Mercurial > hg > tc-symbol-server
changeset 37:7e971d72b49c auth
switch between of guestAuth and httpAuth implemented
author | Evgeniy.Koshkin |
---|---|
date | Thu, 29 Aug 2013 15:29:22 +0400 |
parents | 53abede95333 |
children | 6f43b1252b32 |
files | server/src/META-INF/build-server-plugin-symbol-server.xml server/src/jetbrains/buildServer/symbols/AuthHelper.java server/src/jetbrains/buildServer/symbols/DownloadSourcesController.java server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java |
diffstat | 4 files changed, 84 insertions(+), 61 deletions(-) [+] |
line wrap: on
line diff
--- a/server/src/META-INF/build-server-plugin-symbol-server.xml Tue Aug 27 16:19:31 2013 +0400 +++ b/server/src/META-INF/build-server-plugin-symbol-server.xml Thu Aug 29 15:29:22 2013 +0400 @@ -14,4 +14,6 @@ <bean class="jetbrains.buildServer.symbols.DownloadSymbolsController"/> <bean class="jetbrains.buildServer.symbols.DownloadSourcesController"/> + <bean class="jetbrains.buildServer.symbols.AuthHelper"/> + </beans>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/server/src/jetbrains/buildServer/symbols/AuthHelper.java Thu Aug 29 15:29:22 2013 +0400 @@ -0,0 +1,58 @@ +package jetbrains.buildServer.symbols; + +import jetbrains.buildServer.controllers.interceptors.auth.HttpAuthenticationManager; +import jetbrains.buildServer.controllers.interceptors.auth.HttpAuthenticationResult; +import jetbrains.buildServer.serverSide.auth.ServerPrincipal; +import jetbrains.buildServer.serverSide.impl.ServerSettings; +import jetbrains.buildServer.users.SUser; +import jetbrains.buildServer.users.UserModel; +import jetbrains.buildServer.util.Predicate; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @author Evgeniy.Koshkin + */ +public class AuthHelper { + + @NotNull private final ServerSettings myServerSettings; + @NotNull private final UserModel myUserModel; + @NotNull private final HttpAuthenticationManager myAuthManager; + + public AuthHelper(@NotNull ServerSettings serverSettings, + @NotNull UserModel userModel, + @NotNull HttpAuthenticationManager authManager) { + myServerSettings = serverSettings; + myUserModel = userModel; + myAuthManager = authManager; + } + + @Nullable + public SUser getAuthenticatedUser(@NotNull HttpServletRequest request, + @NotNull HttpServletResponse response, + @NotNull Predicate<SUser> hasPermissions) throws IOException { + if(myServerSettings.isGuestLoginAllowed()) { + final SUser guestUser = myUserModel.getGuestUser(); + if(hasPermissions.apply(guestUser)) return guestUser; + } + final HttpAuthenticationResult authResult = myAuthManager.processAuthenticationRequest(request, response); + switch (authResult.getType()) { + case NOT_APPLICABLE: + myAuthManager.processUnauthenticatedRequest(request, response); + return null; + case UNAUTHENTICATED: + return null; + } + final ServerPrincipal principal = authResult.getPrincipal(); + final SUser user = myUserModel.findUserAccount(principal.getRealm(), principal.getName()); + if(user == null){ + response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access denied"); + return null; + } + return hasPermissions.apply(user) ? user : null; + } +}
--- a/server/src/jetbrains/buildServer/symbols/DownloadSourcesController.java Tue Aug 27 16:19:31 2013 +0400 +++ b/server/src/jetbrains/buildServer/symbols/DownloadSourcesController.java Thu Aug 29 15:29:22 2013 +0400 @@ -18,13 +18,9 @@ import jetbrains.buildServer.controllers.AuthorizationInterceptor; import jetbrains.buildServer.controllers.BaseController; -import jetbrains.buildServer.controllers.interceptors.auth.HttpAuthenticationManager; -import jetbrains.buildServer.controllers.interceptors.auth.HttpAuthenticationResult; import jetbrains.buildServer.serverSide.SBuildServer; -import jetbrains.buildServer.serverSide.auth.Permission; -import jetbrains.buildServer.serverSide.auth.ServerPrincipal; import jetbrains.buildServer.users.SUser; -import jetbrains.buildServer.users.UserModel; +import jetbrains.buildServer.util.Predicate; import jetbrains.buildServer.web.openapi.WebControllerManager; import jetbrains.buildServer.web.util.WebUtil; import org.apache.log4j.Logger; @@ -44,17 +40,14 @@ private static final String VALID_URL_PATTERN = ".*/builds/id-\\d*/sources/.*"; private static final Logger LOG = Logger.getLogger(DownloadSourcesController.class); - @NotNull private final UserModel myUserModel; - @NotNull private final HttpAuthenticationManager myAuthManager; + @NotNull private final AuthHelper myAuthHelper; public DownloadSourcesController(@NotNull SBuildServer server, @NotNull WebControllerManager webManager, @NotNull AuthorizationInterceptor authInterceptor, - @NotNull UserModel userModel, - @NotNull HttpAuthenticationManager authManager) { + @NotNull AuthHelper authHelper) { super(server); - myUserModel = userModel; - myAuthManager = authManager; + myAuthHelper = authHelper; final String path = SymbolsConstants.APP_SOURCES + "**"; webManager.registerController(path, this); authInterceptor.addPathNotRequiringAuth(path); @@ -69,26 +62,12 @@ return null; } - final HttpAuthenticationResult authResult = myAuthManager.processAuthenticationRequest(request, response); - switch (authResult.getType()) { - case