Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-09 06:55:47 +01:00
Code Issues Packages Projects Releases Activity

Added auto-login filter system.

Browse Source
This commit is contained in:
Clemens Rabe
2013-10-02 19:45:21 +02:00
parent 1faa748c3a
commit 2875794519
6 changed files with 615 additions and 464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
View File

@@ -43,7 +43,6 @@ import com.google.inject.servlet.ServletModule;
import com.google.inject.throwingproviders.ThrowingProviderBinder;
import org.apache.shiro.authz.permission.PermissionResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -130,6 +129,7 @@ import sonia.scm.util.DebugServlet;
import sonia.scm.util.ScmConfigurationUtil;
import sonia.scm.web.cgi.CGIExecutorFactory;
import sonia.scm.web.cgi.DefaultCGIExecutorFactory;
import sonia.scm.web.filter.AutoLoginFilter;
import sonia.scm.web.filter.LoggingFilter;
import sonia.scm.web.security.AdministrationContext;
import sonia.scm.web.security.ApiBasicAuthenticationFilter;
@@ -141,6 +141,7 @@ import sonia.scm.web.security.WebSecurityContext;
//~--- JDK imports ------------------------------------------------------------
import com.sun.jersey.api.core.PackagesResourceConfig;
import com.sun.jersey.api.core.ResourceConfig;
import com.sun.jersey.api.json.JSONConfiguration;
@@ -347,6 +348,7 @@ public class ScmServletModule extends ServletModule
* PATTERN_STATIC_RESOURCES).through(StaticResourceFilter.class);
*/
filter(PATTERN_ALL).through(BaseUrlFilter.class);
filter(PATTERN_ALL).through(AutoLoginFilter.class);
filterRegex(RESOURCE_REGEX).through(GZipFilter.class);
filter(PATTERN_RESTAPI,
PATTERN_DEBUG).through(ApiBasicAuthenticationFilter.class);

8
scm-webapp/src/main/java/sonia/scm/web/security/ApiBasicAuthenticationFilter.java
View File

@@ -39,11 +39,14 @@ import com.google.inject.Inject;
import com.google.inject.Singleton;
import sonia.scm.config.ScmConfiguration;
import sonia.scm.web.filter.AutoLoginModule;
import sonia.scm.web.filter.BasicAuthenticationFilter;
//~--- JDK imports ------------------------------------------------------------
import java.io.IOException;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
@@ -76,9 +79,10 @@ public class ApiBasicAuthenticationFilter extends BasicAuthenticationFilter
* @param configuration
*/
@Inject
public ApiBasicAuthenticationFilter(ScmConfiguration configuration)
public ApiBasicAuthenticationFilter(ScmConfiguration configuration,
Set<AutoLoginModule> autoLoginModules)
{
super(configuration);
super(configuration, autoLoginModules);
}
//~--- methods --------------------------------------------------------------

