Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-12 16:35:45 +01:00
Code Issues Packages Projects Releases Activity

add missing check if anonymous access is enabled but anonymous user doesn't exists

Browse Source
This commit is contained in:
Eduard Heimbuch
2019-10-18 09:43:03 +02:00
parent 3e6e7bd4cb
commit 1af4acabbe
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scm-webapp/src/main/java/sonia/scm/security/AnonymousRealm.java
View File

@@ -6,8 +6,10 @@ import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.realm.AuthenticatingRealm;
import sonia.scm.ConfigurationException;
import sonia.scm.SCMContext;
import sonia.scm.plugin.Extension;
import sonia.scm.user.UserDAO;
import javax.inject.Singleton;
@@ -27,10 +29,12 @@ public class AnonymousRealm extends AuthenticatingRealm {
* dao realm helper
*/
private final DAORealmHelper helper;
private final UserDAO userDAO;
@Inject
public AnonymousRealm(DAORealmHelperFactory helperFactory) {
public AnonymousRealm(DAORealmHelperFactory helperFactory, UserDAO userDAO) {
this.helper = helperFactory.create(REALM);
this.userDAO = userDAO;
setAuthenticationTokenClass(AnonymousToken.class);
setCredentialsMatcher(new AllowAllCredentialsMatcher());
@@ -38,6 +42,9 @@ public class AnonymousRealm extends AuthenticatingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {
if (!userDAO.contains(SCMContext.USER_ANONYMOUS)) {
throw new ConfigurationException("trying to access anonymous but _anonymous user does not exist");
}
checkArgument(authenticationToken instanceof AnonymousToken, "%s is required", AnonymousToken.class);
return helper.authenticationInfoBuilder(SCMContext.USER_ANONYMOUS).build();
}