NOT_APPLICABLE: - response.sendError(HttpServletResponse.SC_NOT_ACCEPTABLE, "TODO"); //TODO error message - return null; - case UNAUTHENTICATED: - return null; - } - - final ServerPrincipal principal = authResult.getPrincipal(); - final SUser user = myUserModel.findUserAccount(principal.getRealm(), principal.getName()); - if(user == null){ - response.sendError(HttpServletResponse.SC_FORBIDDEN, "TODO"); //TODO error message - return null; - } - - if (!user.isPermissionGrantedGlobally(Permission.VIEW_FILE_CONTENT)) { //TODO: check permissions locally (for particular project) - response.sendError(HttpServletResponse.SC_FORBIDDEN, "You have no permissions to view source files content."); - return null; - } + final SUser user = myAuthHelper.getAuthenticatedUser(request, response, new Predicate<SUser>() { + public boolean apply(SUser user) { + return true; + } + }); + if (user == null) return null; String restMethodUrl = requestURI.replace("/builds/id-", "/builds/id:").replace("/app/sources/", "/app/rest/"); final String contextPath = request.getContextPath();
--- a/server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java Tue Aug 27 16:19:31 2013 +0400 +++ b/server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java Thu Aug 29 15:29:22 2013 +0400 @@ -2,26 +2,24 @@ import jetbrains.buildServer.controllers.AuthorizationInterceptor; import jetbrains.buildServer.controllers.BaseController; -import jetbrains.buildServer.controllers.interceptors.auth.HttpAuthenticationManager; -import jetbrains.buildServer.controllers.interceptors.auth.HttpAuthenticationResult; import jetbrains.buildServer.serverSide.SBuild; import jetbrains.buildServer.serverSide.SBuildServer; import jetbrains.buildServer.serverSide.SecurityContextEx; import jetbrains.buildServer.serverSide.artifacts.BuildArtifact; import jetbrains.buildServer.serverSide.artifacts.BuildArtifactsViewMode; import jetbrains.buildServer.serverSide.auth.Permission; -import jetbrains.buildServer.serverSide.auth.ServerPrincipal; import jetbrains.buildServer.serverSide.metadata.BuildMetadataEntry; import jetbrains.buildServer.serverSide.metadata.MetadataStorage; import jetbrains.buildServer.users.SUser; -import jetbrains.buildServer.users.UserModel; import jetbrains.buildServer.util.FileUtil; +import jetbrains.buildServer.util.Predicate; import jetbrains.buildServer.web.openapi.WebControllerManager; import jetbrains.buildServer.web.util.WebUtil; import org.apache.log4j.Logger; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.springframework.web.servlet.ModelAndView; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.BufferedOutputStream; @@ -39,23 +37,20 @@ private static final Logger LOG = Logger.getLogger(DownloadSymbolsController.class); - @NotNull private final UserModel myUserModel; @NotNull private final SecurityContextEx mySecurityContext; @NotNull private final MetadataStorage myBuildMetadataStorage; - @NotNull private final HttpAuthenticationManager myAuthManager; + @NotNull private final AuthHelper myAuthHelper; public DownloadSymbolsController(@NotNull SBuildServer server, @NotNull WebControllerManager controllerManager, @NotNull AuthorizationInterceptor authInterceptor, @NotNull SecurityContextEx securityContext, - @NotNull HttpAuthenticationManager authManager, - @NotNull UserModel userModel, - @NotNull MetadataStorage buildMetadataStorage) { + @NotNull MetadataStorage buildMetadataStorage, + @NotNull AuthHelper authHelper) { super(server); mySecurityContext = securityContext; - myUserModel = userModel; myBuildMetadataStorage = buildMetadataStorage; - myAuthManager = authManager; + myAuthHelper = authHelper; final String path = SymbolsConstants.APP_SYMBOLS + "**"; controllerManager.registerController(path, this); authInterceptor.addPathNotRequiringAuth(path); @@ -80,25 +75,14 @@ return null; } - final HttpAuthenticationResult authResult = myAuthManager.processAuthenticationRequest(request, response); - switch (authResult.getType()) { - case NOT_APPLICABLE: - response.sendError(HttpServletResponse.SC_NOT_ACCEPTABLE, "TODO"); //TODO error message - return null; - case UNAUTHENTICATED: - return null; - } - - final ServerPrincipal principal = authResult.getPrincipal(); - final SUser user = myUserModel.findUserAccount(principal.getRealm(), principal.getName()); - if(user == null){ - response.sendError(HttpServletResponse.SC_FORBIDDEN, "TODO"); //TODO error message - return null; - } - if (!user.isPermissionGrantedGlobally(Permission.VIEW_BUILD_RUNTIME_DATA)) { //TODO: check permissions locally (for particular project) - response.sendError(HttpServletResponse.SC_FORBIDDEN, "You have no permissions to download PDB files."); - return null; - } + final SUser user = myAuthHelper.getAuthenticatedUser(request, response, new Predicate<SUser>() { + public boolean apply(SUser user) { + //TODO: check permissions locally (for particular project) + //response.sendError(HttpServletResponse.SC_FORBIDDEN, "You have no permissions to download PDB files."); + return user.isPermissionGrantedForAnyProject(Permission.VIEW_BUILD_RUNTIME_DATA); + } + }); + if (user == null) return null; try { mySecurityContext.runAs(user, new SecurityContextEx.RunAsAction() {