GerritAuthenticationFilter.java

// Copyright (C) 2012 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.googlesource.gerrit.plugins.gitblit.auth;

import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;

import java.io.IOException;
import java.io.UnsupportedEncodingException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.codec.binary.Base64;

import com.gitblit.manager.IAuthenticationManager;
import com.gitblit.models.UserModel;
import com.google.gerrit.extensions.registration.DynamicItem;
import com.google.gerrit.httpd.WebSession;
import com.google.inject.Inject;
import com.google.inject.Singleton;

@Singleton
public class GerritAuthenticationFilter {
	private static final String LIT_BASIC = "Basic ";

	private final IAuthenticationManager authenticationManager;

	@Inject
	public GerritAuthenticationFilter(IAuthenticationManager authenticationManager) {
		this.authenticationManager = authenticationManager;
	}

	/**
	 * Returns the user making the request, if the user has authenticated.
	 * 
	 * @param httpRequest
	 * @return user
	 */
	public UserModel getUser(HttpServletRequest httpRequest) {
		return authenticationManager.authenticate(httpRequest);
	}

	public boolean doFilter(final DynamicItem<WebSession> webSession, ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		String hdr = httpRequest.getHeader("Authorization");
		if (hdr != null) {
			return filterBasicAuth((HttpServletRequest) request, (HttpServletResponse) response, hdr);
		} else if (webSession.get().isSignedIn()) {
			return filterSessionAuth(webSession, (HttpServletRequest) request);
		} else {
			return true;
		}
	}

	public boolean filterSessionAuth(final DynamicItem<WebSession> webSession, HttpServletRequest request) {
		request.setAttribute("gerrit-username", webSession.get().getUser().getUserName());
		request.setAttribute("gerrit-token", webSession.get().getSessionId());
		return true;
	}

	public boolean filterBasicAuth(HttpServletRequest request, HttpServletResponse response, String hdr) throws IOException,
			UnsupportedEncodingException {
		if (!hdr.startsWith(LIT_BASIC)) {
			response.setHeader("WWW-Authenticate", "Basic realm=\"Gerrit Code Review\"");
			response.sendError(SC_UNAUTHORIZED);
			return false;
		}

		final byte[] decoded = new Base64().decode(hdr.substring(LIT_BASIC.length()).getBytes());
		String encoding = request.getCharacterEncoding();
		if (encoding == null) {
			encoding = "UTF-8";
		}
		String usernamePassword = new String(decoded, encoding);
		int splitPos = usernamePassword.indexOf(':');
		if (splitPos < 1) {
			response.setHeader("WWW-Authenticate", "Basic realm=\"Gerrit Code Review\"");
			response.sendError(SC_UNAUTHORIZED);
			return false;
		}
		request.setAttribute("gerrit-username", usernamePassword.substring(0, splitPos));
		request.setAttribute("gerrit-password", usernamePassword.substring(splitPos + 1));

		return true;
	}

}