Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-01-08 08:32:12 +01:00
Code Issues Packages Projects Releases Activity

Heed review remarks

Browse Source
This commit is contained in:
René Pfeuffer
2020-10-26 10:19:47 +01:00
parent 1ca18cd44c
commit 6002e560ef
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scm-webapp/src/main/java/sonia/scm/security/ApiKeyRealm.java
View File

@@ -46,7 +46,7 @@ import static com.google.common.base.Preconditions.checkArgument;
@Extension
public class ApiKeyRealm extends AuthenticatingRealm {
public static final String API_TOKEN_REALM_NAME = "ApiTokenRealm";
public static final String NAME = "ApiTokenRealm";
private static final Logger LOG = LoggerFactory.getLogger(ApiKeyRealm.class);
@@ -57,7 +57,7 @@ public class ApiKeyRealm extends AuthenticatingRealm {
@Inject
public ApiKeyRealm(ApiKeyService apiKeyService, DAORealmHelperFactory helperFactory, RepositoryRoleManager repositoryRoleManager) {
this.apiKeyService = apiKeyService;
this.helper = helperFactory.create(API_TOKEN_REALM_NAME);
this.helper = helperFactory.create(NAME);
this.repositoryRoleManager = repositoryRoleManager;
setAuthenticationTokenClass(BearerToken.class);
setCredentialsMatcher(new AllowAllCredentialsMatcher());

3
scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java
View File

@@ -33,7 +33,6 @@ import io.jsonwebtoken.SignatureAlgorithm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -156,7 +155,7 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
@Override
public JwtAccessToken build() {
if (ThreadContext.getSubject().getPrincipals().getRealmNames().contains(ApiKeyRealm.API_TOKEN_REALM_NAME)) {
if (SecurityUtils.getSubject().getPrincipals().getRealmNames().contains(ApiKeyRealm.NAME)) {
throw new AuthorizationException("Cannot create access token for api keys");
}
String id = keyGenerator.createKey();