Commits

Sebastian Sdorra  committed b696afe

do not use security context in core plugins and samples

  • Participants
  • Parent commits 87af031
  • Branches apache-shiro

Comments (0)

Files changed (5)

File scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitPermissionFilter.java

 
 import sonia.scm.repository.RepositoryProvider;
 import sonia.scm.web.filter.ProviderPermissionFilter;
-import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
   @Inject
   public GitPermissionFilter(
           ScmConfiguration configuration,
-          Provider<WebSecurityContext> securityContextProvider,
           RepositoryProvider repositoryProvider)
   {
-    super(configuration, securityContextProvider, repositoryProvider);
+    super(configuration, repositoryProvider);
   }
 
   //~--- get methods ----------------------------------------------------------

File scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgHookCallbackServlet.java

 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import sonia.scm.repository.RepositoryNotFoundException;
 import sonia.scm.repository.RepositoryUtil;
 import sonia.scm.security.CipherUtil;
+import sonia.scm.security.ScmAuthenticationToken;
 import sonia.scm.util.HttpUtil;
 import sonia.scm.util.Util;
-import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
    * @param securityContextProvider
    */
   @Inject
-  public HgHookCallbackServlet(
-          RepositoryManager repositoryManager, HgRepositoryHandler handler,
-          HgHookManager hookManager, Provider<HgContext> contextProvider,
-          Provider<WebSecurityContext> securityContextProvider)
+  public HgHookCallbackServlet(RepositoryManager repositoryManager,
+    HgRepositoryHandler handler, HgHookManager hookManager,
+    Provider<HgContext> contextProvider)
   {
     this.repositoryManager = repositoryManager;
     this.handler = handler;
     this.hookManager = hookManager;
     this.contextProvider = contextProvider;
-    this.securityContextProvider = securityContextProvider;
   }
 
   //~--- methods --------------------------------------------------------------
    */
   @Override
   protected void doGet(HttpServletRequest request, HttpServletResponse response)
-          throws ServletException, IOException
+    throws ServletException, IOException
   {
     String ping = request.getParameter(PARAM_PING);
 
    */
   @Override
   protected void doPost(HttpServletRequest request,
-                        HttpServletResponse response)
-          throws ServletException, IOException
+    HttpServletResponse response)
+    throws ServletException, IOException
   {
     String strippedURI = HttpUtil.getStrippedURI(request);
     Matcher m = REGEX_URL.matcher(strippedURI);
    * @param credentials
    */
   private void authenticate(HttpServletRequest request,
-                            HttpServletResponse response, String credentials)
+    HttpServletResponse response, String credentials)
   {
     try
     {
 
         if (credentialsArray.length >= 2)
         {
-          WebSecurityContext context = securityContextProvider.get();
+          Subject subject = SecurityUtils.getSubject();
 
-          context.authenticate(request, response, credentialsArray[0],
-                               credentialsArray[1]);
+          subject.login(new ScmAuthenticationToken(request, response,
+            credentialsArray[0], credentialsArray[1]));
         }
       }
     }
    * @throws IOException
    */
   private void fireHook(HttpServletResponse response, String repositoryName,
-                        String node, RepositoryHookType type)
-          throws IOException
+    String node, RepositoryHookType type)
+    throws IOException
   {
     try
     {
       }
 
       repositoryManager.fireHookEvent(HgRepositoryHandler.TYPE_NAME,
-                                      repositoryName,
-                                      new HgRepositoryHookEvent(handler,
-                                        repositoryName, node, type));
+        repositoryName,
+        new HgRepositoryHookEvent(handler, repositoryName, node, type));
     }
     catch (RepositoryNotFoundException ex)
     {
    * @throws IOException
    */
   private void hookCallback(HttpServletResponse response,
-                            String repositoryName, String typeName,
-                            String challenge, String node)
-          throws IOException
+    String repositoryName, String typeName, String challenge, String node)
+    throws IOException
   {
     if (hookManager.isAcceptAble(challenge))
     {
 
   /** Field description */
   private RepositoryManager repositoryManager;
-
-  /** Field description */
-  private Provider<WebSecurityContext> securityContextProvider;
 }

File scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java

 //~--- non-JDK imports --------------------------------------------------------
 
 import com.google.inject.Inject;
-import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.repository.RepositoryProvider;
 import sonia.scm.web.filter.ProviderPermissionFilter;
-import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
 import javax.servlet.http.HttpServletRequest;
-import sonia.scm.config.ScmConfiguration;
 
 /**
  *
    *
    *
    * @param securityContextProvider
+   *
+   * @param configuration
    * @param repositoryProvider
    */
   @Inject
-  public HgPermissionFilter(
-          ScmConfiguration configuration,
-          Provider<WebSecurityContext> securityContextProvider,
-          RepositoryProvider repositoryProvider)
+  public HgPermissionFilter(ScmConfiguration configuration,
+    RepositoryProvider repositoryProvider)
   {
-    super(configuration, securityContextProvider, repositoryProvider);
+    super(configuration, repositoryProvider);
   }
 
   //~--- get methods ----------------------------------------------------------

File scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java

 
 import com.google.common.collect.ImmutableSet;
 import com.google.inject.Inject;
-import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.repository.RepositoryProvider;
 import sonia.scm.web.filter.ProviderPermissionFilter;
-import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
    * @param repository
    */
   @Inject
-  public SvnPermissionFilter(
-          ScmConfiguration configuration,
-          Provider<WebSecurityContext> securityContextProvider,
-          RepositoryProvider repository)
+  public SvnPermissionFilter(ScmConfiguration configuration,
+    RepositoryProvider repository)
   {
-    super(configuration, securityContextProvider, repository);
+    super(configuration, repository);
   }
 
   //~--- get methods ----------------------------------------------------------

File scm-samples/scm-sample-hello/src/main/java/sample/hello/HelloResource.java

 
 //~--- non-JDK imports --------------------------------------------------------
 
-import com.google.inject.Inject;
-import com.google.inject.Provider;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
 
-import sonia.scm.security.SecurityContext;
+import sonia.scm.user.User;
 
 //~--- JDK imports ------------------------------------------------------------
 
    *
    * @param securityContextProvider
    */
-  @Inject
-  public HelloResource(Provider<SecurityContext> securityContextProvider)
+  public HelloResource()
   {
-    message = "Hello "
-              + securityContextProvider.get().getUser().getDisplayName();
+    Subject subject = SecurityUtils.getSubject();
+    String displayName = "Unknown";
+
+    if (subject.isAuthenticated())
+    {
+      displayName =
+        subject.getPrincipals().oneByType(User.class).getDisplayName();
+    }
+
+    message = "Hello " + displayName;
   }
 
   //~--- get methods ----------------------------------------------------------