Package com.gitblit.wicket

Examples of com.gitblit.wicket.GitBlitWebSession


  protected GitBlitWebApp app() {
    return GitBlitWebApp.get();
  }

  private void login() {
    GitBlitWebSession session = GitBlitWebSession.get();
    if (session.isLoggedIn() && !session.isSessionInvalidated()) {
      // already have a session, refresh usermodel to pick up
      // any changes to permissions or roles (issue-186)
      UserModel user = app().users().getUserModel(session.getUser().username);

      if (user == null || user.disabled) {
        // user was deleted/disabled during session
        HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())
            .getHttpServletResponse();
        app().authentication().logout(response, user);
        session.setUser(null);
        session.invalidateNow();
        return;
      }

      // validate cookie during session (issue-361)
      if (user != null && app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
        HttpServletRequest request = ((WebRequest) getRequestCycle().getRequest())
            .getHttpServletRequest();
        String requestCookie = app().authentication().getCookie(request);
        if (!StringUtils.isEmpty(requestCookie) && !StringUtils.isEmpty(user.cookie)) {
          if (!requestCookie.equals(user.cookie)) {
            // cookie was changed during our session
            HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())
                .getHttpServletResponse();
            app().authentication().logout(response, user);
            session.setUser(null);
            session.invalidateNow();
            return;
          }
        }
      }
      session.setUser(user);
      return;
    }

    // try to authenticate by servlet request
    HttpServletRequest httpRequest = ((WebRequest) getRequestCycle().getRequest())
        .getHttpServletRequest();
    UserModel user = app().authentication().authenticate(httpRequest);

    // Login the user
    if (user != null) {
      // issue 62: fix session fixation vulnerability
      session.replaceSession();
      session.setUser(user);

      // Set Cookie
      WebResponse response = (WebResponse) getRequestCycle().getResponse();
      app().authentication().setCookie(response.getHttpServletResponse(), user);

      session.continueRequest();
    }
  }
View Full Code Here


    String restriction = app().settings().getString(Keys.git.defaultAccessRestriction, "PUSH");
    model.accessRestriction = AccessRestrictionType.fromName(restriction);
    String authorization = app().settings().getString(Keys.git.defaultAuthorizationControl, null);
    model.authorizationControl = AuthorizationControl.fromName(authorization);

    GitBlitWebSession session = GitBlitWebSession.get();
    UserModel user = session.getUser();
    if (user != null && user.canCreate() && !user.canAdmin()) {
      // personal create permissions, inject personal repository path
      model.name = user.getPersonalPath() + "/";
      model.projectPath = user.getPersonalPath();
      model.addOwner(user.username);
View Full Code Here

    final List<RegistrantAccessPermission> repositoryUsers = new ArrayList<RegistrantAccessPermission>();
    final List<RegistrantAccessPermission> repositoryTeams = new ArrayList<RegistrantAccessPermission>();
    List<String> preReceiveScripts = new ArrayList<String>();
    List<String> postReceiveScripts = new ArrayList<String>();

    GitBlitWebSession session = GitBlitWebSession.get();
    final UserModel user = session.getUser() == null ? UserModel.ANONYMOUS : session.getUser();
    final boolean allowEditName = isCreate || isAdmin || repositoryModel.isUsersPersonalRepository(user.username);

    if (isCreate) {
      if (user.canAdmin()) {
        super.setupPage(getString("gb.newRepository"), "");
View Full Code Here

   */
  private void checkPermissions(RepositoryModel model) {
    boolean authenticateAdmin = app().settings().getBoolean(Keys.web.authenticateAdminPages, true);
    boolean allowAdmin = app().settings().getBoolean(Keys.web.allowAdministration, true);

    GitBlitWebSession session = GitBlitWebSession.get();
    UserModel user = session.getUser();

    if (allowAdmin) {
      if (authenticateAdmin) {
        if (user == null) {
          // No Login Available
View Full Code Here

  }

  private void loginUser(UserModel user) {
    if (user != null) {
      // Set the user into the session
      GitBlitWebSession session = GitBlitWebSession.get();
      // issue 62: fix session fixation vulnerability
      session.replaceSession();
      session.setUser(user);

      // Set Cookie
      if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {
        WebResponse response = (WebResponse) getRequestCycle().getResponse();
        app().authentication().setCookie(response.getHttpServletResponse(), user);
      }

      if (!session.continueRequest()) {
        PageParameters params = getPageParameters();
        if (params == null) {
          // redirect to this page
          setResponsePage(getClass());
        } else {
View Full Code Here

    public UserMenu(String id, String markupId, MarkupContainer markupProvider) {
      super(id, markupId, markupProvider);
      setRenderBodyOnly(true);

      GitBlitWebSession session = GitBlitWebSession.get();
      UserModel user = session.getUser();
      boolean editCredentials = app().authentication().supportsCredentialChanges(user);
      boolean standardLogin = session.authenticationType.isStandard();

      if (app().settings().getBoolean(Keys.web.allowGravatar, true)) {
        add(new GravatarImage("username", user, "navbarGravatar", 20, false));
View Full Code Here

public class LogoutPage extends BasePage {

  public LogoutPage() {
    super();
    GitBlitWebSession session = GitBlitWebSession.get();
    UserModel user = session.getUser();
    app().authentication().logout(((WebResponse) getResponse()).getHttpServletResponse(), user);
    session.invalidate();

    /*
     * Now check whether the authentication was realized via the Authorization in the header.
     * If so, it is likely to be cached by the browser, and cannot be undone. Effectively, this means
     * that you cannot log out...
View Full Code Here

  protected void flagWicketSession(AuthenticationType authenticationType) {
    RequestCycle requestCycle = RequestCycle.get();
    if (requestCycle != null) {
      // flag the Wicket session, if this is a Wicket request
      GitBlitWebSession session = GitBlitWebSession.get();
      session.authenticationType = authenticationType;
    }
  }
View Full Code Here

   * @param user
   */
  @Override
  public void setCookie(HttpServletResponse response, UserModel user) {
    if (settings.getBoolean(Keys.web.allowCookieAuthentication, true)) {
      GitBlitWebSession session = GitBlitWebSession.get();
      boolean standardLogin = session.authenticationType.isStandard();

      if (standardLogin) {
        Cookie userCookie;
        if (user == null) {
View Full Code Here

    String restriction = app().settings().getString(Keys.git.defaultAccessRestriction, "PUSH");
    model.accessRestriction = AccessRestrictionType.fromName(restriction);
    String authorization = app().settings().getString(Keys.git.defaultAuthorizationControl, null);
    model.authorizationControl = AuthorizationControl.fromName(authorization);

    GitBlitWebSession session = GitBlitWebSession.get();
    UserModel user = session.getUser();
    if (user != null && user.canCreate() && !user.canAdmin()) {
      // personal create permissions, inject personal repository path
      model.name = user.getPersonalPath() + "/";
      model.projectPath = user.getPersonalPath();
      model.addOwner(user.username);
View Full Code Here

TOP

Related Classes of com.gitblit.wicket.GitBlitWebSession

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.