513
scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java
View File

@@ -29,8 +29,6 @@
*
*/
package sonia.scm.web.security;
//~--- non-JDK imports --------------------------------------------------------
@@ -66,323 +64,296 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
*
* @author Sebastian Sdorra
*/
@Singleton
public class ChainAuthenticatonManager extends AbstractAuthenticationManager
{
public class ChainAuthenticatonManager extends AbstractAuthenticationManager {
/** Field description */
public static final String CACHE_NAME = "sonia.cache.auth";
/** Field description */
public static final String CACHE_NAME = "sonia.cache.auth";
/** the logger for ChainAuthenticatonManager */
private static final Logger logger =
LoggerFactory.getLogger(ChainAuthenticatonManager.class);
/** the logger for ChainAuthenticatonManager */
private static final Logger logger = LoggerFactory
.getLogger(ChainAuthenticatonManager.class);
//~--- constructors ---------------------------------------------------------
// ~--- constructors
// ---------------------------------------------------------
/**
* Constructs ...
*
*
*
* @param userManager
* @param authenticationHandlerSet
* @param encryptionHandler
* @param cacheManager
* @param authenticationListenerProvider
* @param authenticationListeners
*/
@Inject
public ChainAuthenticatonManager(UserManager userManager,
Set<AuthenticationHandler> authenticationHandlerSet,
EncryptionHandler encryptionHandler, CacheManager cacheManager,
Set<AuthenticationListener> authenticationListeners)
{
AssertUtil.assertIsNotEmpty(authenticationHandlerSet);
AssertUtil.assertIsNotNull(cacheManager);
this.authenticationHandlers = sort(userManager, authenticationHandlerSet);
this.encryptionHandler = encryptionHandler;
this.cache = cacheManager.getCache(String.class,
AuthenticationCacheValue.class, CACHE_NAME);
/**
* Constructs ...
*
*
*
* @param userManager
* @param authenticationHandlerSet
* @param encryptionHandler
* @param cacheManager
* @param authenticationListenerProvider
* @param authenticationListeners
*/
@Inject
public ChainAuthenticatonManager(UserManager userManager,
Set<AuthenticationHandler> authenticationHandlerSet,
EncryptionHandler encryptionHandler, CacheManager cacheManager,
Set<AuthenticationListener> authenticationListeners) {
AssertUtil.assertIsNotEmpty(authenticationHandlerSet);
AssertUtil.assertIsNotNull(cacheManager);
this.authenticationHandlers = sort(userManager,
authenticationHandlerSet);
this.encryptionHandler = encryptionHandler;
this.cache = cacheManager.getCache(String.class,
AuthenticationCacheValue.class, CACHE_NAME);
if (Util.isNotEmpty(authenticationListeners))
{
addListeners(authenticationListeners);
}
}
if (Util.isNotEmpty(authenticationListeners)) {
addListeners(authenticationListeners);
}
}
//~--- methods --------------------------------------------------------------
// ~--- methods
// --------------------------------------------------------------
/**
* Method description
*
*
* @param request
* @param response
* @param username
* @param password
*
* @return
*/
@Override
public AuthenticationResult authenticate(HttpServletRequest request,
HttpServletResponse response, String username, String password)
{
AssertUtil.assertIsNotEmpty(username);
AssertUtil.assertIsNotEmpty(password);
/**
* Method description
*
*
* @param request
* @param response
* @param username
* @param password
*
* @return
*/
@Override
public AuthenticationResult authenticate(HttpServletRequest request,
HttpServletResponse response, String username, String password) {
AssertUtil.assertIsNotEmpty(username);
AssertUtil.assertIsNotEmpty(password);
String encryptedPassword = encryptionHandler.encrypt(password);
AuthenticationResult ar = getCached(username, encryptedPassword);
String encryptedPassword = encryptionHandler.encrypt(password);
AuthenticationResult ar = getCached(username, encryptedPassword);
if (ar == null)
{
if (logger.isTraceEnabled())
{
logger.trace("no authentication result for user {} found in cache",
username);
}
if (ar == null) {
if (logger.isTraceEnabled()) {
logger.trace(
"no authentication result for user {} found in cache",
username);
}
ar = doAuthentication(request, response, username, password);
ar = doAuthentication(request, response, username, password);
if ((ar != null) && ar.isCacheable())
{
cache.put(username,
new AuthenticationCacheValue(ar, encryptedPassword));
}
}
else if (logger.isDebugEnabled())
{
