+ * This allows authentication to occur based on the contents of the request
+ * itself. If no configured @{AuthenticationProvider}s authenticate succesffully,
+ * a request for login will be shown.
*
* Authentication by X509Certificate is tried first and then by cookie.
*
@@ -185,7 +191,7 @@
/**
* Authenticate a user based on HTTP request parameters.
*
- * Authentication by servlet container principal, X509Certificate, cookie,
+ * Authentication by custom HTTP header, servlet container principal, X509Certificate, cookie,
* and finally BASIC header.
*
* @param httpRequest
@@ -198,7 +204,7 @@
// Check if this request has already been authenticated, and trust that instead of re-processing
String reqAuthUser = (String) httpRequest.getAttribute(Constants.ATTRIB_AUTHUSER);
if (!StringUtils.isEmpty(reqAuthUser)) {
- logger.warn("Called servlet authenticate when request is already authenticated.");
+ logger.debug("Called servlet authenticate when request is already authenticated.");
return userManager.getUserModel(reqAuthUser);
}
@@ -317,6 +323,18 @@
user.username, httpRequest.getRemoteAddr()));
return validateAuthentication(user, AuthenticationType.CREDENTIALS);
}
+ }
+ }
+
+ // Check each configured AuthenticationProvider
+ for (AuthenticationProvider ap : authenticationProviders) {
+ UserModel authedUser = ap.authenticate(httpRequest);
+ if (null != authedUser) {
+ flagRequest(httpRequest, ap.getAuthenticationType(), authedUser.username);
+ logger.debug(MessageFormat.format("{0} authenticated by {1} from {2} for {3}",
+ authedUser.username, ap.getServiceName(), httpRequest.getRemoteAddr(),
+ httpRequest.getPathInfo()));
+ return validateAuthentication(authedUser, ap.getAuthenticationType());
}
}
return null;
@@ -448,6 +466,12 @@
return null;
}
+ if (username.equalsIgnoreCase(Constants.FEDERATION_USER)) {
+ // can not authenticate internal FEDERATION_USER at this point
+ // it must be routed to FederationManager
+ return null;
+ }
+
String usernameDecoded = StringUtils.decodeUsername(username);
String pw = new String(password);
if (StringUtils.isEmpty(pw)) {
--
Gitblit v1.9.1