diff --git a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java index e1953cae96..379507ab4e 100644 --- a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java +++ b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java @@ -29,6 +29,8 @@ * */ + + package sonia.scm.web.filter; //~--- non-JDK imports -------------------------------------------------------- @@ -41,6 +43,7 @@ import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -65,195 +68,218 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** - * + * * @author Sebastian Sdorra */ @Singleton -public class BasicAuthenticationFilter extends AutoLoginFilter { +public class BasicAuthenticationFilter extends AutoLoginFilter +{ - /** Field description */ - public static final String AUTHORIZATION_BASIC_PREFIX = "BASIC"; + /** Field description */ + public static final String AUTHORIZATION_BASIC_PREFIX = "BASIC"; - /** Field description */ - public static final String CREDENTIAL_SEPARATOR = ":"; + /** Field description */ + public static final String CREDENTIAL_SEPARATOR = ":"; - /** Field description */ - public static final String HEADER_AUTHORIZATION = "Authorization"; + /** Field description */ + public static final String HEADER_AUTHORIZATION = "Authorization"; - /** the logger for BasicAuthenticationFilter */ - private static final Logger logger = LoggerFactory - .getLogger(BasicAuthenticationFilter.class); + /** the logger for BasicAuthenticationFilter */ + private static final Logger logger = + LoggerFactory.getLogger(BasicAuthenticationFilter.class); - // ~--- constructors - // --------------------------------------------------------- + //~--- constructors --------------------------------------------------------- - /** - * Constructs ... - * - * - * @param securityContextProvider - * @deprecated use the constructor with out arguments instead. - */ - @Deprecated - public BasicAuthenticationFilter( - Provider securityContextProvider) { - } + /** + * Constructs ... + * + * + * @param securityContextProvider + * @deprecated use the constructor with out arguments instead. + */ + @Deprecated + public BasicAuthenticationFilter( + Provider securityContextProvider) {} - /** - * Constructs a new basic authenticaton filter - * - * @param configuration - * scm-manager global configuration - * - * @since 1.21 - */ - @Inject - public BasicAuthenticationFilter(ScmConfiguration configuration, - Set autoLoginModules) { - super(autoLoginModules); - this.configuration = configuration; - } + /** + * Constructs a new basic authenticaton filter + * + * @param configuration scm-manager global configuration + * + * @since 1.21 + */ + @Inject + public BasicAuthenticationFilter(ScmConfiguration configuration, + Set autoLoginModules) + { + super(autoLoginModules); + this.configuration = configuration; + } - // ~--- methods - // -------------------------------------------------------------- + //~--- methods -------------------------------------------------------------- - /** - * Method description - * - * - * @param request - * @param response - * @param chain - * - * @throws IOException - * @throws ServletException - */ - @Override - protected void doFilter(HttpServletRequest request, - HttpServletResponse response, FilterChain chain) - throws IOException, ServletException { - Subject subject = SecurityUtils.getSubject(); - User user = getAuthenticatedUser(request, response); + /** + * Method description + * + * + * @param request + * @param response + * @param chain + * + * @throws IOException + * @throws ServletException + */ + @Override + protected void doFilter(HttpServletRequest request, + HttpServletResponse response, FilterChain chain) + throws IOException, ServletException + { + Subject subject = SecurityUtils.getSubject(); + User user = getAuthenticatedUser(request, response); - // Fallback to basic authentication scheme - if (user == null) { - String authentication = request.getHeader(HEADER_AUTHORIZATION); + // Fallback to basic authentication scheme + if (user == null) + { + String authentication = request.getHeader(HEADER_AUTHORIZATION); - if (Util.startWithIgnoreCase(authentication, - AUTHORIZATION_BASIC_PREFIX)) { - if (logger.isTraceEnabled()) { - logger.trace("found basic authorization header, start authentication"); - } + if (Util.startWithIgnoreCase(authentication, AUTHORIZATION_BASIC_PREFIX)) + { + if (logger.isTraceEnabled()) + { + logger.trace("found basic authorization header, start authentication"); + } - user = authenticate(request, response, subject, authentication); + user = authenticate(request, response, subject, authentication); - if (logger.isTraceEnabled()) { - if (user != null) { - logger.trace("user {} successfully authenticated", - user.getName()); - } else { - logger.trace("authentcation failed, user object is null"); - } - } - } else if ((configuration != null) - && configuration.isAnonymousAccessEnabled()) { - if (logger.isTraceEnabled()) { - logger.trace("anonymous access granted"); - } + if (logger.isTraceEnabled()) + { + if (user != null) + { + logger.trace("user {} successfully authenticated", user.getName()); + } + else + { + logger.trace("authentcation failed, user object is null"); + } + } + } + else if ((configuration != null) + && configuration.isAnonymousAccessEnabled()) + { + if (logger.isTraceEnabled()) + { + logger.trace("anonymous access granted"); + } - user = SCMContext.ANONYMOUS; - } - } + user = SCMContext.ANONYMOUS; + } + } - if (user == null) { - if (logger.isTraceEnabled()) { - logger.trace("could not find user send unauthorized"); - } + if (user == null) + { + if (logger.isTraceEnabled()) + { + logger.trace("could not find user send unauthorized"); + } - handleUnauthorized(request, response, chain); - } else { - chain.doFilter( - new SecurityHttpServletRequestWrapper(request, user), - response); - } - } + handleUnauthorized(request, response, chain); + } + else + { + chain.doFilter(new SecurityHttpServletRequestWrapper(request, user), + response); + } + } - /** - * Method description - * - * - * @param request - * @param response - * @param chain - * - * @throws IOException - * @throws ServletException - * - * @since 1.8 - */ - protected void handleUnauthorized(HttpServletRequest request, - HttpServletResponse response, FilterChain chain) - throws IOException, ServletException { - HttpUtil.sendUnauthorized(request, response); - } + /** + * Method description + * + * + * @param request + * @param response + * @param chain + * + * @throws IOException + * @throws ServletException + * + * @since 1.8 + */ + protected void handleUnauthorized(HttpServletRequest request, + HttpServletResponse response, FilterChain chain) + throws IOException, ServletException + { + HttpUtil.sendUnauthorized(request, response); + } - /** - * Method description - * - * - * @param request - * @param response - * @param securityContext - * @param subject - * @param authentication - * - * @return - */ - private User authenticate(HttpServletRequest request, - HttpServletResponse response, Subject subject, String authentication) { - String token = authentication.substring(6); + /** + * Method description + * + * + * @param request + * @param response + * @param securityContext + * @param subject + * @param authentication + * + * @return + */ + private User authenticate(HttpServletRequest request, + HttpServletResponse response, Subject subject, String authentication) + { + String token = authentication.substring(6); - token = new String(Base64.decode(token.getBytes())); + token = new String(Base64.decode(token.getBytes())); - int index = token.indexOf(CREDENTIAL_SEPARATOR); - User user = null; + int index = token.indexOf(CREDENTIAL_SEPARATOR); + User user = null; - if ((index > 0) && (index < token.length())) { - String username = token.substring(0, index); - String password = token.substring(index + 1); + if ((index > 0) && (index < token.length())) + { + String username = token.substring(0, index); + String password = token.substring(index + 1); - if (Util.isNotEmpty(username) && Util.isNotEmpty(password)) { - if (logger.isTraceEnabled()) { - logger.trace("try to authenticate user {}", username); - } + if (Util.isNotEmpty(username) && Util.isNotEmpty(password)) + { + if (logger.isTraceEnabled()) + { + logger.trace("try to authenticate user {}", username); + } - try { + try + { - subject.login(new UsernamePasswordToken(username, password, - request.getRemoteAddr())); - user = subject.getPrincipals().oneByType(User.class); - } catch (AuthenticationException ex) { - if (logger.isTraceEnabled()) { - logger.trace("authentication failed for user " - .concat(username), ex); - } else if (logger.isWarnEnabled()) { - logger.warn("authentication failed for user {}", - username); - } - } - } else if (logger.isWarnEnabled()) { - logger.warn("username or password is null/empty"); - } - } else if (logger.isWarnEnabled()) { - logger.warn("failed to read basic auth credentials"); - } + subject.login(new UsernamePasswordToken(username, password, + request.getRemoteAddr())); + user = subject.getPrincipals().oneByType(User.class); + } + catch (AuthenticationException ex) + { + if (logger.isTraceEnabled()) + { + logger.trace("authentication failed for user ".concat(username), + ex); + } + else if (logger.isWarnEnabled()) + { + logger.warn("authentication failed for user {}", username); + } + } + } + else if (logger.isWarnEnabled()) + { + logger.warn("username or password is null/empty"); + } + } + else if (logger.isWarnEnabled()) + { + logger.warn("failed to read basic auth credentials"); + } - return user; - } + return user; + } - // ~--- fields - // --------------------------------------------------------------- + //~--- fields --------------------------------------------------------------- - /** Field description */ - private ScmConfiguration configuration; + /** Field description */ + private ScmConfiguration configuration; } diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java b/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java index 358ea76b29..95ffae7d65 100644 --- a/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java +++ b/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java @@ -29,6 +29,8 @@ * */ + + package sonia.scm.web.security; //~--- non-JDK imports -------------------------------------------------------- @@ -64,296 +66,324 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** - * + * * @author Sebastian Sdorra */ @Singleton -public class ChainAuthenticatonManager extends AbstractAuthenticationManager { +public class ChainAuthenticatonManager extends AbstractAuthenticationManager +{ - /** Field description */ - public static final String CACHE_NAME = "sonia.cache.auth"; + /** Field description */ + public static final String CACHE_NAME = "sonia.cache.auth"; - /** the logger for ChainAuthenticatonManager */ - private static final Logger logger = LoggerFactory - .getLogger(ChainAuthenticatonManager.class); + /** the logger for ChainAuthenticatonManager */ + private static final Logger logger = + LoggerFactory.getLogger(ChainAuthenticatonManager.class); - // ~--- constructors - // --------------------------------------------------------- + //~--- constructors --------------------------------------------------------- - /** - * Constructs ... - * - * - * - * @param userManager - * @param authenticationHandlerSet - * @param encryptionHandler - * @param cacheManager - * @param authenticationListenerProvider - * @param authenticationListeners - */ - @Inject - public ChainAuthenticatonManager(UserManager userManager, - Set authenticationHandlerSet, - EncryptionHandler encryptionHandler, CacheManager cacheManager, - Set authenticationListeners) { - AssertUtil.assertIsNotEmpty(authenticationHandlerSet); - AssertUtil.assertIsNotNull(cacheManager); - this.authenticationHandlers = sort(userManager, - authenticationHandlerSet); - this.encryptionHandler = encryptionHandler; - this.cache = cacheManager.getCache(String.class, - AuthenticationCacheValue.class, CACHE_NAME); + /** + * Constructs ... + * + * + * + * @param userManager + * @param authenticationHandlerSet + * @param encryptionHandler + * @param cacheManager + * @param authenticationListenerProvider + * @param authenticationListeners + */ + @Inject + public ChainAuthenticatonManager(UserManager userManager, + Set authenticationHandlerSet, + EncryptionHandler encryptionHandler, CacheManager cacheManager, + Set authenticationListeners) + { + AssertUtil.assertIsNotEmpty(authenticationHandlerSet); + AssertUtil.assertIsNotNull(cacheManager); + this.authenticationHandlers = sort(userManager, authenticationHandlerSet); + this.encryptionHandler = encryptionHandler; + this.cache = cacheManager.getCache(String.class, + AuthenticationCacheValue.class, CACHE_NAME); - if (Util.isNotEmpty(authenticationListeners)) { - addListeners(authenticationListeners); - } - } + if (Util.isNotEmpty(authenticationListeners)) + { + addListeners(authenticationListeners); + } + } - // ~--- methods - // -------------------------------------------------------------- + //~--- methods -------------------------------------------------------------- - /** - * Method description - * - * - * @param request - * @param response - * @param username - * @param password - * - * @return - */ - @Override - public AuthenticationResult authenticate(HttpServletRequest request, - HttpServletResponse response, String username, String password) { - AssertUtil.assertIsNotEmpty(username); - AssertUtil.assertIsNotEmpty(password); + /** + * Method description + * + * + * @param request + * @param response + * @param username + * @param password + * + * @return + */ + @Override + public AuthenticationResult authenticate(HttpServletRequest request, + HttpServletResponse response, String username, String password) + { + AssertUtil.assertIsNotEmpty(username); + AssertUtil.assertIsNotEmpty(password); - String encryptedPassword = encryptionHandler.encrypt(password); - AuthenticationResult ar = getCached(username, encryptedPassword); + String encryptedPassword = encryptionHandler.encrypt(password); + AuthenticationResult ar = getCached(username, encryptedPassword); - if (ar == null) { - if (logger.isTraceEnabled()) { - logger.trace( - "no authentication result for user {} found in cache", - username); - } + if (ar == null) + { + if (logger.isTraceEnabled()) + { + logger.trace("no authentication result for user {} found in cache", + username); + } - ar = doAuthentication(request, response, username, password); + ar = doAuthentication(request, response, username, password); - if ((ar != null) && ar.isCacheable()) { - cache.put(username, new AuthenticationCacheValue(ar, - encryptedPassword)); - } - } else if (logger.isDebugEnabled()) { - logger.debug("authenticate {} via cache", username); - } + if ((ar != null) && ar.isCacheable()) + { + cache.put(username, + new AuthenticationCacheValue(ar, encryptedPassword)); + } + } + else if (logger.isDebugEnabled()) + { + logger.debug("authenticate {} via cache", username); + } - return ar; - } + return ar; + } - /** - * Method description - * - * - * @throws IOException - */ - @Override - public void close() throws IOException { - for (AuthenticationHandler authenticator : authenticationHandlers) { - if (logger.isTraceEnabled()) { - logger.trace("close authenticator {}", authenticator.getClass()); - } + /** + * Method description + * + * + * @throws IOException + */ + @Override + public void close() throws IOException + { + for (AuthenticationHandler authenticator : authenticationHandlers) + { + if (logger.isTraceEnabled()) + { + logger.trace("close authenticator {}", authenticator.getClass()); + } - IOUtil.close(authenticator); - } - } + IOUtil.close(authenticator); + } + } - /** - * Method description - * - * - * @param context - */ - @Override - public void init(SCMContextProvider context) { - for (AuthenticationHandler authenticator : authenticationHandlers) { - if (logger.isTraceEnabled()) { - logger.trace("initialize authenticator {}", - authenticator.getClass()); - } + /** + * Method description + * + * + * @param context + */ + @Override + public void init(SCMContextProvider context) + { + for (AuthenticationHandler authenticator : authenticationHandlers) + { + if (logger.isTraceEnabled()) + { + logger.trace("initialize authenticator {}", authenticator.getClass()); + } - authenticator.init(context); - } - } + authenticator.init(context); + } + } - /** - * Method description - * - * - * @param request - * @param response - * @param username - * @param password - * - * @return - */ - private AuthenticationResult doAuthentication(HttpServletRequest request, - HttpServletResponse response, String username, String password) { - AuthenticationResult ar = null; + /** + * Method description + * + * + * @param request + * @param response + * @param username + * @param password + * + * @return + */ + private AuthenticationResult doAuthentication(HttpServletRequest request, + HttpServletResponse response, String username, String password) + { + AuthenticationResult ar = null; - if (logger.isTraceEnabled()) { - logger.trace("start authentication chain for user {}", username); - } + if (logger.isTraceEnabled()) + { + logger.trace("start authentication chain for user {}", username); + } - for (AuthenticationHandler authenticator : authenticationHandlers) { - if (logger.isTraceEnabled()) { - logger.trace("check authenticator {} for user {}", - authenticator.getClass(), username); - } + for (AuthenticationHandler authenticator : authenticationHandlers) + { + if (logger.isTraceEnabled()) + { + logger.trace("check authenticator {} for user {}", + authenticator.getClass(), username); + } - try { - AuthenticationResult result = authenticator.authenticate( - request, response, username, password); + try + { + AuthenticationResult result = authenticator.authenticate(request, + response, username, password); - if (logger.isDebugEnabled()) { - logger.debug("authenticator {} ends with result, {}", - authenticator.getClass().getName(), result); - } + if (logger.isDebugEnabled()) + { + logger.debug("authenticator {} ends with result, {}", + authenticator.getClass().getName(), result); + } - // CR: Removed check on state=failed to allow next module to - // continue - if ((result != null) && (result.getState() != null) - && result.getState().isSuccessfully()) { - if (result.getUser() != null) { - User user = result.getUser(); + // CR: Removed check on state=failed to allow next module to + // continue + if ((result != null) && (result.getState() != null) + && result.getState().isSuccessfully()) + { + if (result.getUser() != null) + { + User user = result.getUser(); - user.setType(authenticator.getType()); - ar = result; + user.setType(authenticator.getType()); + ar = result; - // notify authentication listeners - fireAuthenticationEvent(request, response, user); - } + // notify authentication listeners + fireAuthenticationEvent(request, response, user); + } - break; - } - } catch (Exception ex) { - logger.error("error durring authentication process of " - .concat(authenticator.getClass().getName()), ex); - } - } + break; + } + } + catch (Exception ex) + { + logger.error( + "error durring authentication process of ".concat( + authenticator.getClass().getName()), ex); + } + } - return