2020-03-23 15:35:58 +01:00
|
|
|
/*
|
|
|
|
|
* MIT License
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
|
|
|
|
|
*
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
|
*
|
|
|
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
|
|
|
* copies or substantial portions of the Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
|
* SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
2019-10-09 16:41:55 +02:00
|
|
|
package sonia.scm.security;
|
|
|
|
|
|
|
|
|
|
import com.google.common.annotations.VisibleForTesting;
|
|
|
|
|
import com.google.inject.Inject;
|
|
|
|
|
import org.apache.shiro.authc.AuthenticationInfo;
|
|
|
|
|
import org.apache.shiro.authc.AuthenticationToken;
|
2019-10-10 13:40:40 +02:00
|
|
|
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
|
2019-10-09 16:41:55 +02:00
|
|
|
import org.apache.shiro.realm.AuthenticatingRealm;
|
2019-10-10 13:40:40 +02:00
|
|
|
import sonia.scm.SCMContext;
|
|
|
|
|
import sonia.scm.plugin.Extension;
|
2019-10-18 09:43:03 +02:00
|
|
|
import sonia.scm.user.UserDAO;
|
2019-10-09 16:41:55 +02:00
|
|
|
|
2019-10-10 13:40:40 +02:00
|
|
|
import javax.inject.Singleton;
|
2019-10-18 11:31:15 +02:00
|
|
|
import javax.ws.rs.NotAuthorizedException;
|
2019-10-10 13:40:40 +02:00
|
|
|
|
2019-10-17 09:26:36 +02:00
|
|
|
import static com.google.common.base.Preconditions.checkArgument;
|
|
|
|
|
|
2019-10-10 13:40:40 +02:00
|
|
|
@Singleton
|
|
|
|
|
@Extension
|
2019-10-09 16:41:55 +02:00
|
|
|
public class AnonymousRealm extends AuthenticatingRealm {
|
|
|
|
|
|
|
|
|
|
@VisibleForTesting
|
|
|
|
|
static final String REALM = "AnonymousRealm";
|
|
|
|
|
|
|
|
|
|
private final DAORealmHelper helper;
|
2019-10-18 09:43:03 +02:00
|
|
|
private final UserDAO userDAO;
|
2019-10-09 16:41:55 +02:00
|
|
|
|
|
|
|
|
@Inject
|
2019-10-18 09:43:03 +02:00
|
|
|
public AnonymousRealm(DAORealmHelperFactory helperFactory, UserDAO userDAO) {
|
2019-10-09 16:41:55 +02:00
|
|
|
this.helper = helperFactory.create(REALM);
|
2019-10-18 09:43:03 +02:00
|
|
|
this.userDAO = userDAO;
|
2019-10-09 16:41:55 +02:00
|
|
|
|
|
|
|
|
setAuthenticationTokenClass(AnonymousToken.class);
|
2019-10-10 13:40:40 +02:00
|
|
|
setCredentialsMatcher(new AllowAllCredentialsMatcher());
|
2019-10-09 16:41:55 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
2019-10-17 09:26:36 +02:00
|
|
|
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {
|
2019-10-18 09:43:03 +02:00
|
|
|
if (!userDAO.contains(SCMContext.USER_ANONYMOUS)) {
|
2019-10-18 11:31:15 +02:00
|
|
|
throw new NotAuthorizedException("trying to access anonymous but _anonymous user does not exist");
|
2019-10-18 09:43:03 +02:00
|
|
|
}
|
2019-10-17 09:26:36 +02:00
|
|
|
checkArgument(authenticationToken instanceof AnonymousToken, "%s is required", AnonymousToken.class);
|
2019-10-10 13:40:40 +02:00
|
|
|
return helper.authenticationInfoBuilder(SCMContext.USER_ANONYMOUS).build();
|
2019-10-09 16:41:55 +02:00
|
|
|
}
|
|
|
|
|
}
|
