@SuppressWarnings({"ThrowableInstanceNeverThrown"})
private void useAnonymousIfPossible(
HttpServletRequest request,
HttpServletResponse response,
FilterChain chain,
SecurityContext securityContext)
throws IOException, ServletException {
boolean anonAccessEnabled = context.getAuthorizationService().isAnonAccessEnabled();
if (anonAccessEnabled || authInterceptors.accept(request)) {
log.debug("Using anonymous");
Authentication authentication = getNonUiCachedAuthentication(request);
if (authentication == null) {
log.debug("Creating the Anonymous token");
final UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(UserInfo.ANONYMOUS, "");
AuthenticationDetailsSource ads = new HttpAuthenticationDetailsSource();
//noinspection unchecked
authRequest.setDetails(ads.buildDetails(request));
// explicitly ask for the default spring authentication manager by name (we have another one
// which
// is only used by the basic authentication filter)
AuthenticationManager authenticationManager =
context.beanForType("authenticationManager", AuthenticationManager.class);
authentication = authenticationManager.authenticate(authRequest);
if (authentication != null
&& authentication.isAuthenticated()
&& !RequestUtils.isUiRequest(request)) {
AuthCacheKey authCacheKey =
new AuthCacheKey(authFilter.getCacheKey(request), request.getRemoteAddr());
nonUiAuthCache.put(authCacheKey, authentication);
log.debug("Added anonymous authentication {} to cache", authentication);
}
} else {
log.debug("Using cached anonymous authentication");
}
useAuthentication(request, response, chain, authentication, securityContext);
} else {
if (authFilter.acceptEntry(request)) {
log.debug("Sending request requiring authentication");
authFilter.commence(
request,
response,
new InsufficientAuthenticationException("Authentication is required"));
} else {
log.debug("No filter or entry just chain");
chain.doFilter(request, response);
}
}
}
@Override
public void initLater(FilterConfig filterConfig) throws ServletException {
ServletContext servletContext = filterConfig.getServletContext();
this.context = RequestUtils.getArtifactoryContext(servletContext);
ArtifactoryAuthenticationFilterChain filterChain = new ArtifactoryAuthenticationFilterChain();
// Add all the authentication filters
// TODO: [by yl] Support ordering...
filterChain.addFilters(context.beansForType(ArtifactoryAuthenticationFilter.class).values());
authFilter = filterChain;
initCaches(filterConfig);
authFilter.init(filterConfig);
authInterceptors = new AnonymousAuthenticationInterceptors();
authInterceptors.addInterceptors(
context.beansForType(AnonymousAuthenticationInterceptor.class).values());
}
private void initCaches(FilterConfig filterConfig) {
ArtifactorySystemProperties properties =
((ArtifactoryHome)
filterConfig.getServletContext().getAttribute(ArtifactoryHome.SERVLET_CTX_ATTR))
.getArtifactoryProperties();
ConstantValues idleTimeSecsProp = ConstantValues.securityAuthenticationCacheIdleTimeSecs;
long cacheIdleSecs = properties.getLongProperty(idleTimeSecsProp);
ConstantValues initSizeProp = ConstantValues.securityAuthenticationCacheInitSize;
long initSize = properties.getLongProperty(initSizeProp);
nonUiAuthCache =
CacheBuilder.newBuilder()
.softValues()
.initialCapacity((int) initSize)
.expireAfterWrite(cacheIdleSecs, TimeUnit.SECONDS)
.<AuthCacheKey, Authentication>build()
.asMap();
userChangedCache =
CacheBuilder.newBuilder()
.softValues()
.initialCapacity((int) initSize)
.expireAfterWrite(cacheIdleSecs, TimeUnit.SECONDS)
.<String, AuthenticationCache>build()
.asMap();
SecurityService securityService = context.beanForType(SecurityService.class);
securityService.addListener(this);
}
