fix wrong basic authentication on ui login

2025-11-09 06:55:47 +01:00 · 2012-05-19 11:35:33 +02:00
parent 89a84e30e3
commit 306f937b19
3 changed files with 35 additions and 4 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
@@ -196,6 +196,30 @@ public class AuthenticationResource

  //~--- get methods ----------------------------------------------------------

+  /**
+   * This method is an alias of the
+   * {@link #getState(javax.servlet.http.HttpServletRequest)} method.
+   * The only difference between the methods,
+   * is that this one could not be used with basic authentication.<br />
+   * <br />
+   * <ul>
+   *   <li>200 success</li>
+   *   <li>401 unauthorized, user is not authenticated and public access is disabled.</li>
+   *   <li>500 internal server error</li>
+   * </ul>
+   *
+   * @param request the current http request
+   *
+   * @return
+   */
+  @GET
+  @Path("state")
+  @TypeHint(ScmState.class)
+  public Response getCurrentState(@Context HttpServletRequest request)
+  {
+    return getState(request);
+  }
+
  /**
   * Returns the current state of the application.<br />
   * <br />
--- a/scm-webapp/src/main/java/sonia/scm/web/security/ApiBasicAuthenticationFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/ApiBasicAuthenticationFilter.java
@@ -59,8 +59,13 @@ public class ApiBasicAuthenticationFilter extends BasicAuthenticationFilter
 {

  /** Field description */
-  public static final String URI_AUTHENTICATION =
-    "/api/rest/authentication/login";
+  public static final String URI_LOGIN = "/api/rest/authentication/login";
+
+  /** Field description */
+  public static final String URI_LOGOUT = "/api/rest/authentication/logout";
+
+  /** Field description */
+  public static final String URI_STATE = "/api/rest/authentication/state";

  //~--- constructors ---------------------------------------------------------

@@ -97,7 +102,9 @@ public class ApiBasicAuthenticationFilter extends BasicAuthenticationFilter
  {

    // skip filter on authentication resource
-    if (request.getRequestURI().contains(URI_AUTHENTICATION))
+    if (request.getRequestURI().contains(URI_LOGIN)
+        || request.getRequestURI().contains(URI_STATE)
+        || request.getRequestURI().contains(URI_LOGOUT))
    {
      chain.doFilter(request, response);
    }