Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-18 03:01:05 +01:00
Code Issues Packages Projects Releases Activity

added AdminSecurityFilter

Browse Source
This commit is contained in:
Sebastian Sdorra
2011-02-22 15:06:20 +01:00
parent 0fd4abd09c
commit e85599ba6f
4 changed files with 127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
View File

@@ -44,6 +44,7 @@ import sonia.scm.api.rest.UriExtensionsConfig;
import sonia.scm.cache.CacheManager; import sonia.scm.cache.CacheManager;
import sonia.scm.cache.EhCacheManager; import sonia.scm.cache.EhCacheManager;
import sonia.scm.config.ScmConfiguration; import sonia.scm.config.ScmConfiguration;
import sonia.scm.filter.AdminSecurityFilter;
import sonia.scm.filter.GZipFilter; import sonia.scm.filter.GZipFilter;
import sonia.scm.filter.SSLFilter; import sonia.scm.filter.SSLFilter;
import sonia.scm.filter.SecurityFilter; import sonia.scm.filter.SecurityFilter;
@@ -97,9 +98,17 @@ import javax.xml.bind.JAXB;
public class ScmServletModule extends ServletModule public class ScmServletModule extends ServletModule
{ {
/** Field description */
public static final String[] PATTERN_ADMIN = new String[] {
"/api/rest/groups*",
"/api/rest/users*", "/api/rest/plguins*" };
/** Field description */ /** Field description */
public static final String PATTERN_ALL = "/*"; public static final String PATTERN_ALL = "/*";
/** Field description */
public static final String PATTERN_CONFIG = "/api/rest/config*";
/** Field description */ /** Field description */
public static final String PATTERN_DEBUG = "/debug.html"; public static final String PATTERN_DEBUG = "/debug.html";
@@ -210,6 +219,7 @@ public class ScmServletModule extends ServletModule
filter(PATTERN_ALL).through(SSLFilter.class); filter(PATTERN_ALL).through(SSLFilter.class);
filterRegex(RESOURCE_REGEX).through(GZipFilter.class); filterRegex(RESOURCE_REGEX).through(GZipFilter.class);
filter(PATTERN_RESTAPI, PATTERN_DEBUG).through(SecurityFilter.class); filter(PATTERN_RESTAPI, PATTERN_DEBUG).through(SecurityFilter.class);
filter(PATTERN_CONFIG, PATTERN_ADMIN).through(AdminSecurityFilter.class);
// debug servlet // debug servlet
serve(PATTERN_DEBUG).with(DebugServlet.class); serve(PATTERN_DEBUG).with(DebugServlet.class);

15
scm-webapp/src/main/java/sonia/scm/api/rest/resources/ConfigurationResource.java
View File

@@ -99,9 +99,20 @@ public class ConfigurationResource
*/ */
@GET @GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public ScmConfiguration getConfiguration() public Response getConfiguration()
{ {
return configuration; Response response = null;
if (SecurityUtil.isAdmin(securityContextProvider))
{
response = Response.ok(configuration).build();
}
else
{
response = Response.status(Response.Status.FORBIDDEN).build();
}
return response;
} }
//~--- set methods ---------------------------------------------------------- //~--- set methods ----------------------------------------------------------

81
scm-webapp/src/main/java/sonia/scm/filter/AdminSecurityFilter.java Normal file
View File

@@ -0,0 +1,81 @@
/**
* Copyright (c) 2010, Sebastian Sdorra
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of SCM-Manager; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.filter;
//~--- non-JDK imports --------------------------------------------------------
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import sonia.scm.util.SecurityUtil;
import sonia.scm.web.security.WebSecurityContext;
/**
*
* @author Sebastian Sdorra
*/
@Singleton
public class AdminSecurityFilter extends SecurityFilter
{
/**
* Constructs ...
*
*
* @param securityContextProvider
*/
@Inject
public AdminSecurityFilter(
Provider<WebSecurityContext> securityContextProvider)
{
super(securityContextProvider);
}
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @param securityContext
*
* @return
*/
@Override
protected boolean hasPermission(WebSecurityContext securityContext)
{
return SecurityUtil.isAdmin(securityContext);
}
}

25
scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
View File

@@ -29,6 +29,8 @@
* *
*/ */
package sonia.scm.filter; package sonia.scm.filter;
//~--- non-JDK imports -------------------------------------------------------- //~--- non-JDK imports --------------------------------------------------------
@@ -102,15 +104,19 @@ public class SecurityFilter extends HttpFilter
if (!uri.startsWith(URL_AUTHENTICATION)) if (!uri.startsWith(URL_AUTHENTICATION))
{ {
if (securityContext.isAuthenticated()) if (hasPermission(securityContext))
{ {
chain.doFilter(new SecurityHttpServletRequestWrapper(request, chain.doFilter(new SecurityHttpServletRequestWrapper(request,
securityContext.getUser()), response); securityContext.getUser()), response);
} }
else else if (securityContext.isAuthenticated())
{ {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} }
else
{
response.sendError(HttpServletResponse.SC_FORBIDDEN);
}
} }
else else
{ {
@@ -123,6 +129,21 @@ public class SecurityFilter extends HttpFilter
} }
} }
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @param securityContext
*
* @return
*/
protected boolean hasPermission(WebSecurityContext securityContext)
{
return securityContext.isAuthenticated();
}
//~--- fields --------------------------------------------------------------- //~--- fields ---------------------------------------------------------------
/** Field description */ /** Field description */