@SuppressWarnings({"ThrowableInstanceNeverThrown"}) private void useAnonymousIfPossible( HttpServletRequest request, HttpServletResponse response, FilterChain chain, SecurityContext securityContext) throws IOException, ServletException { boolean anonAccessEnabled = context.getAuthorizationService().isAnonAccessEnabled(); if (anonAccessEnabled || authInterceptors.accept(request)) { log.debug("Using anonymous"); Authentication authentication = getNonUiCachedAuthentication(request); if (authentication == null) { log.debug("Creating the Anonymous token"); final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(UserInfo.ANONYMOUS, ""); AuthenticationDetailsSource ads = new HttpAuthenticationDetailsSource(); //noinspection unchecked authRequest.setDetails(ads.buildDetails(request)); // explicitly ask for the default spring authentication manager by name (we have another one // which // is only used by the basic authentication filter) AuthenticationManager authenticationManager = context.beanForType("authenticationManager", AuthenticationManager.class); authentication = authenticationManager.authenticate(authRequest); if (authentication != null && authentication.isAuthenticated() && !RequestUtils.isUiRequest(request)) { AuthCacheKey authCacheKey = new AuthCacheKey(authFilter.getCacheKey(request), request.getRemoteAddr()); nonUiAuthCache.put(authCacheKey, authentication); log.debug("Added anonymous authentication {} to cache", authentication); } } else { log.debug("Using cached anonymous authentication"); } useAuthentication(request, response, chain, authentication, securityContext); } else { if (authFilter.acceptEntry(request)) { log.debug("Sending request requiring authentication"); authFilter.commence( request, response, new InsufficientAuthenticationException("Authentication is required")); } else { log.debug("No filter or entry just chain"); chain.doFilter(request, response); } } }
@Override public void initLater(FilterConfig filterConfig) throws ServletException { ServletContext servletContext = filterConfig.getServletContext(); this.context = RequestUtils.getArtifactoryContext(servletContext); ArtifactoryAuthenticationFilterChain filterChain = new ArtifactoryAuthenticationFilterChain(); // Add all the authentication filters // TODO: [by yl] Support ordering... filterChain.addFilters(context.beansForType(ArtifactoryAuthenticationFilter.class).values()); authFilter = filterChain; initCaches(filterConfig); authFilter.init(filterConfig); authInterceptors = new AnonymousAuthenticationInterceptors(); authInterceptors.addInterceptors( context.beansForType(AnonymousAuthenticationInterceptor.class).values()); }