From 1d9dcfda63aebcbf278f6eb0a853b4538df30fcb Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sat, 15 Mar 2014 14:06:54 +0100
Subject: [PATCH] added protected methods for error handling

---
 .../web/filter/BasicAuthenticationFilter.java | 42 ++++++++++++--
 .../scm/web/filter/PermissionFilter.java      | 55 +++++++++++++++----
 2 files changed, 81 insertions(+), 16 deletions(-)

diff --git a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
index fe1aed181a..b184e2b4ae 100644
--- a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
@@ -218,15 +218,47 @@ public class BasicAuthenticationFilter extends AutoLoginFilter
     // see https://bitbucket.org/sdorra/scm-manager/issue/545/git-clone-with-username-in-url-does-not
     if (Boolean.TRUE.equals(request.getAttribute(ATTRIBUTE_FAILED_AUTH)))
     {
-      response.sendError(HttpServletResponse.SC_FORBIDDEN);
+      sendFailedAuthenticationError(request, response);
     }
     else
     {
-      HttpUtil.sendUnauthorized(request, response,
-        configuration.getRealmDescription());
+      sendUnauthorizedError(request, response);
     }
   }
 
+  /**
+   * Sends an error for a failed authentication back to client.
+   *
+   *
+   * @param request http request
+   * @param response http response
+   *
+   * @throws IOException
+   */
+  protected void sendFailedAuthenticationError(HttpServletRequest request,
+    HttpServletResponse response)
+    throws IOException
+  {
+    response.sendError(HttpServletResponse.SC_FORBIDDEN);
+  }
+
+  /**
+   * Sends an unauthorized error back to client.
+   *
+   *
+   * @param request http request
+   * @param response http response
+   *
+   * @throws IOException
+   */
+  protected void sendUnauthorizedError(HttpServletRequest request,
+    HttpServletResponse response)
+    throws IOException
+  {
+    HttpUtil.sendUnauthorized(request, response,
+      configuration.getRealmDescription());
+  }
+
   /**
    * Method description
    *
@@ -300,6 +332,6 @@ public class BasicAuthenticationFilter extends AutoLoginFilter
 
   //~--- fields ---------------------------------------------------------------
 
-  /** Field description */
-  private ScmConfiguration configuration;
+  /** scm main configuration */
+  protected ScmConfiguration configuration;
 }
diff --git a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
index 07051e5154..defa83a1b7 100644
--- a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
@@ -50,6 +50,7 @@ import sonia.scm.config.ScmConfiguration;
 import sonia.scm.repository.PermissionType;
 import sonia.scm.repository.PermissionUtil;
 import sonia.scm.repository.Repository;
+import sonia.scm.security.Role;
 import sonia.scm.security.ScmSecurityException;
 import sonia.scm.util.HttpUtil;
 import sonia.scm.util.Util;
@@ -65,7 +66,6 @@ import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import sonia.scm.security.Role;
 
 /**
  * Abstract http filter to check repository permissions.
@@ -98,7 +98,7 @@ public abstract class PermissionFilter extends HttpFilter
    *
    * @param configuration global scm-manager configuration
    * @param securityContextProvider security context provider
-   * 
+   *
    * @deprecated {@link #PermissionFilter(ScmConfiguration)} instead
    */
   @Deprecated
@@ -133,11 +133,11 @@ public abstract class PermissionFilter extends HttpFilter
   //~--- methods --------------------------------------------------------------
 
   /**
-   * Checks the permission for the requested repository. If the user has enough 
+   * Checks the permission for the requested repository. If the user has enough
    * permission, then the filter chain is called.
    *
    *
-   * @param request http request 
+   * @param request http request
    * @param response http response
    * @param chain filter chain
    *
@@ -179,7 +179,7 @@ public abstract class PermissionFilter extends HttpFilter
               getUserName(subject));
           }
 
-          sendAccessDenied(response, subject);
+          sendAccessDenied(request, response, subject);
         }
       }
       else
@@ -216,11 +216,43 @@ public abstract class PermissionFilter extends HttpFilter
           subject.getPrincipal());
       }
 
-      sendAccessDenied(response, subject);
+      sendAccessDenied(request, response, subject);
     }
 
   }
 
+  /**
+   * Sends a "not enough privileges" error back to client.
+   *
+   *
+   * @param request http request
+   * @param response http response
+   *
+   * @throws IOException
+   */
+  protected void sendNotEnoughPrivilegesError(HttpServletRequest request,
+    HttpServletResponse response)
+    throws IOException
+  {
+    response.sendError(HttpServletResponse.SC_FORBIDDEN);
+  }
+
+  /**
+   * Sends an unauthorized error back to client.
+   *
+   *
+   * @param request http request
+   * @param response http response
+   *
+   * @throws IOException
+   */
+  protected void sendUnauthorizedError(HttpServletRequest request,
+    HttpServletResponse response)
+    throws IOException
+  {
+    HttpUtil.sendUnauthorized(response, configuration.getRealmDescription());
+  }
+
   /**
    * Extracts the type of the repositroy from url.
    *
@@ -247,22 +279,23 @@ public abstract class PermissionFilter extends HttpFilter
   /**
    * Send access denied to the servlet response.
    *
-   *
+   * @param request current http request object
    * @param response current http response object
    * @param subject user subject
    *
    * @throws IOException
    */
-  private void sendAccessDenied(HttpServletResponse response, Subject subject)
+  private void sendAccessDenied(HttpServletRequest request,
+    HttpServletResponse response, Subject subject)
     throws IOException
   {
     if (subject.hasRole(Role.USER))
     {
-      response.sendError(HttpServletResponse.SC_FORBIDDEN);
+      sendNotEnoughPrivilegesError(request, response);
     }
     else
     {
-      HttpUtil.sendUnauthorized(response, configuration.getRealmDescription());
+      sendUnauthorizedError(request, response);
     }
   }
 
@@ -351,5 +384,5 @@ public abstract class PermissionFilter extends HttpFilter
   //~--- fields ---------------------------------------------------------------
 
   /** scm-manager global configuration */
-  private ScmConfiguration configuration;
+  private final ScmConfiguration configuration;
 }