prompt authentication again for failed subversion authentication and improved error message for missing privileges

2025-11-13 00:45:44 +01:00 · 2014-03-15 15:40:55 +01:00
parent 371e4e4de6
commit 84d3cadb12
6 changed files with 377 additions and 18 deletions
--- a/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnBasicAuthenticationFilter.java
+++ b/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnBasicAuthenticationFilter.java
@@ -0,0 +1,105 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+import org.tmatesoft.svn.core.SVNErrorCode;
+
+import sonia.scm.config.ScmConfiguration;
+import sonia.scm.repository.ScmSvnErrorCode;
+import sonia.scm.repository.SvnUtil;
+import sonia.scm.web.filter.AutoLoginModule;
+import sonia.scm.web.filter.BasicAuthenticationFilter;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.io.IOException;
+
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import sonia.scm.util.HttpUtil;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Singleton
+public class SvnBasicAuthenticationFilter extends BasicAuthenticationFilter
+{
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param configuration
+   * @param autoLoginModules
+   */
+  @Inject
+  public SvnBasicAuthenticationFilter(ScmConfiguration configuration,
+    Set<AutoLoginModule> autoLoginModules)
+  {
+    super(configuration, autoLoginModules);
+  }
+
+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Sends unauthorized instead of forbidden for svn clients, because the
+   * svn client prompts again for authentication.
+   *
+   *
+   * @param request http request
+   * @param response http response
+   *
+   * @throws IOException
+   */
+  @Override
+  protected void sendFailedAuthenticationError(HttpServletRequest request,
+    HttpServletResponse response)
+    throws IOException
+  {
+    if (SvnUtil.isSvnClient(request))
+    {
+      HttpUtil.sendUnauthorized(response, configuration.getRealmDescription());
+    }
+    else
+    {
+      super.sendFailedAuthenticationError(request, response);
+    }
+  }
+}
--- a/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java
+++ b/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java
@@ -39,15 +39,22 @@ import com.google.common.collect.ImmutableSet;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;

+import org.tmatesoft.svn.core.SVNErrorCode;
+
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.repository.RepositoryProvider;
+import sonia.scm.repository.ScmSvnErrorCode;
+import sonia.scm.repository.SvnUtil;
 import sonia.scm.web.filter.ProviderPermissionFilter;

 //~--- JDK imports ------------------------------------------------------------

+import java.io.IOException;
+
 import java.util.Set;

 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;

 /**
 *
@@ -58,22 +65,16 @@ public class SvnPermissionFilter extends ProviderPermissionFilter
 {

  /** Field description */
-  private static Set<String> WRITEMETHOD_SET = ImmutableSet.of("MKACTIVITY",
-                                                 "PROPPATCH", "PUT",
-                                                 "CHECKOUT", "MKCOL", "MOVE",
-                                                 "COPY", "DELETE", "LOCK",
-                                                 "UNLOCK", "MERGE");
+  private static final Set<String> WRITEMETHOD_SET =
+    ImmutableSet.of("MKACTIVITY", "PROPPATCH", "PUT", "CHECKOUT", "MKCOL",
+      "MOVE", "COPY", "DELETE", "LOCK", "UNLOCK", "MERGE");

  //~--- constructors ---------------------------------------------------------

  /**
   * Constructs ...
   *
-   *
-   *
-   *
   * @param configuration
-   * @param securityContextProvider
   * @param repository
   */
  @Inject
@@ -83,6 +84,33 @@ public class SvnPermissionFilter extends ProviderPermissionFilter
    super(configuration, repository);
  }

+  //~--- methods --------------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   * @param response
+   *
+   * @throws IOException
+   */
+  @Override
+  protected void sendNotEnoughPrivilegesError(HttpServletRequest request,
+    HttpServletResponse response)
+    throws IOException
+  {
+    if (SvnUtil.isSvnClient(request))
+    {
+      SvnUtil.sendError(request, response, HttpServletResponse.SC_FORBIDDEN,
+        ScmSvnErrorCode.AUTHZ_NOT_ENOUGH_PRIVILEGES);
+    }
+    else
+    {
+      super.sendNotEnoughPrivilegesError(request, response);
+    }
+  }
+
  //~--- get methods ----------------------------------------------------------

  /**
--- a/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java
+++ b/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java
@@ -69,7 +69,7 @@ public class SvnServletModule extends ServletModule
  protected void configureServlets()
  {
    filter(PATTERN_SVN).through(SvnGZipFilter.class);
-    filter(PATTERN_SVN).through(BasicAuthenticationFilter.class);
+    filter(PATTERN_SVN).through(SvnBasicAuthenticationFilter.class);
    filter(PATTERN_SVN).through(SvnPermissionFilter.class);

    Map<String, String> parameters = new HashMap<String, String>();