use of com.gitblit.Constants.AuthenticationType in project gitblit by gitblit.
the class AuthenticationManager method setCookie.
/**
* Sets a cookie for the specified user.
*
* @param request
* @param response
* @param user
*/
@Override
public void setCookie(HttpServletRequest request, HttpServletResponse response, UserModel user) {
if (settings.getBoolean(Keys.web.allowCookieAuthentication, true)) {
boolean standardLogin = true;
if (null != request) {
// Pull the auth type from the request, it is set there if container managed
AuthenticationType authenticationType = (AuthenticationType) request.getAttribute(Constants.ATTRIB_AUTHTYPE);
if (null != authenticationType)
standardLogin = authenticationType.isStandard();
}
if (standardLogin) {
Cookie userCookie;
if (user == null) {
// clear cookie for logout
userCookie = new Cookie(Constants.NAME, "");
} else {
// set cookie for login
String cookie = userManager.getCookie(user);
if (StringUtils.isEmpty(cookie)) {
// create empty cookie
userCookie = new Cookie(Constants.NAME, "");
} else {
// create real cookie
userCookie = new Cookie(Constants.NAME, cookie);
// expire the cookie in 7 days
userCookie.setMaxAge((int) TimeUnit.DAYS.toSeconds(7));
// Set cookies HttpOnly so they are not accessible to JavaScript engines
userCookie.setHttpOnly(true);
// Set secure cookie if only HTTPS is used
userCookie.setSecure(httpsOnly());
}
}
String path = "/";
if (request != null) {
if (!StringUtils.isEmpty(request.getContextPath())) {
path = request.getContextPath();
}
}
userCookie.setPath(path);
response.addCookie(userCookie);
}
}
}
use of com.gitblit.Constants.AuthenticationType in project gitblit by gitblit.
the class SessionPage method login.
private void login() {
GitBlitWebSession session = GitBlitWebSession.get();
HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
// If using container/external servlet authentication, use request attribute
String authedUser = (String) request.getAttribute(Constants.ATTRIB_AUTHUSER);
// Default to trusting session authentication if not set in request by external processing
if (StringUtils.isEmpty(authedUser) && session.isLoggedIn()) {
authedUser = session.getUsername();
}
if (!StringUtils.isEmpty(authedUser)) {
// the old session entirely, without trusting any session values
if (!authedUser.equals(session.getUsername())) {
session.replaceSession();
}
if (!session.isSessionInvalidated()) {
// Refresh usermodel to pick up any changes to permissions or roles (issue-186)
UserModel user = app().users().getUserModel(authedUser);
if (user == null || user.disabled) {
// user was deleted/disabled during session
app().authentication().logout(request, response, user);
session.setUser(null);
session.invalidateNow();
return;
}
// validate cookie during session (issue-361)
if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
String requestCookie = app().authentication().getCookie(request);
if (!StringUtils.isEmpty(requestCookie) && !StringUtils.isEmpty(user.cookie)) {
if (!requestCookie.equals(user.cookie)) {
// cookie was changed during our session
app().authentication().logout(request, response, user);
session.setUser(null);
session.invalidateNow();
return;
}
}
}
session.setUser(user);
session.continueRequest();
return;
}
}
// try to authenticate by servlet request
UserModel user = app().authentication().authenticate(request);
// Login the user
if (user != null) {
AuthenticationType authenticationType = (AuthenticationType) request.getAttribute(Constants.ATTRIB_AUTHTYPE);
// don't like
if (AuthenticationType.CONTAINER != authenticationType) {
session.replaceSession();
}
session.setUser(user);
// Set Cookie
app().authentication().setCookie(request, response, user);
session.continueRequest();
}
}
Aggregations