private Authentication getNonUiCachedAuthentication(HttpServletRequest request) {
// return cached authentication only if this is a non ui request (this guards the case when user
// accessed
// Artifactory both from external tool and from the ui)
AuthCacheKey authCacheKey =
new AuthCacheKey(authFilter.getCacheKey(request), request.getRemoteAddr());
return RequestUtils.isUiRequest(request) ? null : nonUiAuthCache.get(authCacheKey);
}
@SuppressWarnings({"ThrowableInstanceNeverThrown"})
private void useAnonymousIfPossible(
HttpServletRequest request,
HttpServletResponse response,
FilterChain chain,
SecurityContext securityContext)
throws IOException, ServletException {
boolean anonAccessEnabled = context.getAuthorizationService().isAnonAccessEnabled();
if (anonAccessEnabled || authInterceptors.accept(request)) {
log.debug("Using anonymous");
Authentication authentication = getNonUiCachedAuthentication(request);
if (authentication == null) {
log.debug("Creating the Anonymous token");
final UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(UserInfo.ANONYMOUS, "");
AuthenticationDetailsSource ads = new HttpAuthenticationDetailsSource();
//noinspection unchecked
authRequest.setDetails(ads.buildDetails(request));
// explicitly ask for the default spring authentication manager by name (we have another one
// which
// is only used by the basic authentication filter)
AuthenticationManager authenticationManager =
context.beanForType("authenticationManager", AuthenticationManager.class);
authentication = authenticationManager.authenticate(authRequest);
if (authentication != null
&& authentication.isAuthenticated()
&& !RequestUtils.isUiRequest(request)) {
AuthCacheKey authCacheKey =
new AuthCacheKey(authFilter.getCacheKey(request), request.getRemoteAddr());
nonUiAuthCache.put(authCacheKey, authentication);
log.debug("Added anonymous authentication {} to cache", authentication);
}
} else {
log.debug("Using cached anonymous authentication");
}
useAuthentication(request, response, chain, authentication, securityContext);
} else {
if (authFilter.acceptEntry(request)) {
log.debug("Sending request requiring authentication");
authFilter.commence(
request,
response,
new InsufficientAuthenticationException("Authentication is required"));
} else {
log.debug("No filter or entry just chain");
chain.doFilter(request, response);
}
}
}
private void authenticateAndExecute(
HttpServletRequest request,
HttpServletResponse response,
FilterChain chain,
SecurityContext securityContext)
throws IOException, ServletException {
// Try to see if authentication in cache based on the hashed header and client ip
Authentication authentication = getNonUiCachedAuthentication(request);
if (authentication != null
&& authentication.isAuthenticated()
&& !reAuthenticationRequired(request, authentication)) {
log.debug("Header authentication {} found in cache.", authentication);
useAuthentication(request, response, chain, authentication, securityContext);
// Add to user change cache the login state
addToUserChange(authentication);
return;
}
try {
authFilter.doFilter(request, response, chain);
} finally {
Authentication newAuthentication = securityContext.getAuthentication();
if (newAuthentication != null && newAuthentication.isAuthenticated()) {
// Add to user change cache the login state
addToUserChange(newAuthentication);
// Save authentication like in Wicket Session (if session exists)
if (RequestUtils.setAuthentication(request, newAuthentication, false)) {
log.debug("Added authentication {} in Http session.", newAuthentication);
} else {
// If it did not work use the header cache
// An authorization cache key with no header can only be used for Anonymous authentication
AuthCacheKey authCacheKey =
new AuthCacheKey(authFilter.getCacheKey(request), request.getRemoteAddr());
String username = newAuthentication.getName();
if ((UserInfo.ANONYMOUS.equals(username) && authCacheKey.hasEmptyHeader())
|| (!UserInfo.ANONYMOUS.equals(username) && !authCacheKey.hasEmptyHeader())) {
nonUiAuthCache.put(authCacheKey, newAuthentication);
userChangedCache.get(username).addAuthCacheKey(authCacheKey);
log.debug("Added authentication {} in cache.", newAuthentication);
}
}
}
securityContext.setAuthentication(null);
}
}
