diff options
Diffstat (limited to 'java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java')
-rw-r--r-- | java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java b/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java index 7fcd4f8de9..de989ac7c8 100644 --- a/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java +++ b/java/com/google/gerrit/httpd/ProjectBasicAuthFilter.java @@ -52,6 +52,7 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponseWrapper; +import org.eclipse.jgit.http.server.GitSmartHttpTools; /** * Authenticates the current user by HTTP basic authentication. @@ -100,11 +101,21 @@ class ProjectBasicAuthFilter implements Filter { HttpServletRequest req = (HttpServletRequest) request; Response rsp = new Response((HttpServletResponse) response); - if (session.get().isSignedIn() || verify(req, rsp)) { + if (isSignedInGitRequest(req) || verify(req, rsp)) { chain.doFilter(req, rsp); } } + private boolean isSignedInGitRequest(HttpServletRequest req) { + boolean isGitRequest = req.getRequestURI() != null && GitSmartHttpTools.isGitClient(req); + boolean isAlreadySignedIn = session.get().isSignedIn(); + boolean res = isAlreadySignedIn && isGitRequest; + logger.atFine().log( + "HTTP:%s %s signedIn=%s (isAlreadySignedIn=%s, isGitRequest=%s)", + req.getMethod(), req.getRequestURI(), res, isAlreadySignedIn, isGitRequest); + return res; + } + private boolean verify(HttpServletRequest req, Response rsp) throws IOException { final String hdr = req.getHeader(AUTHORIZATION); if (hdr == null || !hdr.startsWith(LIT_BASIC)) { @@ -145,6 +156,9 @@ class ProjectBasicAuthFilter implements Filter { if (gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP || gitBasicAuthPolicy == GitBasicAuthPolicy.HTTP_LDAP) { if (PasswordVerifier.checkPassword(who.externalIds(), username, password)) { + logger.atFine().log( + "HTTP:%s %s username/password authentication succeeded", + req.getMethod(), req.getRequestURI()); return succeedAuthentication(who, null); } } @@ -159,6 +173,8 @@ class ProjectBasicAuthFilter implements Filter { try { AuthResult whoAuthResult = accountManager.authenticate(whoAuth); setUserIdentified(whoAuthResult.getAccountId(), whoAuthResult); + logger.atFine().log( + "HTTP:%s %s Realm authentication succeeded", req.getMethod(), req.getRequestURI()); return true; } catch (NoSuchUserException e) { if (PasswordVerifier.checkPassword(who.externalIds(), username, password)) { |