diff --git a/scm-webapp/src/main/java/sonia/scm/ContextListener.java b/scm-webapp/src/main/java/sonia/scm/ContextListener.java index 91c76e4bef..c0fbd5cb58 100644 --- a/scm-webapp/src/main/java/sonia/scm/ContextListener.java +++ b/scm-webapp/src/main/java/sonia/scm/ContextListener.java @@ -19,6 +19,7 @@ import sonia.scm.filter.GZipFilter; import sonia.scm.filter.StaticResourceFilter; import sonia.scm.security.Authenticator; import sonia.scm.security.DemoAuthenticator; +import sonia.scm.security.SecurityFilter; //~--- JDK imports ------------------------------------------------------------ @@ -85,6 +86,7 @@ public class ContextListener extends GuiceServletContextListener filter(PATTERN_PAGE, PATTERN_STATIC_RESOURCES).through(StaticResourceFilter.class); filter(PATTERN_PAGE, PATTERN_COMPRESSABLE).through(GZipFilter.class); + filter(PATTERN_RESTAPI).through(SecurityFilter.class); // jersey Map params = new HashMap(); diff --git a/scm-webapp/src/main/java/sonia/scm/filter/GZipFilter.java b/scm-webapp/src/main/java/sonia/scm/filter/GZipFilter.java index 29917e6ff1..eb330c880d 100644 --- a/scm-webapp/src/main/java/sonia/scm/filter/GZipFilter.java +++ b/scm-webapp/src/main/java/sonia/scm/filter/GZipFilter.java @@ -11,6 +11,8 @@ package sonia.scm.filter; import com.google.inject.Singleton; +import sonia.scm.util.WebUtil; + //~--- JDK imports ------------------------------------------------------------ import java.io.IOException; @@ -44,9 +46,7 @@ public class GZipFilter extends HttpFilter HttpServletResponse response, FilterChain chain) throws IOException, ServletException { - String ae = request.getHeader("accept-encoding"); - - if ((ae != null) && (ae.indexOf("gzip") != -1)) + if (WebUtil.isGzipSupported(request)) { GZipResponseWrapper wrappedResponse = new GZipResponseWrapper(response); diff --git a/scm-webapp/src/main/java/sonia/scm/security/SecurityFilter.java b/scm-webapp/src/main/java/sonia/scm/security/SecurityFilter.java index d338366ebc..842deb369f 100644 --- a/scm-webapp/src/main/java/sonia/scm/security/SecurityFilter.java +++ b/scm-webapp/src/main/java/sonia/scm/security/SecurityFilter.java @@ -10,7 +10,10 @@ package sonia.scm.security; //~--- non-JDK imports -------------------------------------------------------- import com.google.inject.Inject; +import com.google.inject.Singleton; + import sonia.scm.User; +import sonia.scm.filter.HttpFilter; //~--- JDK imports ------------------------------------------------------------ @@ -18,13 +21,8 @@ import java.io.IOException; import java.security.Principal; - -import javax.servlet.Filter; import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; @@ -33,7 +31,8 @@ import javax.servlet.http.HttpServletResponse; * * @author Sebastian Sdorra */ -public class SecurityFilter implements Filter +@Singleton +public class SecurityFilter extends HttpFilter { /** Field description */ @@ -44,77 +43,41 @@ public class SecurityFilter implements Filter /** * Method description * - */ - @Override - public void destroy() - { - - // do nothing - } - - /** - * Method description * - * - * @param req - * @param res + * @param request + * @param response * @param chain * * @throws IOException * @throws ServletException */ @Override - public void doFilter(ServletRequest req, ServletResponse res, - FilterChain chain) + protected void doFilter(HttpServletRequest request, + HttpServletResponse response, FilterChain chain) throws IOException, ServletException { - if ((req instanceof HttpServletRequest) - && (res instanceof HttpServletResponse)) + String uri = + request.getRequestURI().substring(request.getContextPath().length()); + + if (!uri.startsWith(URL_AUTHENTICATION)) { - HttpServletRequest request = (HttpServletRequest) req; - String uri = - request.getRequestURI().substring(request.getContextPath().length()); + User user = authenticator.getUser(request); - if (!uri.startsWith(URL_AUTHENTICATION)) + if (user != null) { - User user = authenticator.getUser(request); - - if (user != null) - { - chain.doFilter(new ScmHttpServletRequest(request, user), res); - } - else - { - ((HttpServletResponse) res).sendError( - HttpServletResponse.SC_UNAUTHORIZED); - } + chain.doFilter(new ScmHttpServletRequest(request, user), response); } else { - chain.doFilter(req, res); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } } else { - throw new ServletException("request is not an HttpServletRequest"); + chain.doFilter(request, response); } } - /** - * Method description - * - * - * @param filterConfig - * - * @throws ServletException - */ - @Override - public void init(FilterConfig filterConfig) throws ServletException - { - - // do nothing - } - //~--- inner classes -------------------------------------------------------- /** diff --git a/scm-webapp/src/main/java/sonia/scm/util/WebUtil.java b/scm-webapp/src/main/java/sonia/scm/util/WebUtil.java index 5355f213bb..a23d7008ea 100644 --- a/scm-webapp/src/main/java/sonia/scm/util/WebUtil.java +++ b/scm-webapp/src/main/java/sonia/scm/util/WebUtil.java @@ -39,6 +39,9 @@ public class WebUtil public static final String DATE_PREVENT_CACHE = "Tue, 09 Apr 1985 10:00:00 GMT"; + /** Field description */ + public static final String HEADER_ACCEPTENCODING = "Accept-Encoding"; + /** Field description */ public static final String HEADER_CACHECONTROL = "Cache-Control"; @@ -238,7 +241,7 @@ public class WebUtil */ public static boolean isGzipSupported(HttpServletRequest request) { - String enc = request.getHeader("Accept-Encoding"); + String enc = request.getHeader(HEADER_ACCEPTENCODING); return (enc != null) && enc.contains("gzip"); }