summaryrefslogtreecommitdiffstats
path: root/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java')
-rw-r--r--gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java85
1 files changed, 15 insertions, 70 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java
index 9b7eaf5e47..fe7aa23dd5 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java
@@ -15,20 +15,18 @@
package com.google.gerrit.httpd.auth.container;
import com.google.gerrit.common.PageLinks;
+import com.google.gerrit.httpd.CanonicalWebUrl;
import com.google.gerrit.httpd.HtmlDomUtil;
import com.google.gerrit.httpd.WebSession;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AccountManager;
-import com.google.gerrit.server.account.AuthMethod;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.account.AuthResult;
-import com.google.gerrit.server.config.AuthConfig;
-import com.google.gerrit.server.config.CanonicalWebUrl;
+import com.google.gwtexpui.server.CacheHeaders;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
-import org.eclipse.jgit.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
@@ -58,23 +56,20 @@ class HttpLoginServlet extends HttpServlet {
private static final Logger log =
LoggerFactory.getLogger(HttpLoginServlet.class);
- private static final String AUTHORIZATION = "Authorization";
private final Provider<WebSession> webSession;
- private final Provider<String> urlProvider;
+ private final CanonicalWebUrl urlProvider;
private final AccountManager accountManager;
- private final String loginHeader;
+ private final HttpAuthFilter authFilter;
@Inject
- HttpLoginServlet(final AuthConfig authConfig,
- final Provider<WebSession> webSession,
- @CanonicalWebUrl @Nullable final Provider<String> urlProvider,
- final AccountManager accountManager) {
+ HttpLoginServlet(final Provider<WebSession> webSession,
+ final CanonicalWebUrl urlProvider,
+ final AccountManager accountManager,
+ final HttpAuthFilter authFilter) {
this.webSession = webSession;
this.urlProvider = urlProvider;
this.accountManager = accountManager;
-
- final String hdr = authConfig.getLoginHttpHeader();
- this.loginHeader = hdr != null && !hdr.equals("") ? hdr : AUTHORIZATION;
+ this.authFilter = authFilter;
}
@Override
@@ -86,19 +81,16 @@ class HttpLoginServlet extends HttpServlet {
return;
}
- rsp.setHeader("Expires", "Fri, 01 Jan 1980 00:00:00 GMT");
- rsp.setHeader("Pragma", "no-cache");
- rsp.setHeader("Cache-Control", "no-cache, must-revalidate");
-
- final String user = getRemoteUser(req);
+ CacheHeaders.setNotCacheable(rsp);
+ final String user = authFilter.getRemoteUser(req);
if (user == null || "".equals(user)) {
- log.error("Unable to authenticate user by " + loginHeader
+ log.error("Unable to authenticate user by " + authFilter.getLoginHeader()
+ " request header. Check container or server configuration.");
final Document doc = HtmlDomUtil.parseFile( //
HttpLoginServlet.class, "ConfigurationError.html");
- replace(doc, "loginHeader", loginHeader);
+ replace(doc, "loginHeader", authFilter.getLoginHeader());
replace(doc, "ServerName", req.getServerName());
replace(doc, "ServerPort", ":" + req.getServerPort());
replace(doc, "ContextPath", req.getContextPath());
@@ -129,15 +121,14 @@ class HttpLoginServlet extends HttpServlet {
}
final StringBuilder rdr = new StringBuilder();
- rdr.append(urlProvider.get());
+ rdr.append(urlProvider.get(req));
rdr.append('#');
if (arsp.isNew() && !token.startsWith(PageLinks.REGISTER + "/")) {
rdr.append(PageLinks.REGISTER);
}
rdr.append(token);
- webSession.get().login(arsp, AuthMethod.COOKIE,
- true /* persistent cookie */);
+ webSession.get().login(arsp, true /* persistent cookie */);
rsp.sendRedirect(rdr.toString());
}
@@ -173,50 +164,4 @@ class HttpLoginServlet extends HttpServlet {
}
return token;
}
-
- private String getRemoteUser(final HttpServletRequest req) {
- if (AUTHORIZATION.equals(loginHeader)) {
- final String user = req.getRemoteUser();
- if (user != null && !"".equals(user)) {
- // The container performed the authentication, and has the user
- // identity already decoded for us. Honor that as we have been
- // configured to honor HTTP authentication.
- //
- return user;
- }
-
- // If the container didn't do the authentication we might
- // have done it in the front-end web server. Try to split
- // the identity out of the Authorization header and honor it.
- //
- String auth = req.getHeader(AUTHORIZATION);
- if (auth == null || "".equals(auth)) {
- return null;
-
- } else if (auth.startsWith("Basic ")) {
- auth = auth.substring("Basic ".length());
- auth = new String(Base64.decode(auth));
- final int c = auth.indexOf(':');
- return c > 0 ? auth.substring(0, c) : null;
-
- } else if (auth.startsWith("Digest ")) {
- final int u = auth.indexOf("username=\"");
- if (u <= 0) {
- return null;
- }
- auth = auth.substring(u + 10);
- final int e = auth.indexOf('"');
- return e > 0 ? auth.substring(0, auth.indexOf('"')) : null;
-
- } else {
- return null;
- }
- } else {
- // Nonstandard HTTP header. We have been told to trust this
- // header blindly as-is.
- //
- final String user = req.getHeader(loginHeader);
- return user != null && !"".equals(user) ? user : null;
- }
- }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 04:22:20 +0000