logger.debug("authenticate {} via cache", username);
}
if ((ar != null) && ar.isCacheable()) {
cache.put(username, new AuthenticationCacheValue(ar,
encryptedPassword));
}
} else if (logger.isDebugEnabled()) {
logger.debug("authenticate {} via cache", username);
}
return ar;
}
return ar;
}
/**
* Method description
*
*
* @throws IOException
*/
@Override
public void close() throws IOException
{
for (AuthenticationHandler authenticator : authenticationHandlers)
{
if (logger.isTraceEnabled())
{
logger.trace("close authenticator {}", authenticator.getClass());
}
/**
* Method description
*
*
* @throws IOException
*/
@Override
public void close() throws IOException {
for (AuthenticationHandler authenticator : authenticationHandlers) {
if (logger.isTraceEnabled()) {
logger.trace("close authenticator {}", authenticator.getClass());
}
IOUtil.close(authenticator);
}
}
IOUtil.close(authenticator);
}
}
/**
* Method description
*
*
* @param context
*/
@Override
public void init(SCMContextProvider context)
{
for (AuthenticationHandler authenticator : authenticationHandlers)
{
if (logger.isTraceEnabled())
{
logger.trace("initialize authenticator {}", authenticator.getClass());
}
/**
* Method description
*
*
* @param context
*/
@Override
public void init(SCMContextProvider context) {
for (AuthenticationHandler authenticator : authenticationHandlers) {
if (logger.isTraceEnabled()) {
logger.trace("initialize authenticator {}",
authenticator.getClass());
}
authenticator.init(context);
}
}
authenticator.init(context);
}
}
/**
* Method description
*
*
* @param request
* @param response
* @param username
* @param password
*
* @return
*/
private AuthenticationResult doAuthentication(HttpServletRequest request,
HttpServletResponse response, String username, String password)
{
AuthenticationResult ar = null;
/**
* Method description
*
*
* @param request
* @param response
* @param username
* @param password
*
* @return
*/
private AuthenticationResult doAuthentication(HttpServletRequest request,
HttpServletResponse response, String username, String password) {
AuthenticationResult ar = null;
if (logger.isTraceEnabled())
{
logger.trace("start authentication chain for user {}", username);
}
if (logger.isTraceEnabled()) {
logger.trace("start authentication chain for user {}", username);
}
for (AuthenticationHandler authenticator : authenticationHandlers)
{
if (logger.isTraceEnabled())
{
logger.trace("check authenticator {} for user {}",
authenticator.getClass(), username);
}
for (AuthenticationHandler authenticator : authenticationHandlers) {
if (logger.isTraceEnabled()) {
logger.trace("check authenticator {} for user {}",
authenticator.getClass(), username);
}
try
{
AuthenticationResult result = authenticator.authenticate(request,
response, username, password);
try {
AuthenticationResult result = authenticator.authenticate(
request, response, username, password);
if (logger.isDebugEnabled())
{
logger.debug("authenticator {} ends with result, {}",
authenticator.getClass().getName(), result);
}
if (logger.isDebugEnabled()) {
logger.debug("authenticator {} ends with result, {}",
authenticator.getClass().getName(), result);
}
if ((result != null) && (result.getState() != null)
&& (result.getState().isSuccessfully()
|| (result.getState() == AuthenticationState.FAILED)))
{
if (result.getState().isSuccessfully() && (result.getUser() != null))
{
User user = result.getUser();
// CR: Removed check on state=failed to allow next module to
// continue
if ((result != null) && (result.getState() != null)
&& result.getState().isSuccessfully()) {
if (result.getUser() != null) {
User user = result.getUser();
user.setType(authenticator.getType());
ar = result;
user.setType(authenticator.getType());
ar = result;
// notify authentication listeners
fireAuthenticationEvent(request, response, user);
}
// notify authentication listeners
fireAuthenticationEvent(request, response, user);
}
break;
}
}
catch (Exception ex)
{
logger.error(
"error durring authentication process of ".concat(
authenticator.getClass().getName()), ex);
}
}
break;
}
} catch (Exception ex) {
logger.error("error durring authentication process of "
.concat(authenticator.getClass().getName()), ex);
}
}
return ar;
}
return ar;
}
/**
* Method description
*
*
* @param userManager
* @param authenticationHandlerSet
*
* @return
*/
@VisibleForTesting
private List<AuthenticationHandler> sort(UserManager userManager,
Set<AuthenticationHandler> authenticationHandlerSet)