ar; - } + return ar; + } - /** - * Method description - * - * - * @param userManager - * @param authenticationHandlerSet - * - * @return - */ - @VisibleForTesting - private List sort(UserManager userManager, - Set authenticationHandlerSet) { - List handlers = Lists - .newArrayListWithCapacity(authenticationHandlerSet.size()); + /** + * Method description + * + * + * @param userManager + * @param authenticationHandlerSet + * + * @return + */ + @VisibleForTesting + private List sort(UserManager userManager, + Set authenticationHandlerSet) + { + List handlers = + Lists.newArrayListWithCapacity(authenticationHandlerSet.size()); - String first = Strings.nullToEmpty(userManager.getDefaultType()); + String first = Strings.nullToEmpty(userManager.getDefaultType()); - for (AuthenticationHandler handler : authenticationHandlerSet) { - if (first.equals(handler.getType())) { - handlers.add(0, handler); - } else { - handlers.add(handler); - } - } + for (AuthenticationHandler handler : authenticationHandlerSet) + { + if (first.equals(handler.getType())) + { + handlers.add(0, handler); + } + else + { + handlers.add(handler); + } + } - return handlers; - } + return handlers; + } - // ~--- get methods - // ---------------------------------------------------------- + //~--- get methods ---------------------------------------------------------- - /** - * Method description - * - * - * @param username - * @param encryptedPassword - * - * @return - */ - private AuthenticationResult getCached(String username, - String encryptedPassword) { - AuthenticationResult result = null; - AuthenticationCacheValue value = cache.get(username); + /** + * Method description + * + * + * @param username + * @param encryptedPassword + * + * @return + */ + private AuthenticationResult getCached(String username, + String encryptedPassword) + { + AuthenticationResult result = null; + AuthenticationCacheValue value = cache.get(username); - if (value != null) { - String cachedPassword = value.password; + if (value != null) + { + String cachedPassword = value.password; - if (cachedPassword.equals(encryptedPassword)) { - result = value.authenticationResult; - } - } + if (cachedPassword.equals(encryptedPassword)) + { + result = value.authenticationResult; + } + } - return result; - } + return result; + } - // ~--- inner classes - // -------------------------------------------------------- + //~--- inner classes -------------------------------------------------------- - /** - * Class description - * - * - * @version Enter version here..., 2011-01-15 - * @author Sebastian Sdorra - */ - private static class AuthenticationCacheValue implements Serializable { + /** + * Class description + * + * + * @version Enter version here..., 2011-01-15 + * @author Sebastian Sdorra + */ + private static class AuthenticationCacheValue implements Serializable + { - /** Field description */ - private static final long serialVersionUID = 2201116145941277549L; + /** Field description */ + private static final long serialVersionUID = 2201116145941277549L; - // ~--- constructors - // ------------------------------------------------------- + //~--- constructors ------------------------------------------------------- - /** - * Constructs ... - * - * - * - * @param ar - * @param password - */ - public AuthenticationCacheValue(AuthenticationResult ar, String password) { - this.authenticationResult = new AuthenticationResult(ar.getUser() - .clone(), ar.getGroups(), ar.getState()); - this.password = password; - } + /** + * Constructs ... + * + * + * + * @param ar + * @param password + */ + public AuthenticationCacheValue(AuthenticationResult ar, String password) + { + this.authenticationResult = + new AuthenticationResult(ar.getUser().clone(), ar.getGroups(), + ar.getState()); + this.password = password; + } - // ~--- fields - // ------------------------------------------------------------- + //~--- fields ------------------------------------------------------------- - /** Field description */ - private AuthenticationResult authenticationResult; + /** Field description */ + private AuthenticationResult authenticationResult; - /** Field description */ - private String password; - } + /** Field description */ + private String password; + } - // ~--- fields - // --------------------------------------------------------------- - /** Field description */ - private List authenticationHandlers; + //~--- fields --------------------------------------------------------------- - /** Field description */ - private Cache cache; + /** Field description */ + private List authenticationHandlers; - /** Field description */ - private EncryptionHandler encryptionHandler; + /** Field description */ + private Cache cache; + + /** Field description */ + private EncryptionHandler encryptionHandler; }