summaryrefslogtreecommitdiffstats
path: root/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java')
-rw-r--r--java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java18
1 files changed, 17 insertions, 1 deletions
diff --git a/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java b/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java
index 7fcd4f8de9..de989ac7c8 100644
--- a/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java
+++ b/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java
@@ -52,6 +52,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
+import org.eclipse.jgit.http.server.GitSmartHttpTools;
/**
* Authenticates the current user by HTTP basic authentication.
@@ -100,11 +101,21 @@ class ProjectBasicAuthFilter implements Filter {
HttpServletRequest req = (HttpServletRequest) request;
Response rsp = new Response((HttpServletResponse) response);
- if (session.get().isSignedIn() || verify(req, rsp)) {
+ if (isSignedInGitRequest(req) || verify(req, rsp)) {
chain.doFilter(req, rsp);
}
}
+ private boolean isSignedInGitRequest(HttpServletRequest req) {
+ boolean isGitRequest = req.getRequestURI() != null && GitSmartHttpTools.isGitClient(req);
+ boolean isAlreadySignedIn = session.get().isSignedIn();
+ boolean res = isAlreadySignedIn && isGitRequest;
+ logger.atFine().log(
+ "HTTP:%s %s signedIn=%s (isAlreadySignedIn=%s, isGitRequest=%s)",
+ req.getMethod(), req.getRequestURI(), res, isAlreadySignedIn, isGitRequest);
+ return res;
+ }
+
private boolean verify(HttpServletRequest req, Response rsp) throws IOException {
final String hdr = req.getHeader(AUTHORIZATION);
if (hdr == null || !hdr.startsWith(LIT_BASIC)) {
@@ -145,6 +156,9 @@ class ProjectBasicAuthFilter implements Filter {
if (gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP
|| gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP_LDAP) {
if (PasswordVerifier.checkPassword(who.externalIds(), username, password)) {
+ logger.atFine().log(
+ "HTTP:%s %s username/password authentication succeeded",
+ req.getMethod(), req.getRequestURI());
return succeedAuthentication(who, null);
}
}
@@ -159,6 +173,8 @@ class ProjectBasicAuthFilter implements Filter {
try {
AuthResult whoAuthResult = accountManager.authenticate(whoAuth);
setUserIdentified(whoAuthResult.getAccountId(), whoAuthResult);
+ logger.atFine().log(
+ "HTTP:%s %s Realm authentication succeeded", req.getMethod(), req.getRequestURI());
return true;
} catch (NoSuchUserException e) {
if (PasswordVerifier.checkPassword(who.externalIds(), username, password)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 02:02:11 +0000