Example 1 with WebResponse
use of org.apache.wicket.protocol.http.WebResponse in project gitblit by gitblit.
the class RootPage method loginUser.
private void loginUser(UserModel user) {
if (user != null) {
HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
// Set the user into the session
GitBlitWebSession session = GitBlitWebSession.get();
// issue 62: fix session fixation vulnerability
session.replaceSession();
session.setUser(user);
request = ((WebRequest) getRequest()).getHttpServletRequest();
response = ((WebResponse) getResponse()).getHttpServletResponse();
request.getSession().setAttribute(Constants.ATTRIB_AUTHTYPE, AuthenticationType.CREDENTIALS);
// Set Cookie
app().authentication().setCookie(request, response, user);
if (!session.continueRequest()) {
PageParameters params = getPageParameters();
if (params == null) {
// redirect to this page
redirectTo(getClass());
} else {
// Strip username and password and redirect to this page
params.remove("username");
params.remove("password");
redirectTo(getClass(), params);
}
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WebResponse(org.apache.wicket.protocol.http.WebResponse)
WebRequest(org.apache.wicket.protocol.http.WebRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
GitBlitWebSession(com.gitblit.wicket.GitBlitWebSession)
PageParameters(org.apache.wicket.PageParameters)
Example 2 with WebResponse
use of org.apache.wicket.protocol.http.WebResponse in project gitblit by gitblit.
the class SessionPage method login.
private void login() {
GitBlitWebSession session = GitBlitWebSession.get();
HttpServletRequest request = ((WebRequest) getRequest()).getHttpServletRequest();
HttpServletResponse response = ((WebResponse) getResponse()).getHttpServletResponse();
// If using container/external servlet authentication, use request attribute
String authedUser = (String) request.getAttribute(Constants.ATTRIB_AUTHUSER);
// Default to trusting session authentication if not set in request by external processing
if (StringUtils.isEmpty(authedUser) && session.isLoggedIn()) {
authedUser = session.getUsername();
}
if (!StringUtils.isEmpty(authedUser)) {
// the old session entirely, without trusting any session values
if (!authedUser.equals(session.getUsername())) {
session.replaceSession();
}
if (!session.isSessionInvalidated()) {
// Refresh usermodel to pick up any changes to permissions or roles (issue-186)
UserModel user = app().users().getUserModel(authedUser);
if (user == null || user.disabled) {
// user was deleted/disabled during session
app().authentication().logout(request, response, user);
session.setUser(null);
session.invalidateNow();
return;
}
// validate cookie during session (issue-361)
if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
String requestCookie = app().authentication().getCookie(request);
if (!StringUtils.isEmpty(requestCookie) && !StringUtils.isEmpty(user.cookie)) {
if (!requestCookie.equals(user.cookie)) {
// cookie was changed during our session
app().authentication().logout(request, response, user);
session.setUser(null);
session.invalidateNow();
return;
}
}
}
session.setUser(user);
session.continueRequest();
return;
}
}
// try to authenticate by servlet request
UserModel user = app().authentication().authenticate(request);
// Login the user
if (user != null) {
AuthenticationType authenticationType = (AuthenticationType) request.getAttribute(Constants.ATTRIB_AUTHTYPE);
// don't like
if (AuthenticationType.CONTAINER != authenticationType) {
session.replaceSession();
}
session.setUser(user);
// Set Cookie
app().authentication().setCookie(request, response, user);
session.continueRequest();
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserModel(com.gitblit.models.UserModel)
WebResponse(org.apache.wicket.protocol.http.WebResponse)
WebRequest(org.apache.wicket.protocol.http.WebRequest)
GitBlitWebSession(com.gitblit.wicket.GitBlitWebSession)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationType(com.gitblit.Constants.AuthenticationType)
Example 3 with WebResponse
use of org.apache.wicket.protocol.http.WebResponse in project gitblit by gitblit.
the class BasePage method setLastModified.
/**
* Sets the last-modified header field and the expires field.
*
* @param when
*/
protected final void setLastModified(Date when) {
if (when == null) {
return;
}
if (when.before(app().getBootDate())) {
// last-modified can not be before the Gitblit boot date
// this helps ensure that pages are properly refreshed after a
// server config change
when = app().getBootDate();
}
int expires = app().settings().getInteger(Keys.web.pageCacheExpires, 0);
WebResponse response = (WebResponse) getResponse();
response.setLastModifiedTime(Time.valueOf(when));
response.setDateHeader("Expires", System.currentTimeMillis() + Duration.minutes(expires).getMilliseconds());
}
Also used :
WebResponse(org.apache.wicket.protocol.http.WebResponse)
Aggregations
WebResponse (org.apache.wicket.protocol.http.WebResponse)3
GitBlitWebSession (com.gitblit.wicket.GitBlitWebSession)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
WebRequest (org.apache.wicket.protocol.http.WebRequest)2
AuthenticationType (com.gitblit.Constants.AuthenticationType)1
UserModel (com.gitblit.models.UserModel)1
PageParameters (org.apache.wicket.PageParameters)1