{
List<AuthenticationHandler> handlers =
Lists.newArrayListWithCapacity(authenticationHandlerSet.size());
/**
* Method description
*
*
* @param userManager
* @param authenticationHandlerSet
*
* @return
*/
@VisibleForTesting
private List<AuthenticationHandler> sort(UserManager userManager,
Set<AuthenticationHandler> authenticationHandlerSet) {
List<AuthenticationHandler> handlers = Lists
.newArrayListWithCapacity(authenticationHandlerSet.size());
String first = Strings.nullToEmpty(userManager.getDefaultType());
String first = Strings.nullToEmpty(userManager.getDefaultType());
for (AuthenticationHandler handler : authenticationHandlerSet)
{
if (first.equals(handler.getType()))
{
handlers.add(0, handler);
}
else
{
handlers.add(handler);
}
}
for (AuthenticationHandler handler : authenticationHandlerSet) {
if (first.equals(handler.getType())) {
handlers.add(0, handler);
} else {
handlers.add(handler);
}
}
return handlers;
}
return handlers;
}
//~--- get methods ----------------------------------------------------------
// ~--- get methods
// ----------------------------------------------------------
/**
* Method description
*
*
* @param username
* @param encryptedPassword
*
* @return
*/
private AuthenticationResult getCached(String username,
String encryptedPassword)
{
AuthenticationResult result = null;
AuthenticationCacheValue value = cache.get(username);
/**
* Method description
*
*
* @param username
* @param encryptedPassword
*
* @return
*/
private AuthenticationResult getCached(String username,
String encryptedPassword) {
AuthenticationResult result = null;
AuthenticationCacheValue value = cache.get(username);
if (value != null)
{
String cachedPassword = value.password;
if (value != null) {
String cachedPassword = value.password;
if (cachedPassword.equals(encryptedPassword))
{
result = value.authenticationResult;
}
}
if (cachedPassword.equals(encryptedPassword)) {
result = value.authenticationResult;
}
}
return result;
}
return result;
}
//~--- inner classes --------------------------------------------------------
// ~--- inner classes
// --------------------------------------------------------
/**
* Class description
*
*
* @version Enter version here..., 2011-01-15
* @author Sebastian Sdorra
*/
private static class AuthenticationCacheValue implements Serializable
{
/**
* Class description
*
*
* @version Enter version here..., 2011-01-15
* @author Sebastian Sdorra
*/
private static class AuthenticationCacheValue implements Serializable {
/** Field description */
private static final long serialVersionUID = 2201116145941277549L;
/** Field description */
private static final long serialVersionUID = 2201116145941277549L;
//~--- constructors -------------------------------------------------------
// ~--- constructors
// -------------------------------------------------------
/**
* Constructs ...
*
*
*
* @param ar
* @param password
*/
public AuthenticationCacheValue(AuthenticationResult ar, String password)
{
this.authenticationResult =
new AuthenticationResult(ar.getUser().clone(), ar.getGroups(),
ar.getState());
this.password = password;
}
/**
* Constructs ...
*
*
*
* @param ar
* @param password
*/
public AuthenticationCacheValue(AuthenticationResult ar, String password) {
this.authenticationResult = new AuthenticationResult(ar.getUser()
.clone(), ar.getGroups(), ar.getState());
this.password = password;
}
//~--- fields -------------------------------------------------------------
// ~--- fields
// -------------------------------------------------------------
/** Field description */
private AuthenticationResult authenticationResult;
/** Field description */
private AuthenticationResult authenticationResult;
/** Field description */
private String password;
}
/** Field description */
private String password;
}
// ~--- fields
// ---------------------------------------------------------------
//~--- fields ---------------------------------------------------------------
/** Field description */
private List<AuthenticationHandler> authenticationHandlers;
/** Field description */
private List<AuthenticationHandler> authenticationHandlers;
/** Field description */
private Cache<String, AuthenticationCacheValue> cache;
/** Field description */
private Cache<String, AuthenticationCacheValue> cache;
/** Field description */
private EncryptionHandler encryptionHandler;
/** Field description */
private EncryptionHandler encryptionHandler;
}