Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-04-05 11:48:57 +02:00
Code Issues Packages Projects Releases Activity

merge with branch issue-384

Browse Source
This commit is contained in:
Sebastian Sdorra
2013-04-26 14:46:37 +02:00
parent 6ca57dc2e8 c9dfd62db1
commit 1726bb0bc0
17 changed files with 65 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java
View File

@@ -183,7 +183,7 @@ public final class PermissionUtil
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated())
if (subject.isAuthenticated() || subject.isRemembered())
{
String username = subject.getPrincipal().toString();

25
scm-core/src/main/java/sonia/scm/security/Tokens.java
View File

@@ -69,12 +69,33 @@ public final class Tokens
* @param username username of the user to authenticate
* @param password password of the user to authenticate
*
* @return
* @return authentication token
*/
public static AuthenticationToken createAuthenticationToken(
HttpServletRequest request, String username, String password)
{
return new UsernamePasswordToken(username, password,
return createAuthenticationToken(request, username, password, false);
}
/**
* Build an {@link AuthenticationToken} for use with
* {@link Subject#login(org.apache.shiro.authc.AuthenticationToken)}.
*
*
* @param request servlet request
* @param username username of the user to authenticate
* @param password password of the user to authenticate
* @param rememberMe true to remember the user across sessions
*
* @return authentication token
*
* @since 1.31
*/
public static AuthenticationToken createAuthenticationToken(
HttpServletRequest request, String username, String password,
boolean rememberMe)
{
return new UsernamePasswordToken(username, password, rememberMe,
request.getRemoteAddr());
}
}

2
scm-core/src/main/java/sonia/scm/util/SecurityUtil.java
View File

@@ -87,7 +87,7 @@ public final class SecurityUtil
{
Subject subject = SecurityUtils.getSubject();
if (!subject.isAuthenticated())
if (!subject.hasRole(Role.USER))
{
throw new ScmSecurityException("user is not authenticated");
}

2
scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
View File

@@ -156,7 +156,7 @@ public class BasicAuthenticationFilter extends HttpFilter
}
}
}
else if (subject.isAuthenticated())
else if (subject.isAuthenticated() || subject.isRemembered())
{
if (logger.isTraceEnabled())
{

3
scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
View File

@@ -65,6 +65,7 @@ import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sonia.scm.security.Role;
/**
* Abstract http filter to check repository permissions.
@@ -255,7 +256,7 @@ public abstract class PermissionFilter extends HttpFilter
private void sendAccessDenied(HttpServletResponse response, Subject subject)
throws IOException
{
if (subject.isAuthenticated())
if (subject.hasRole(Role.USER))
{
response.sendError(HttpServletResponse.SC_FORBIDDEN);
}