use apache shiro api for authentication resource

2025-11-11 07:55:47 +01:00 · 2012-08-29 16:29:41 +02:00
parent b70fc53571
commit f657e9d55b
3 changed files with 74 additions and 41 deletions
--- a/scm-core/src/main/java/sonia/scm/ScmState.java
+++ b/scm-core/src/main/java/sonia/scm/ScmState.java
@@ -73,9 +73,9 @@ public class ScmState
   * @param repositoryTypes - available repository types
   * @param clientConfig - client configuration
   */
+  @Deprecated
  public ScmState(SCMContextProvider provider,
-                  WebSecurityContext securityContext,
-                  Collection<Type> repositoryTypes,
+    WebSecurityContext securityContext, Collection<Type> repositoryTypes,
    ScmClientConfig clientConfig)
  {
    this(provider, securityContext, repositoryTypes, null, clientConfig);
@@ -93,10 +93,10 @@ public class ScmState
   *
   * @since 1.14
   */
+  @Deprecated
  public ScmState(SCMContextProvider provider,
-                  WebSecurityContext securityContext,
-                  Collection<Type> repositoryTypes, String defaultUserType,
-                  ScmClientConfig clientConfig)
+    WebSecurityContext securityContext, Collection<Type> repositoryTypes,
+    String defaultUserType, ScmClientConfig clientConfig)
  {
    this.version = provider.getVersion();
    this.user = securityContext.getUser();
@@ -106,6 +106,31 @@ public class ScmState
    this.defaultUserType = defaultUserType;
  }

+  /**
+   * Constructs {@link ScmState} object.
+   *
+   *
+   * @param provider context provider
+   * @param user current user
+   * @param groups groups of the current user
+   * @param repositoryTypes available repository types
+   * @param defaultUserType default user type
+   * @param clientConfig client configuration
+   *
+   * @since 1.21
+   */
+  public ScmState(SCMContextProvider provider, User user,
+    Collection<String> groups, Collection<Type> repositoryTypes,
+    String defaultUserType, ScmClientConfig clientConfig)
+  {
+    this.version = provider.getVersion();
+    this.user = user;
+    this.groups = groups;
+    this.repositoryTypes = repositoryTypes;
+    this.clientConfig = clientConfig;
+    this.defaultUserType = defaultUserType;
+  }
+
  //~--- get methods ----------------------------------------------------------

  /**
--- a/scm-webapp/src/main/java/sonia/scm/security/ScmAuthenticationToken.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/ScmAuthenticationToken.java
@@ -45,6 +45,7 @@ import javax.servlet.http.HttpServletResponse;
 /**
 *
 * @author Sebastian Sdorra
+ * @since 1.21
 */
 public class ScmAuthenticationToken implements AuthenticationToken
 {
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java
@@ -36,24 +36,28 @@ package sonia.scm.api.rest.resources;
 //~--- non-JDK imports --------------------------------------------------------

 import com.google.inject.Inject;
-import com.google.inject.Provider;
 import com.google.inject.Singleton;

+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.apache.shiro.subject.Subject;
+
 import org.codehaus.enunciate.jaxrs.TypeHint;
 import org.codehaus.enunciate.modules.jersey.ExternallyManagedLifecycle;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

-import sonia.scm.SCMContext;
 import sonia.scm.SCMContextProvider;
 import sonia.scm.ScmClientConfig;
 import sonia.scm.ScmState;
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.repository.RepositoryManager;
+import sonia.scm.security.Groups;
+import sonia.scm.security.ScmAuthenticationToken;
 import sonia.scm.user.User;
 import sonia.scm.user.UserManager;
-import sonia.scm.web.security.WebSecurityContext;

 //~--- JDK imports ------------------------------------------------------------

@@ -98,16 +102,14 @@ public class AuthenticationResource
   * @param securityContextProvider
   */
  @Inject
-  public AuthenticationResource(
-          SCMContextProvider contextProvider, ScmConfiguration configuration,
-          RepositoryManager repositoryManger, UserManager userManager,
-          Provider<WebSecurityContext> securityContextProvider)
+  public AuthenticationResource(SCMContextProvider contextProvider,
+    ScmConfiguration configuration, RepositoryManager repositoryManger,
+    UserManager userManager)
  {
    this.contextProvider = contextProvider;
    this.configuration = configuration;
    this.repositoryManger = repositoryManger;
    this.userManager = userManager;
-    this.securityContextProvider = securityContextProvider;
  }

  //~--- methods --------------------------------------------------------------
@@ -137,15 +139,16 @@ public class AuthenticationResource
    @FormParam("password") String password)
  {
    ScmState state = null;
-    WebSecurityContext securityContext = securityContextProvider.get();
-    User user = securityContext.authenticate(request, response, username,
-                  password);

-    if ((user != null) &&!SCMContext.USER_ANONYMOUS.equals(user.getName()))
+    Subject subject = SecurityUtils.getSubject();
+
+    try
    {
-      state = createState(securityContext);
+      subject.login(new ScmAuthenticationToken(request, response, username,
+        password));
+      state = createState(subject);
    }
-    else
+    catch (AuthenticationException ex)
    {
      throw new WebApplicationException(Response.Status.UNAUTHORIZED);
    }
@@ -173,16 +176,19 @@ public class AuthenticationResource
  public Response logout(@Context HttpServletRequest request,
    @Context HttpServletResponse response)
  {
-    WebSecurityContext securityContext = securityContextProvider.get();
+    Subject subject = SecurityUtils.getSubject();

-    securityContext.logout(request, response);
+    subject.logout();

    Response resp = null;
-    User user = securityContext.getUser();
+
+    // TODO handle anonymous access
+
+    User user = null;

    if (user != null)
    {
-      ScmState state = createState(securityContext);
+      ScmState state = createState(subject);

      resp = Response.ok(state).build();
    }
@@ -239,17 +245,16 @@ public class AuthenticationResource
  {
    Response response = null;
    ScmState state = null;
-    WebSecurityContext securityContext = securityContextProvider.get();
-    User user = securityContext.getUser();
+    Subject subject = SecurityUtils.getSubject();

-    if (user != null)
+    if (subject.isAuthenticated())
    {
      if (logger.isDebugEnabled())
      {
-        logger.debug("return state for user {}", user.getName());
+        logger.debug("return state for user {}", subject.getPrincipal());
      }

-      state = createState(securityContext);
+      state = createState(subject);
      response = Response.ok(state).build();
    }
    else
@@ -268,13 +273,18 @@ public class AuthenticationResource
   *
   * @param securityContext
   *
+   * @param subject
+   *
   * @return
   */
-  private ScmState createState(WebSecurityContext securityContext)
+  private ScmState createState(Subject subject)
  {
-    return new ScmState(contextProvider, securityContext,
-                        repositoryManger.getConfiguredTypes(),
-                        userManager.getDefaultType(),
+    PrincipalCollection collection = subject.getPrincipals();
+    User user = collection.oneByType(User.class);
+    Groups groups = collection.oneByType(Groups.class);
+
+    return new ScmState(contextProvider, user, groups.getGroups(),
+      repositoryManger.getConfiguredTypes(), userManager.getDefaultType(),
      new ScmClientConfig(configuration));
  }

@@ -289,9 +299,6 @@ public class AuthenticationResource
  /** Field description */
  private RepositoryManager repositoryManger;

-  /** Field description */
-  private Provider<WebSecurityContext> securityContextProvider;
-
  /** Field description */
  private UserManager userManager;
 }