mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-02-05 22:29:11 +01:00
3ec499d22c
Expose metrics about: - User login attempts - Failed user logins - User logouts - General successful accesses to SCM-Manager via any authentication realm - General failed accesses to SCM-Manager Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
70 lines
2.7 KiB
Java
70 lines
2.7 KiB
Java
/*
|
|
* MIT License
|
|
*
|
|
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
* copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
* SOFTWARE.
|
|
*/
|
|
|
|
package sonia.scm.security;
|
|
|
|
import com.google.common.annotations.VisibleForTesting;
|
|
import com.google.inject.Inject;
|
|
import org.apache.shiro.authc.AuthenticationInfo;
|
|
import org.apache.shiro.authc.AuthenticationToken;
|
|
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
|
|
import org.apache.shiro.realm.AuthenticatingRealm;
|
|
import sonia.scm.SCMContext;
|
|
import sonia.scm.plugin.Extension;
|
|
import sonia.scm.user.UserDAO;
|
|
|
|
import javax.inject.Singleton;
|
|
import javax.ws.rs.NotAuthorizedException;
|
|
|
|
import static com.google.common.base.Preconditions.checkArgument;
|
|
|
|
@Singleton
|
|
@Extension
|
|
public class AnonymousRealm extends AuthenticatingRealm {
|
|
|
|
@VisibleForTesting
|
|
static final String REALM = "AnonymousRealm";
|
|
|
|
private final DAORealmHelper helper;
|
|
private final UserDAO userDAO;
|
|
|
|
@Inject
|
|
public AnonymousRealm(DAORealmHelperFactory helperFactory, UserDAO userDAO) {
|
|
this.helper = helperFactory.create(REALM);
|
|
this.userDAO = userDAO;
|
|
|
|
setAuthenticationTokenClass(AnonymousToken.class);
|
|
setCredentialsMatcher(new AllowAllCredentialsMatcher());
|
|
}
|
|
|
|
@Override
|
|
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {
|
|
if (!userDAO.contains(SCMContext.USER_ANONYMOUS)) {
|
|
throw new NotAuthorizedException("trying to access anonymous but _anonymous user does not exist");
|
|
}
|
|
checkArgument(authenticationToken instanceof AnonymousToken, "%s is required", AnonymousToken.class);
|
|
return helper.authenticationInfoBuilder(SCMContext.USER_ANONYMOUS).build();
|
|
}
|
|
}
|