diff --git a/scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java b/scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java index afd1d1e681..57ecda6da2 100644 --- a/scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java +++ b/scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java @@ -183,7 +183,7 @@ public final class PermissionUtil Subject subject = SecurityUtils.getSubject(); - if (subject.isAuthenticated()) + if (subject.isAuthenticated() || subject.isRemembered()) { String username = subject.getPrincipal().toString(); diff --git a/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java b/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java index dd41afd9d5..a92ba230a5 100644 --- a/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java +++ b/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java @@ -87,7 +87,7 @@ public final class SecurityUtil { Subject subject = SecurityUtils.getSubject(); - if (!subject.isAuthenticated()) + if (!subject.hasRole(Role.USER)) { throw new ScmSecurityException("user is not authenticated"); } diff --git a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java index 3bc8312b50..da3a8ead39 100644 --- a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java +++ b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java @@ -65,6 +65,7 @@ import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import sonia.scm.security.Role; /** * Abstract http filter to check repository permissions. @@ -255,7 +256,7 @@ public abstract class PermissionFilter extends HttpFilter private void sendAccessDenied(HttpServletResponse response, Subject subject) throws IOException { - if (subject.isAuthenticated()) + if (subject.hasRole(Role.USER)) { response.sendError(HttpServletResponse.SC_FORBIDDEN); } diff --git a/scm-plugin-backend/src/main/java/sonia/scm/plugin/rest/SubjectWrapper.java b/scm-plugin-backend/src/main/java/sonia/scm/plugin/rest/SubjectWrapper.java index c245ecab76..2b04262ec0 100644 --- a/scm-plugin-backend/src/main/java/sonia/scm/plugin/rest/SubjectWrapper.java +++ b/scm-plugin-backend/src/main/java/sonia/scm/plugin/rest/SubjectWrapper.java @@ -73,7 +73,7 @@ public class SubjectWrapper { String name; - if (subject.isAuthenticated()) + if (subject.isAuthenticated() || subject.isRemembered()) { name = (String) subject.getPrincipal(); } @@ -104,7 +104,7 @@ public class SubjectWrapper */ public boolean isAuthenticated() { - return subject.isAuthenticated(); + return subject.isAuthenticated() || subject.isRemembered(); } //~--- fields --------------------------------------------------------------- diff --git a/scm-samples/scm-sample-hello/src/main/java/sample/hello/HelloResource.java b/scm-samples/scm-sample-hello/src/main/java/sample/hello/HelloResource.java index 2064c7ffc0..586c03ced3 100644 --- a/scm-samples/scm-sample-hello/src/main/java/sample/hello/HelloResource.java +++ b/scm-samples/scm-sample-hello/src/main/java/sample/hello/HelloResource.java @@ -66,7 +66,7 @@ public class HelloResource Subject subject = SecurityUtils.getSubject(); String displayName = "Unknown"; - if (subject.isAuthenticated()) + if (subject.isAuthenticated() || subject.isRemembered()) { displayName = subject.getPrincipals().oneByType(User.class).getDisplayName(); diff --git a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java index 48c63b3b0a..121729f65b 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java +++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java @@ -65,6 +65,7 @@ import javax.ws.rs.Produces; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import sonia.scm.security.Role; /** * @@ -137,7 +138,7 @@ public class ChangePasswordResource Response response = null; Subject subject = SecurityUtils.getSubject(); - if (!subject.isAuthenticated()) + if (!subject.hasRole(Role.USER)) { throw new ScmSecurityException("user is not authenticated"); } diff --git a/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java b/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java index ea3deec0e0..b469a6b89a 100644 --- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java +++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java @@ -111,7 +111,7 @@ public class SecurityFilter extends HttpFilter chain.doFilter(new SecurityHttpServletRequestWrapper(request, getUser(subject)), response); } - else if (subject.isAuthenticated()) + else if (subject.isAuthenticated() || subject.isRemembered()) { response.sendError(HttpServletResponse.SC_FORBIDDEN); } @@ -142,8 +142,7 @@ public class SecurityFilter extends HttpFilter */ protected boolean hasPermission(Subject subject) { - return ((configuration != null) - && configuration.isAnonymousAccessEnabled()) || subject.isAuthenticated(); + return ((configuration != null) && configuration.isAnonymousAccessEnabled()) || subject.isAuthenticated() || subject.isRemembered(); } /** @@ -158,7 +157,7 @@ public class SecurityFilter extends HttpFilter { User user = null; - if (subject.isAuthenticated()) + if (subject.isAuthenticated() || subject.isRemembered()) { user = subject.getPrincipals().oneByType(User.class); } diff --git a/scm-webapp/src/main/java/sonia/scm/search/SearchHandler.java b/scm-webapp/src/main/java/sonia/scm/search/SearchHandler.java index e3a0f25c5c..1f00328246 100644 --- a/scm-webapp/src/main/java/sonia/scm/search/SearchHandler.java +++ b/scm-webapp/src/main/java/sonia/scm/search/SearchHandler.java @@ -55,6 +55,7 @@ import java.util.Collection; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response.Status; +import sonia.scm.security.Role; /** * @@ -112,7 +113,7 @@ public class SearchHandler { Subject subject = SecurityUtils.getSubject(); - if (!subject.isAuthenticated()) + if (!subject.hasRole(Role.USER)) { throw new ScmSecurityException("Authentication is required"); } diff --git a/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java b/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java index 465a66465e..3b82269bde 100644 --- a/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java +++ b/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java @@ -169,7 +169,7 @@ public class DefaultUserManager extends AbstractUserManager Subject subject = SecurityUtils.getSubject(); - if (!subject.isAuthenticated()) + if (!subject.hasRole(Role.USER)) { throw new ScmSecurityException("user is not authenticated"); } diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java index 1cd5d645cd..ecc197e8a5 100644 --- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java +++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java @@ -227,7 +227,7 @@ public class BasicSecurityContext implements WebSecurityContext T result = null; Subject subject = SecurityUtils.getSubject(); - if (subject.isAuthenticated()) + if (subject.isAuthenticated() || subject.isRemembered()) { PrincipalCollection pc = subject.getPrincipals(); diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java b/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java index 34517fab79..64854f0df3 100644 --- a/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java +++ b/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java @@ -242,7 +242,7 @@ public class DefaultAdministrationContext implements AdministrationContext { String username = null; - if (subject.isAuthenticated()) + if (subject.hasRole(Role.USER)) { username = principal; }