mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-10 07:25:44 +01:00
added securityfilter
This commit is contained in:
Sebastian Sdorra
@@ -19,6 +19,7 @@ import sonia.scm.filter.GZipFilter;
|
||||
import sonia.scm.filter.StaticResourceFilter;
|
||||
import sonia.scm.security.Authenticator;
|
||||
import sonia.scm.security.DemoAuthenticator;
|
||||
import sonia.scm.security.SecurityFilter;
|
||||
|
||||
//~--- JDK imports ------------------------------------------------------------
|
||||
|
||||
@@ -85,6 +86,7 @@ public class ContextListener extends GuiceServletContextListener
|
||||
filter(PATTERN_PAGE,
|
||||
PATTERN_STATIC_RESOURCES).through(StaticResourceFilter.class);
|
||||
filter(PATTERN_PAGE, PATTERN_COMPRESSABLE).through(GZipFilter.class);
|
||||
filter(PATTERN_RESTAPI).through(SecurityFilter.class);
|
||||
|
||||
// jersey
|
||||
Map<String, String> params = new HashMap<String, String>();
|
||||
|
||||
@@ -11,6 +11,8 @@ package sonia.scm.filter;
|
||||
|
||||
import com.google.inject.Singleton;
|
||||
|
||||
import sonia.scm.util.WebUtil;
|
||||
|
||||
//~--- JDK imports ------------------------------------------------------------
|
||||
|
||||
import java.io.IOException;
|
||||
@@ -44,9 +46,7 @@ public class GZipFilter extends HttpFilter
|
||||
HttpServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException
|
||||
{
|
||||
String ae = request.getHeader("accept-encoding");
|
||||
|
||||
if ((ae != null) && (ae.indexOf("gzip") != -1))
|
||||
if (WebUtil.isGzipSupported(request))
|
||||
{
|
||||
GZipResponseWrapper wrappedResponse = new GZipResponseWrapper(response);
|
||||
|
||||
|
||||
@@ -10,7 +10,10 @@ package sonia.scm.security;
|
||||
//~--- non-JDK imports --------------------------------------------------------
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
|
||||
import sonia.scm.User;
|
||||
import sonia.scm.filter.HttpFilter;
|
||||
|
||||
//~--- JDK imports ------------------------------------------------------------
|
||||
|
||||
@@ -18,13 +21,8 @@ import java.io.IOException;
|
||||
|
||||
import java.security.Principal;
|
||||
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletRequestWrapper;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
@@ -33,7 +31,8 @@ import javax.servlet.http.HttpServletResponse;
|
||||
*
|
||||
* @author Sebastian Sdorra
|
||||
*/
|
||||
public class SecurityFilter implements Filter
|
||||
@Singleton
|
||||
public class SecurityFilter extends HttpFilter
|
||||
{
|
||||
|
||||
/** Field description */
|
||||
@@ -44,77 +43,41 @@ public class SecurityFilter implements Filter
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*/
|
||||
@Override
|
||||
public void destroy()
|
||||
{
|
||||
|
||||
// do nothing
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*
|
||||
* @param req
|
||||
* @param res
|
||||
* @param request
|
||||
* @param response
|
||||
* @param chain
|
||||
*
|
||||
* @throws IOException
|
||||
* @throws ServletException
|
||||
*/
|
||||
@Override
|
||||
public void doFilter(ServletRequest req, ServletResponse res,
|
||||
FilterChain chain)
|
||||
protected void doFilter(HttpServletRequest request,
|
||||
HttpServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException
|
||||
{
|
||||
if ((req instanceof HttpServletRequest)
|
||||
&& (res instanceof HttpServletResponse))
|
||||
String uri =
|
||||
request.getRequestURI().substring(request.getContextPath().length());
|
||||
|
||||
if (!uri.startsWith(URL_AUTHENTICATION))
|
||||
{
|
||||
HttpServletRequest request = (HttpServletRequest) req;
|
||||
String uri =
|
||||
request.getRequestURI().substring(request.getContextPath().length());
|
||||
User user = authenticator.getUser(request);
|
||||
|
||||
if (!uri.startsWith(URL_AUTHENTICATION))
|
||||
if (user != null)
|
||||
{
|
||||
User user = authenticator.getUser(request);
|
||||
|
||||
if (user != null)
|
||||
{
|
||||
chain.doFilter(new ScmHttpServletRequest(request, user), res);
|
||||
}
|
||||
else
|
||||
{
|
||||
((HttpServletResponse) res).sendError(
|
||||
HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
chain.doFilter(new ScmHttpServletRequest(request, user), response);
|
||||
}
|
||||
else
|
||||
{
|
||||
chain.doFilter(req, res);
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ServletException("request is not an HttpServletRequest");
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*
|
||||
* @param filterConfig
|
||||
*
|
||||
* @throws ServletException
|
||||
*/
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) throws ServletException
|
||||
{
|
||||
|
||||
// do nothing
|
||||
}
|
||||
|
||||
//~--- inner classes --------------------------------------------------------
|
||||
|
||||
/**
|
||||
|
||||
@@ -39,6 +39,9 @@ public class WebUtil
|
||||
public static final String DATE_PREVENT_CACHE =
|
||||
"Tue, 09 Apr 1985 10:00:00 GMT";
|
||||
|
||||
/** Field description */
|
||||
public static final String HEADER_ACCEPTENCODING = "Accept-Encoding";
|
||||
|
||||
/** Field description */
|
||||
public static final String HEADER_CACHECONTROL = "Cache-Control";
|
||||
|
||||
@@ -238,7 +241,7 @@ public class WebUtil
|
||||
*/
|
||||
public static boolean isGzipSupported(HttpServletRequest request)
|
||||
{
|
||||
String enc = request.getHeader("Accept-Encoding");
|
||||
String enc = request.getHeader(HEADER_ACCEPTENCODING);
|
||||
|
||||
return (enc != null) && enc.contains("gzip");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user