added securityfilter

2025-11-10 15:35:49 +01:00 · 2010-09-14 13:07:11 +02:00
parent c4b8936b79
commit 967b86f166
4 changed files with 27 additions and 59 deletions
--- a/scm-webapp/src/main/java/sonia/scm/ContextListener.java
+++ b/scm-webapp/src/main/java/sonia/scm/ContextListener.java
@@ -19,6 +19,7 @@ import sonia.scm.filter.GZipFilter;
 import sonia.scm.filter.StaticResourceFilter;
 import sonia.scm.security.Authenticator;
 import sonia.scm.security.DemoAuthenticator;
 import sonia.scm.security.SecurityFilter;
 //~--- JDK imports ------------------------------------------------------------
@@ -85,6 +86,7 @@ public class ContextListener extends GuiceServletContextListener
        filter(PATTERN_PAGE,
               PATTERN_STATIC_RESOURCES).through(StaticResourceFilter.class);
        filter(PATTERN_PAGE, PATTERN_COMPRESSABLE).through(GZipFilter.class);
        filter(PATTERN_RESTAPI).through(SecurityFilter.class);
        // jersey
        Map<String, String> params = new HashMap<String, String>();
--- a/scm-webapp/src/main/java/sonia/scm/filter/GZipFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/GZipFilter.java
@@ -11,6 +11,8 @@ package sonia.scm.filter;
 import com.google.inject.Singleton;
 import sonia.scm.util.WebUtil;
 //~--- JDK imports ------------------------------------------------------------
 import java.io.IOException;
@@ -44,9 +46,7 @@ public class GZipFilter extends HttpFilter
                          HttpServletResponse response, FilterChain chain)
          throws IOException, ServletException
  {
-    String ae = request.getHeader("accept-encoding");
+    if (WebUtil.isGzipSupported(request))
    if ((ae != null) && (ae.indexOf("gzip") != -1))
    {
      GZipResponseWrapper wrappedResponse = new GZipResponseWrapper(response);
--- a/scm-webapp/src/main/java/sonia/scm/security/SecurityFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/SecurityFilter.java
@@ -10,7 +10,10 @@ package sonia.scm.security;
 //~--- non-JDK imports --------------------------------------------------------
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
 import sonia.scm.User;
 import sonia.scm.filter.HttpFilter;
 //~--- JDK imports ------------------------------------------------------------
@@ -18,13 +21,8 @@ import java.io.IOException;
 import java.security.Principal;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
@@ -33,7 +31,8 @@ import javax.servlet.http.HttpServletResponse;
 *
 * @author Sebastian Sdorra
 */
-public class SecurityFilter implements Filter
+@Singleton
 public class SecurityFilter extends HttpFilter
 {
  /** Field description */
@@ -44,77 +43,41 @@ public class SecurityFilter implements Filter
  /**
   * Method description
   *
   */
  @Override
  public void destroy()
  {
    // do nothing
  }
  /**
   * Method description
   *
-   *
+   * @param request
-   * @param req
+   * @param response
   * @param res
   * @param chain
   *
   * @throws IOException
   * @throws ServletException
   */
  @Override
-  public void doFilter(ServletRequest req, ServletResponse res,
+  protected void doFilter(HttpServletRequest request,
-                       FilterChain chain)
+                          HttpServletResponse response, FilterChain chain)
          throws IOException, ServletException
  {
-    if ((req instanceof HttpServletRequest)
+    String uri =
-        && (res instanceof HttpServletResponse))
+      request.getRequestURI().substring(request.getContextPath().length());
    if (!uri.startsWith(URL_AUTHENTICATION))
    {
-      HttpServletRequest request = (HttpServletRequest) req;
+      User user = authenticator.getUser(request);
      String uri =
        request.getRequestURI().substring(request.getContextPath().length());
-      if (!uri.startsWith(URL_AUTHENTICATION))
+      if (user != null)
      {
-        User user = authenticator.getUser(request);
+        chain.doFilter(new ScmHttpServletRequest(request, user), response);
        if (user != null)
        {
          chain.doFilter(new ScmHttpServletRequest(request, user), res);
        }
        else
        {
          ((HttpServletResponse) res).sendError(
              HttpServletResponse.SC_UNAUTHORIZED);
        }
      }
      else
      {
-        chain.doFilter(req, res);
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
      }
    }
    else
    {
-      throw new ServletException("request is not an HttpServletRequest");
+      chain.doFilter(request, response);
    }
  }
  /**
   * Method description
   *
   *
   * @param filterConfig
   *
   * @throws ServletException
   */
  @Override
  public void init(FilterConfig filterConfig) throws ServletException
  {
    // do nothing
  }
  //~--- inner classes --------------------------------------------------------
  /**
--- a/scm-webapp/src/main/java/sonia/scm/util/WebUtil.java
+++ b/scm-webapp/src/main/java/sonia/scm/util/WebUtil.java
@@ -39,6 +39,9 @@ public class WebUtil
  public static final String DATE_PREVENT_CACHE =
    "Tue, 09 Apr 1985 10:00:00 GMT";
  /** Field description */
  public static final String HEADER_ACCEPTENCODING = "Accept-Encoding";
  /** Field description */
  public static final String HEADER_CACHECONTROL = "Cache-Control";
@@ -238,7 +241,7 @@ public class WebUtil
   */
  public static boolean isGzipSupported(HttpServletRequest request)
  {
-    String enc = request.getHeader("Accept-Encoding");
+    String enc = request.getHeader(HEADER_ACCEPTENCODING);
    return (enc != null) && enc.contains("gzip");
  }