Search in sources :

Example 1 with AuthenticationType

use of com.gitblit.Constants.AuthenticationType in project gitblit by gitblit.

the class AuthenticationManager method setCookie.

/**
	 * Sets a cookie for the specified user.
	 *
	 * @param request
	 * @param response
	 * @param user
	 */
@Override
public void setCookie(HttpServletRequest request, HttpServletResponse response, UserModel user) {
    if (settings.getBoolean(Keys.web.allowCookieAuthentication, true)) {
        boolean standardLogin = true;
        if (null != request) {
            // Pull the auth type from the request, it is set there if container managed
            AuthenticationType authenticationType = (AuthenticationType) request.getAttribute(Constants.ATTRIB_AUTHTYPE);
            if (null != authenticationType)
                standardLogin = authenticationType.isStandard();
        }
        if (standardLogin) {
            Cookie userCookie;
            if (user == null) {
                // clear cookie for logout
                userCookie = new Cookie(Constants.NAME, "");
            } else {
                // set cookie for login
                String cookie = userManager.getCookie(user);
                if (StringUtils.isEmpty(cookie)) {
                    // create empty cookie
                    userCookie = new Cookie(Constants.NAME, "");
                } else {
                    // create real cookie
                    userCookie = new Cookie(Constants.NAME, cookie);
                    // expire the cookie in 7 days
                    userCookie.setMaxAge((int) TimeUnit.DAYS.toSeconds(7));
                    // Set cookies HttpOnly so they are not accessible to JavaScript engines
                    userCookie.setHttpOnly(true);
                    // Set secure cookie if only HTTPS is used
                    userCookie.setSecure(httpsOnly());
                }
            }
            String path = "/";
            if (request != null) {
                if (!StringUtils.isEmpty(request.getContextPath())) {
                    path = request.getContextPath();
                }
            }
            userCookie.setPath(path);
            response.addCookie(userCookie);
        }
    }
}
Also used : Cookie(javax.servlet.http.Cookie) AuthenticationType(com.gitblit.Constants.AuthenticationType)

Example 2 with AuthenticationType

use of com.gitblit.Constants.AuthenticationType in project gitblit by gitblit.

the class SessionPage method login.

private void login() {
    GitBlitWebSession session = GitBlitWebSession.get();
    HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
    HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
    // If using container/external servlet authentication, use request attribute
    String authedUser = (String) request.getAttribute(Constants.ATTRIB_AUTHUSER);
    // Default to trusting session authentication if not set in request by external processing
    if (StringUtils.isEmpty(authedUser) && session.isLoggedIn()) {
        authedUser = session.getUsername();
    }
    if (!StringUtils.isEmpty(authedUser)) {
        // the old session entirely, without trusting any session values
        if (!authedUser.equals(session.getUsername())) {
            session.replaceSession();
        }
        if (!session.isSessionInvalidated()) {
            // Refresh usermodel to pick up any changes to permissions or roles (issue-186)
            UserModel user = app().users().getUserModel(authedUser);
            if (user == null || user.disabled) {
                // user was deleted/disabled during session
                app().authentication().logout(request, response, user);
                session.setUser(null);
                session.invalidateNow();
                return;
            }
            // validate cookie during session (issue-361)
            if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
                String requestCookie = app().authentication().getCookie(request);
                if (!StringUtils.isEmpty(requestCookie) && !StringUtils.isEmpty(user.cookie)) {
                    if (!requestCookie.equals(user.cookie)) {
                        // cookie was changed during our session
                        app().authentication().logout(request, response, user);
                        session.setUser(null);
                        session.invalidateNow();
                        return;
                    }
                }
            }
            session.setUser(user);
            session.continueRequest();
            return;
        }
    }
    // try to authenticate by servlet request
    UserModel user = app().authentication().authenticate(request);
    // Login the user
    if (user != null) {
        AuthenticationType authenticationType = (AuthenticationType) request.getAttribute(Constants.ATTRIB_AUTHTYPE);
        // don't like
        if (AuthenticationType.CONTAINER != authenticationType) {
            session.replaceSession();
        }
        session.setUser(user);
        // Set Cookie
        app().authentication().setCookie(request, response, user);
        session.continueRequest();
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UserModel(com.gitblit.models.UserModel) WebResponse(org.apache.wicket.protocol.http.WebResponse) WebRequest(org.apache.wicket.protocol.http.WebRequest) GitBlitWebSession(com.gitblit.wicket.GitBlitWebSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthenticationType(com.gitblit.Constants.AuthenticationType)

Aggregations

AuthenticationType (com.gitblit.Constants.AuthenticationType)2 UserModel (com.gitblit.models.UserModel)1 GitBlitWebSession (com.gitblit.wicket.GitBlitWebSession)1 Cookie (javax.servlet.http.Cookie)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 WebRequest (org.apache.wicket.protocol.http.WebRequest)1 WebResponse (org.apache.wicket.protocol.http.WebResponse)1