Commits

Sebastian Sdorra committed a95d14f

added securityfilter

  • Participants
  • Parent commits 57836af

Comments (0)

Files changed (4)

scm-webapp/src/main/java/sonia/scm/ContextListener.java

 import sonia.scm.filter.StaticResourceFilter;
 import sonia.scm.security.Authenticator;
 import sonia.scm.security.DemoAuthenticator;
+import sonia.scm.security.SecurityFilter;
 
 //~--- JDK imports ------------------------------------------------------------
 
         filter(PATTERN_PAGE,
                PATTERN_STATIC_RESOURCES).through(StaticResourceFilter.class);
         filter(PATTERN_PAGE, PATTERN_COMPRESSABLE).through(GZipFilter.class);
+        filter(PATTERN_RESTAPI).through(SecurityFilter.class);
 
         // jersey
         Map<String, String> params = new HashMap<String, String>();

scm-webapp/src/main/java/sonia/scm/filter/GZipFilter.java

 
 import com.google.inject.Singleton;
 
+import sonia.scm.util.WebUtil;
+
 //~--- JDK imports ------------------------------------------------------------
 
 import java.io.IOException;
                           HttpServletResponse response, FilterChain chain)
           throws IOException, ServletException
   {
-    String ae = request.getHeader("accept-encoding");
-
-    if ((ae != null) && (ae.indexOf("gzip") != -1))
+    if (WebUtil.isGzipSupported(request))
     {
       GZipResponseWrapper wrappedResponse = new GZipResponseWrapper(response);
 

scm-webapp/src/main/java/sonia/scm/security/SecurityFilter.java

 //~--- non-JDK imports --------------------------------------------------------
 
 import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
 import sonia.scm.User;
+import sonia.scm.filter.HttpFilter;
 
 //~--- JDK imports ------------------------------------------------------------
 
 
 import java.security.Principal;
 
-
-import javax.servlet.Filter;
 import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
  *
  * @author Sebastian Sdorra
  */
-public class SecurityFilter implements Filter
+@Singleton
+public class SecurityFilter extends HttpFilter
 {
 
   /** Field description */
   /**
    * Method description
    *
-   */
-  @Override
-  public void destroy()
-  {
-
-    // do nothing
-  }
-
-  /**
-   * Method description
    *
-   *
-   * @param req
-   * @param res
+   * @param request
+   * @param response
    * @param chain
    *
    * @throws IOException
    * @throws ServletException
    */
   @Override
-  public void doFilter(ServletRequest req, ServletResponse res,
-                       FilterChain chain)
+  protected void doFilter(HttpServletRequest request,
+                          HttpServletResponse response, FilterChain chain)
           throws IOException, ServletException
   {
-    if ((req instanceof HttpServletRequest)
-        && (res instanceof HttpServletResponse))
+    String uri =
+      request.getRequestURI().substring(request.getContextPath().length());
+
+    if (!uri.startsWith(URL_AUTHENTICATION))
     {
-      HttpServletRequest request = (HttpServletRequest) req;
-      String uri =
-        request.getRequestURI().substring(request.getContextPath().length());
+      User user = authenticator.getUser(request);
 
-      if (!uri.startsWith(URL_AUTHENTICATION))
+      if (user != null)
       {
-        User user = authenticator.getUser(request);
-
-        if (user != null)
-        {
-          chain.doFilter(new ScmHttpServletRequest(request, user), res);
-        }
-        else
-        {
-          ((HttpServletResponse) res).sendError(
-              HttpServletResponse.SC_UNAUTHORIZED);
-        }
+        chain.doFilter(new ScmHttpServletRequest(request, user), response);
       }
       else
       {
-        chain.doFilter(req, res);
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
       }
     }
     else
     {
-      throw new ServletException("request is not an HttpServletRequest");
+      chain.doFilter(request, response);
     }
   }
 
-  /**
-   * Method description
-   *
-   *
-   * @param filterConfig
-   *
-   * @throws ServletException
-   */
-  @Override
-  public void init(FilterConfig filterConfig) throws ServletException
-  {
-
-    // do nothing
-  }
-
   //~--- inner classes --------------------------------------------------------
 
   /**

scm-webapp/src/main/java/sonia/scm/util/WebUtil.java

     "Tue, 09 Apr 1985 10:00:00 GMT";
 
   /** Field description */
+  public static final String HEADER_ACCEPTENCODING = "Accept-Encoding";
+
+  /** Field description */
   public static final String HEADER_CACHECONTROL = "Cache-Control";
 
   /** Field description */
    */
   public static boolean isGzipSupported(HttpServletRequest request)
   {
-    String enc = request.getHeader("Accept-Encoding");
+    String enc = request.getHeader(HEADER_ACCEPTENCODING);
 
     return (enc != null) && enc.contains("gzip");
   }