do not use security context in core plugins and samples

2025-11-09 23:15:43 +01:00 · 2012-08-30 12:08:16 +02:00
parent c40cbeb4d6
commit 7d0980605e
5 changed files with 44 additions and 49 deletions
--- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgHookCallbackServlet.java
+++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgHookCallbackServlet.java
@@ -39,6 +39,9 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;

+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -51,9 +54,9 @@ import sonia.scm.repository.RepositoryManager;
 import sonia.scm.repository.RepositoryNotFoundException;
 import sonia.scm.repository.RepositoryUtil;
 import sonia.scm.security.CipherUtil;
+import sonia.scm.security.ScmAuthenticationToken;
 import sonia.scm.util.HttpUtil;
 import sonia.scm.util.Util;
-import sonia.scm.web.security.WebSecurityContext;

 //~--- JDK imports ------------------------------------------------------------

@@ -120,16 +123,14 @@ public class HgHookCallbackServlet extends HttpServlet
   * @param securityContextProvider
   */
  @Inject
-  public HgHookCallbackServlet(
-          RepositoryManager repositoryManager, HgRepositoryHandler handler,
-          HgHookManager hookManager, Provider<HgContext> contextProvider,
-          Provider<WebSecurityContext> securityContextProvider)
+  public HgHookCallbackServlet(RepositoryManager repositoryManager,
+    HgRepositoryHandler handler, HgHookManager hookManager,
+    Provider<HgContext> contextProvider)
  {
    this.repositoryManager = repositoryManager;
    this.handler = handler;
    this.hookManager = hookManager;
    this.contextProvider = contextProvider;
-    this.securityContextProvider = securityContextProvider;
  }

  //~--- methods --------------------------------------------------------------
@@ -146,7 +147,7 @@ public class HgHookCallbackServlet extends HttpServlet
   */
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
-          throws ServletException, IOException
+    throws ServletException, IOException
  {
    String ping = request.getParameter(PARAM_PING);

@@ -172,8 +173,8 @@ public class HgHookCallbackServlet extends HttpServlet
   */
  @Override
  protected void doPost(HttpServletRequest request,
-                        HttpServletResponse response)
-          throws ServletException, IOException
+    HttpServletResponse response)
+    throws ServletException, IOException
  {
    String strippedURI = HttpUtil.getStrippedURI(request);
    Matcher m = REGEX_URL.matcher(strippedURI);
@@ -229,7 +230,7 @@ public class HgHookCallbackServlet extends HttpServlet
   * @param credentials
   */
  private void authenticate(HttpServletRequest request,
-                            HttpServletResponse response, String credentials)
+    HttpServletResponse response, String credentials)
  {
    try
    {
@@ -241,10 +242,10 @@ public class HgHookCallbackServlet extends HttpServlet

        if (credentialsArray.length >= 2)
        {
-          WebSecurityContext context = securityContextProvider.get();
+          Subject subject = SecurityUtils.getSubject();

-          context.authenticate(request, response, credentialsArray[0],
-                               credentialsArray[1]);
+          subject.login(new ScmAuthenticationToken(request, response,
+            credentialsArray[0], credentialsArray[1]));
        }
      }
    }
@@ -266,8 +267,8 @@ public class HgHookCallbackServlet extends HttpServlet
   * @throws IOException
   */
  private void fireHook(HttpServletResponse response, String repositoryName,
-                        String node, RepositoryHookType type)
-          throws IOException
+    String node, RepositoryHookType type)
+    throws IOException
  {
    try
    {
@@ -277,9 +278,8 @@ public class HgHookCallbackServlet extends HttpServlet
      }

      repositoryManager.fireHookEvent(HgRepositoryHandler.TYPE_NAME,
-                                      repositoryName,
-                                      new HgRepositoryHookEvent(handler,
-                                        repositoryName, node, type));
+        repositoryName,
+        new HgRepositoryHookEvent(handler, repositoryName, node, type));
    }
    catch (RepositoryNotFoundException ex)
    {
@@ -310,9 +310,8 @@ public class HgHookCallbackServlet extends HttpServlet
   * @throws IOException
   */
  private void hookCallback(HttpServletResponse response,
-                            String repositoryName, String typeName,
-                            String challenge, String node)
-          throws IOException
+    String repositoryName, String typeName, String challenge, String node)
+    throws IOException
  {
    if (hookManager.isAcceptAble(challenge))
    {
@@ -404,7 +403,4 @@ public class HgHookCallbackServlet extends HttpServlet

  /** Field description */
  private RepositoryManager repositoryManager;
-
-  /** Field description */
-  private Provider<WebSecurityContext> securityContextProvider;
 }