diff options
Diffstat (limited to 'gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java')
-rw-r--r-- | gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java | 85 |
1 files changed, 15 insertions, 70 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java index 9b7eaf5e47..fe7aa23dd5 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/container/HttpLoginServlet.java @@ -15,20 +15,18 @@ package com.google.gerrit.httpd.auth.container; import com.google.gerrit.common.PageLinks; +import com.google.gerrit.httpd.CanonicalWebUrl; import com.google.gerrit.httpd.HtmlDomUtil; import com.google.gerrit.httpd.WebSession; import com.google.gerrit.server.account.AccountException; import com.google.gerrit.server.account.AccountManager; -import com.google.gerrit.server.account.AuthMethod; import com.google.gerrit.server.account.AuthRequest; import com.google.gerrit.server.account.AuthResult; -import com.google.gerrit.server.config.AuthConfig; -import com.google.gerrit.server.config.CanonicalWebUrl; +import com.google.gwtexpui.server.CacheHeaders; import com.google.inject.Inject; import com.google.inject.Provider; import com.google.inject.Singleton; -import org.eclipse.jgit.util.Base64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; @@ -58,23 +56,20 @@ class HttpLoginServlet extends HttpServlet { private static final Logger log = LoggerFactory.getLogger(HttpLoginServlet.class); - private static final String AUTHORIZATION = "Authorization"; private final Provider<WebSession> webSession; - private final Provider<String> urlProvider; + private final CanonicalWebUrl urlProvider; private final AccountManager accountManager; - private final String loginHeader; + private final HttpAuthFilter authFilter; @Inject - HttpLoginServlet(final AuthConfig authConfig, - final Provider<WebSession> webSession, - @CanonicalWebUrl @Nullable final Provider<String> urlProvider, - final AccountManager accountManager) { + HttpLoginServlet(final Provider<WebSession> webSession, + final CanonicalWebUrl urlProvider, + final AccountManager accountManager, + final HttpAuthFilter authFilter) { this.webSession = webSession; this.urlProvider = urlProvider; this.accountManager = accountManager; - - final String hdr = authConfig.getLoginHttpHeader(); - this.loginHeader = hdr != null && !hdr.equals("") ? hdr : AUTHORIZATION; + this.authFilter = authFilter; } @Override @@ -86,19 +81,16 @@ class HttpLoginServlet extends HttpServlet { return; } - rsp.setHeader("Expires", "Fri, 01 Jan 1980 00:00:00 GMT"); - rsp.setHeader("Pragma", "no-cache"); - rsp.setHeader("Cache-Control", "no-cache, must-revalidate"); - - final String user = getRemoteUser(req); + CacheHeaders.setNotCacheable(rsp); + final String user = authFilter.getRemoteUser(req); if (user == null || "".equals(user)) { - log.error("Unable to authenticate user by " + loginHeader + log.error("Unable to authenticate user by " + authFilter.getLoginHeader() + " request header. Check container or server configuration."); final Document doc = HtmlDomUtil.parseFile( // HttpLoginServlet.class, "ConfigurationError.html"); - replace(doc, "loginHeader", loginHeader); + replace(doc, "loginHeader", authFilter.getLoginHeader()); replace(doc, "ServerName", req.getServerName()); replace(doc, "ServerPort", ":" + req.getServerPort()); replace(doc, "ContextPath", req.getContextPath()); @@ -129,15 +121,14 @@ class HttpLoginServlet extends HttpServlet { } final StringBuilder rdr = new StringBuilder(); - rdr.append(urlProvider.get()); + rdr.append(urlProvider.get(req)); rdr.append('#'); if (arsp.isNew() && !token.startsWith(PageLinks.REGISTER + "/")) { rdr.append(PageLinks.REGISTER); } rdr.append(token); - webSession.get().login(arsp, AuthMethod.COOKIE, - true /* persistent cookie */); + webSession.get().login(arsp, true /* persistent cookie */); rsp.sendRedirect(rdr.toString()); } @@ -173,50 +164,4 @@ class HttpLoginServlet extends HttpServlet { } return token; } - - private String getRemoteUser(final HttpServletRequest req) { - if (AUTHORIZATION.equals(loginHeader)) { - final String user = req.getRemoteUser(); - if (user != null && !"".equals(user)) { - // The container performed the authentication, and has the user - // identity already decoded for us. Honor that as we have been - // configured to honor HTTP authentication. - // - return user; - } - - // If the container didn't do the authentication we might - // have done it in the front-end web server. Try to split - // the identity out of the Authorization header and honor it. - // - String auth = req.getHeader(AUTHORIZATION); - if (auth == null || "".equals(auth)) { - return null; - - } else if (auth.startsWith("Basic ")) { - auth = auth.substring("Basic ".length()); - auth = new String(Base64.decode(auth)); - final int c = auth.indexOf(':'); - return c > 0 ? auth.substring(0, c) : null; - - } else if (auth.startsWith("Digest ")) { - final int u = auth.indexOf("username=\""); - if (u <= 0) { - return null; - } - auth = auth.substring(u + 10); - final int e = auth.indexOf('"'); - return e > 0 ? auth.substring(0, auth.indexOf('"')) : null; - - } else { - return null; - } - } else { - // Nonstandard HTTP header. We have been told to trust this - // header blindly as-is. - // - final String user = req.getHeader(loginHeader); - return user != null && !"".equals(user) ? user : null; - } - } } |