Mercurial > hg > tc-symbol-server

changeset 70:0da1c245f7a4 8.1.x

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
log most of details of auth process
author Evgeniy.Koshkin
date Thu, 27 Feb 2014 12:10:05 +0400
parents bcbd2edf332e
children 680794336d02
files server/src/jetbrains/buildServer/symbols/AuthHelper.java
diffstat 1 files changed, 29 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/server/src/jetbrains/buildServer/symbols/AuthHelper.java	Wed Feb 26 18:34:28 2014 +0400
+++ b/server/src/jetbrains/buildServer/symbols/AuthHelper.java	Thu Feb 27 12:10:05 2014 +0400
@@ -7,6 +7,7 @@
 import jetbrains.buildServer.users.SUser;
 import jetbrains.buildServer.users.UserModel;
 import jetbrains.buildServer.util.Predicate;
+import org.apache.log4j.Logger;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
@@ -19,6 +20,8 @@
  */
 public class AuthHelper {
 
+  private static final Logger LOG = Logger.getLogger(AuthHelper.class);
+
   @NotNull private final ServerSettings myServerSettings;
   @NotNull private final UserModel myUserModel;
   @NotNull private final HttpAuthenticationManager myAuthManager;
@@ -36,23 +39,46 @@
                                     @NotNull HttpServletResponse response,
                                     @NotNull Predicate<SUser> hasPermissions) throws IOException {
     if(myServerSettings.isGuestLoginAllowed()) {
+      LOG.debug("Guest access enabled on the server. Trying to check permissions of Guest.");
       final SUser guestUser = myUserModel.getGuestUser();
-      if(hasPermissions.apply(guestUser)) return guestUser;
+      if (hasPermissions.apply(guestUser)) {
+        LOG.debug("Guest user has enough permissions to process request.");
+        return guestUser;
+      }
+      LOG.debug("Guest user has NO permissions to process request. Will try to authenticate incoming request.");
+    } else {
+      LOG.debug("Guest access disabled on the server. Will try to authenticate incoming request.");
     }
+    LOG.debug("Trying to authenticate incoming request.");
     final HttpAuthenticationResult authResult = myAuthManager.processAuthenticationRequest(request, response, false);
     switch (authResult.getType()) {
       case NOT_APPLICABLE:
+        //TODO
+        LOG.debug("NOT_APPLICABLE");
         myAuthManager.processUnauthenticatedRequest(request, response, "", false);
         return null;
       case UNAUTHENTICATED:
+        //TODO
+        LOG.debug("UNAUTHENTICATED");
         return null;
     }
+    LOG.debug("Incoming request was authenticated successfully.");
     final ServerPrincipal principal = authResult.getPrincipal();
-    final SUser user = myUserModel.findUserAccount(principal.getRealm(), principal.getName());
+    final String realm = principal.getRealm();
+    final String name = principal.getName();
+    final SUser user = myUserModel.findUserAccount(realm, name);
     if(user == null){
+      LOG.warn(String.format("Failed to find user account by realm (%s) and name (%s)", realm, name));
       response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access denied");
       return null;
     }
-    return hasPermissions.apply(user) ? user : null;
+    LOG.debug(String.format("Found user account (id %s) by realm (%s) and name (%s)", user.getId(), realm, name));
+    final boolean hasAccess = hasPermissions.apply(user);
+    if (hasAccess) {
+      LOG.debug(String.format("Located user (name %s) has enough permissions to process the request.", name));
+      return user;
+    }
+    LOG.warn(String.format("Located user (name %s) has NO permissions to process the request.", name));
+    return null;
   }
 }