do not send WWW-Authenticate header, if the client is the web interface

2026-01-28 10:19:08 +01:00 · 2012-08-17 08:51:16 +02:00
parent c141dd3928
commit 6a11c02dd0
2 changed files with 68 additions and 11 deletions
--- a/scm-core/src/main/java/sonia/scm/util/HttpUtil.java
+++ b/scm-core/src/main/java/sonia/scm/util/HttpUtil.java
@@ -65,6 +65,12 @@ public class HttpUtil
  /** Field description */
  public static final String ENCODING = "UTF-8";

+  /**
+   * header for identifying the scm-manager client
+   * @since 1.19
+   */
+  public static final String HEADER_SCM_CLIENT = "X-SCM-Client";
+
  /** authentication header */
  public static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";

@@ -92,6 +98,14 @@ public class HttpUtil
   */
  public static final String SCHEME_HTTPS = "https";

+  /**
+   * Possible value of the X-SCM-Client http header. Identifies the
+   * scm-manager web interface.
+   *
+   * @since 1.19
+   */
+  public static final String SCM_CLIENT_WUI = "WUI";
+
  /**
   * Url hash separator
   * @since 1.9
@@ -155,7 +169,7 @@ public class HttpUtil
   */
  public static String append(String uri, String suffix)
  {
-    if (!uri.endsWith(SEPARATOR_PATH) && !suffix.startsWith(SEPARATOR_PATH))
+    if (!uri.endsWith(SEPARATOR_PATH) &&!suffix.startsWith(SEPARATOR_PATH))
    {
      uri = uri.concat(SEPARATOR_PATH);
    }
@@ -203,7 +217,7 @@ public class HttpUtil
    }

    return new StringBuilder(uri).append(s).append(name).append(
-        SEPARATOR_PARAMETER_VALUE).append(value).toString();
+      SEPARATOR_PARAMETER_VALUE).append(value).toString();
  }

  /**
@@ -282,13 +296,41 @@ public class HttpUtil
   * @throws IOException
   */
  public static void sendUnauthorized(HttpServletResponse response)
-          throws IOException
+    throws IOException
  {
-    response.setHeader(
-        HEADER_WWW_AUTHENTICATE,
+
+    sendUnauthorized(null, response);
+  }
+
+  /**
+   * Send an unauthorized header back to the client
+   *
+   *
+   * @param request http request
+   * @param response http response
+   *
+   * @throws IOException
+   *
+   * @since 1.19
+   */
+  public static void sendUnauthorized(HttpServletRequest request,
+    HttpServletResponse response)
+    throws IOException
+  {
+    if ((request == null) ||!isWUIRequest(request))
+    {
+      response.setHeader(HEADER_WWW_AUTHENTICATE,
        "Basic realm=\"".concat(AUTHENTICATION_REALM).concat("\""));
+
+    }
+    else if (logger.isTraceEnabled())
+    {
+      logger.trace(
+        "do not send WWW-Authenticate header, because the client is the web interface");
+    }
+
    response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
-                       STATUS_UNAUTHORIZED_MESSAGE);
+      STATUS_UNAUTHORIZED_MESSAGE);
  }

  //~--- get methods ----------------------------------------------------------
@@ -304,7 +346,7 @@ public class HttpUtil
   * @since 1.16
   */
  public static String getCompleteUrl(HttpServletRequest request,
-          String... pathSegments)
+    String... pathSegments)
  {
    String baseUrl =
      request.getRequestURL().toString().replace(request.getRequestURI(),
@@ -333,7 +375,7 @@ public class HttpUtil
   * @return the complete url of the given path
   */
  public static String getCompleteUrl(ScmConfiguration configuration,
-          String path)
+    String path)
  {
    String url = configuration.getBaseUrl();

@@ -406,7 +448,7 @@ public class HttpUtil
   * @return the server port
   */
  public static int getServerPort(ScmConfiguration configuration,
-                                  HttpServletRequest request)
+    HttpServletRequest request)
  {
    int port = PORT_HTTP;
    String baseUrl = configuration.getBaseUrl();
@@ -487,4 +529,19 @@ public class HttpUtil

    return uri;
  }
+
+  /**
+   * Returns true if the http request is send by the scm-manager web interface.
+   *
+   *
+   * @param request http request
+   *
+   * @return true if the request comes from the web interface.
+   * @since 1.19
+   */
+  public static boolean isWUIRequest(HttpServletRequest request)
+  {
+    return SCM_CLIENT_WUI.equalsIgnoreCase(
+      request.getHeader(HEADER_SCM_CLIENT));
+  }
 }
--- a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
@@ -158,7 +158,7 @@ public class BasicAuthenticationFilter extends HttpFilter
        logger.trace("could not find user send unauthorized");
      }

-      HttpUtil.sendUnauthorized(response);
+      HttpUtil.sendUnauthorized(request, response);
    }
    else
    {
@@ -185,7 +185,7 @@ public class BasicAuthenticationFilter extends HttpFilter
                                    FilterChain chain)
          throws IOException, ServletException
  {
-    HttpUtil.sendUnauthorized(response);
+    HttpUtil.sendUnauthorized(request, response);
  }

  /**