mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-07-07 19:23:06 +02:00
merge with branch issue-545
This commit is contained in:
@@ -35,7 +35,6 @@ package sonia.scm.web.filter;
|
||||
|
||||
//~--- non-JDK imports --------------------------------------------------------
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -85,6 +84,9 @@ public class BasicAuthenticationFilter extends AutoLoginFilter
|
||||
/** Field description */
|
||||
public static final String HEADER_AUTHORIZATION = "Authorization";
|
||||
|
||||
/** marker for failed authentication */
|
||||
private static final String ATTRIBUTE_FAILED_AUTH = "sonia.scm.auth.failed";
|
||||
|
||||
/** the logger for BasicAuthenticationFilter */
|
||||
private static final Logger logger =
|
||||
LoggerFactory.getLogger(BasicAuthenticationFilter.class);
|
||||
@@ -195,9 +197,8 @@ public class BasicAuthenticationFilter extends AutoLoginFilter
|
||||
}
|
||||
|
||||
/**
|
||||
* Sends status code 401 back to client, if no authorization header was found,
|
||||
* if a authorization is present and the authentication failed the method will
|
||||
* send status code 403.
|
||||
* Sends status code 403 back to client, if the authentication has failed.
|
||||
* In all other cases the method will send status code 403 back to client.
|
||||
*
|
||||
* @param request servlet request
|
||||
* @param response servlet response
|
||||
@@ -212,15 +213,17 @@ public class BasicAuthenticationFilter extends AutoLoginFilter
|
||||
HttpServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException
|
||||
{
|
||||
String authentication = request.getHeader(HEADER_AUTHORIZATION);
|
||||
|
||||
if (Strings.isNullOrEmpty(authentication))
|
||||
// send only forbidden, if the authentication has failed.
|
||||
// see https://bitbucket.org/sdorra/scm-manager/issue/545/git-clone-with-username-in-url-does-not
|
||||
if (Boolean.TRUE.equals(request.getAttribute(ATTRIBUTE_FAILED_AUTH)))
|
||||
{
|
||||
HttpUtil.sendUnauthorized(request, response, configuration.getRealmDescription());
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN);
|
||||
}
|
||||
else
|
||||
{
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN);
|
||||
HttpUtil.sendUnauthorized(request, response,
|
||||
configuration.getRealmDescription());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -267,6 +270,10 @@ public class BasicAuthenticationFilter extends AutoLoginFilter
|
||||
}
|
||||
catch (AuthenticationException ex)
|
||||
{
|
||||
|
||||
// add a marker to the request that the authentication has failed
|
||||
request.setAttribute(ATTRIBUTE_FAILED_AUTH, Boolean.TRUE);
|
||||
|
||||
if (logger.isTraceEnabled())
|
||||
{
|
||||
logger.trace("authentication failed for user ".concat(username),
|
||||
|
||||
Reference in New Issue
Block a user