fix anonymous access

2025-11-08 14:35:45 +01:00 · 2012-09-13 15:28:46 +02:00
parent f33a32a625
commit 492fb08558
9 changed files with 245 additions and 102 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
@@ -49,6 +49,7 @@ import org.codehaus.enunciate.modules.jersey.ExternallyManagedLifecycle;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import sonia.scm.SCMContext;
 import sonia.scm.SCMContextProvider;
 import sonia.scm.ScmClientConfig;
 import sonia.scm.ScmState;
@@ -61,6 +62,9 @@ import sonia.scm.user.UserManager;

 //~--- JDK imports ------------------------------------------------------------

+import java.util.Collection;
+import java.util.Collections;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@@ -253,7 +257,6 @@ public class AuthenticationResource
  public Response getState(@Context HttpServletRequest request)
  {
    Response response = null;
-    ScmState state = null;
    Subject subject = SecurityUtils.getSubject();

    if (subject.isAuthenticated())
@@ -263,7 +266,16 @@ public class AuthenticationResource
        logger.debug("return state for user {}", subject.getPrincipal());
      }

-      state = createState(subject);
+      ScmState state = createState(subject);
+
+      response = Response.ok(state).build();
+    }
+    else if (configuration.isAnonymousAccessEnabled())
+    {
+      User user = new User(SCMContext.USER_ANONYMOUS, "SCM Anonymous",
+                    "scm-anonymous@scm-manager.com");
+      ScmState state = createState(user, Collections.EMPTY_LIST);
+
      response = Response.ok(state).build();
    }
    else
@@ -292,7 +304,21 @@ public class AuthenticationResource
    User user = collection.oneByType(User.class);
    GroupNames groups = collection.oneByType(GroupNames.class);

-    return new ScmState(contextProvider, user, groups.getCollection(),
+    return createState(user, groups.getCollection());
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param user
+   * @param groups
+   *
+   * @return
+   */
+  private ScmState createState(User user, Collection<String> groups)
+  {
+    return new ScmState(contextProvider, user, groups,
      repositoryManger.getConfiguredTypes(), userManager.getDefaultType(),
      new ScmClientConfig(configuration));
  }
--- a/scm-webapp/src/main/java/sonia/scm/filter/AdminSecurityFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/AdminSecurityFilter.java
@@ -35,10 +35,12 @@ package sonia.scm.filter;

 //~--- non-JDK imports --------------------------------------------------------

+import com.google.inject.Inject;
 import com.google.inject.Singleton;

 import org.apache.shiro.subject.Subject;

+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.security.Role;

 /**
@@ -49,6 +51,20 @@ import sonia.scm.security.Role;
 public class AdminSecurityFilter extends SecurityFilter
 {

+  /**
+   * Constructs ...
+   *
+   *
+   * @param configuration
+   */
+  @Inject
+  public AdminSecurityFilter(ScmConfiguration configuration)
+  {
+    super(configuration);
+  }
+
+  //~--- get methods ----------------------------------------------------------
+
  /**
   * Method description
   *
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
@@ -35,11 +35,14 @@ package sonia.scm.filter;

 //~--- non-JDK imports --------------------------------------------------------

+import com.google.inject.Inject;
 import com.google.inject.Singleton;

 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.subject.Subject;

+import sonia.scm.SCMContext;
+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.user.User;
 import sonia.scm.web.filter.HttpFilter;
 import sonia.scm.web.filter.SecurityHttpServletRequestWrapper;
@@ -64,6 +67,20 @@ public class SecurityFilter extends HttpFilter
  /** Field description */
  public static final String URL_AUTHENTICATION = "/api/rest/authentication";

+  //~--- constructors ---------------------------------------------------------
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param configuration
+   */
+  @Inject
+  public SecurityFilter(ScmConfiguration configuration)
+  {
+    this.configuration = configuration;
+  }
+
  //~--- methods --------------------------------------------------------------

  /**
@@ -92,7 +109,7 @@ public class SecurityFilter extends HttpFilter
      if (hasPermission(subject))
      {
        chain.doFilter(new SecurityHttpServletRequestWrapper(request,
-          subject.getPrincipals().oneByType(User.class)), response);
+          getUser(subject)), response);
      }
      else if (subject.isAuthenticated())
      {
@@ -121,6 +138,37 @@ public class SecurityFilter extends HttpFilter
   */
  protected boolean hasPermission(Subject subject)
  {
-    return subject.isAuthenticated();
+    return ((configuration != null)
+      && configuration.isAnonymousAccessEnabled()) || subject.isAuthenticated();
  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param subject
+   *
+   * @return
+   */
+  private User getUser(Subject subject)
+  {
+    User user = null;
+
+    if (subject.isAuthenticated())
+    {
+      user = subject.getPrincipals().oneByType(User.class);
+    }
+    else
+    {
+      user = new User(SCMContext.USER_ANONYMOUS, "SCM Anonymous",
+        "scm-anonymous@scm-manager.com");
+    }
+
+    return user;
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private ScmConfiguration configuration;
 }
--- a/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
@@ -54,7 +54,6 @@ import sonia.scm.HandlerEvent;
 import sonia.scm.SCMContextProvider;
 import sonia.scm.Type;
 import sonia.scm.config.ScmConfiguration;
-import sonia.scm.security.RepositoryPermission;
 import sonia.scm.security.ScmSecurityException;
 import sonia.scm.util.AssertUtil;
 import sonia.scm.util.CollectionAppender;
@@ -869,7 +868,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
  {
    if (!SecurityUtils.getSubject().hasRole("admin"))
    {
-      throw new SecurityException("admin role is required");
+      throw new ScmSecurityException("admin role is required");
    }
  }

@@ -971,8 +970,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager
   */
  private boolean isPermitted(Repository repository, PermissionType type)
  {
-    return SecurityUtils.getSubject().isPermitted(
-      new RepositoryPermission(repository, PermissionType.READ));
+    return PermissionUtil.hasPermission(configuration, repository, type);
  }

  /**
--- a/scm-webapp/src/main/java/sonia/scm/web/security/ApiBasicAuthenticationFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/ApiBasicAuthenticationFilter.java
@@ -35,8 +35,10 @@ package sonia.scm.web.security;

 //~--- non-JDK imports --------------------------------------------------------

+import com.google.inject.Inject;
 import com.google.inject.Singleton;

+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.web.filter.BasicAuthenticationFilter;

 //~--- JDK imports ------------------------------------------------------------
@@ -65,6 +67,20 @@ public class ApiBasicAuthenticationFilter extends BasicAuthenticationFilter
  /** Field description */
  public static final String URI_STATE = "/api/rest/authentication/state";

+  //~--- constructors ---------------------------------------------------------
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param configuration
+   */
+  @Inject
+  public ApiBasicAuthenticationFilter(ScmConfiguration configuration)
+  {
+    super(configuration);
+  }
+
  //~--- methods --------------------------------------------------------------

  /**