public boolean securityEnabled() { return securityService.isSecurityEnabled(); }
public boolean isUserAdmin(Username username) { if (!isSecurityEnabled()) { return true; } return goConfigService.isUserAdmin(username); }
private Set<GrantedAuthority> authoritiesForAnonymousUser() { if (securityService.isSecurityEnabled()) { return anonymousOnlyAuthority(); } else { return ALL_AUTHORITIES; } }
@Override public void handle(HttpServletRequest request, HttpServletResponse response, int statusCode, String errorMessage) throws IOException { if (SessionUtils.isAnonymousAuthenticationToken(request) && securityService.isSecurityEnabled()) { response.sendRedirect("/go/auth/login"); } else { response.sendError(statusCode, "You are not authorized to access this resource!"); } } }
public void checkUserAnd403(Request req, Response res) { if (!securityService.isSecurityEnabled()) { return; } checkNonAnonymousUser(req, res); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (!securityService.isSecurityEnabled()) { LOGGER.debug("Skipping filter, security is disabled."); filterChain.doFilter(request, response); return; } final AuthenticationToken<?> authenticationToken = SessionUtils.getAuthenticationToken(request); if (authenticationToken == null || authenticationToken.isAuthenticated(clock, systemEnvironment)) { LOGGER.debug("Continuing chain because authentication token is authenticated or null."); filterChain.doFilter(request, response); } else { performReauthentication(request, response, filterChain); } }
private boolean securityIsDisabledOrAlreadyLoggedIn(HttpServletRequest request) { return !securityService.isSecurityEnabled() || (!isAnonymousAuthenticationToken(request) && SessionUtils.isAuthenticated(request, clock, systemEnvironment)); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (!securityService.isSecurityEnabled()) { LOGGER.debug("Security is disabled."); authenticateAsAnonymous(request); } else if (SessionUtils.hasAuthenticationToken(request)) { LOGGER.debug("Already authenticated request."); } else { LOGGER.debug("Security is enabled."); authenticateAsAnonymous(request); } LOGGER.debug("User authenticated as anonymous user {}", SessionUtils.getAuthenticationToken(request)); filterChain.doFilter(request, response); }
@Override public void handle(HttpServletRequest request, HttpServletResponse response, int statusCode, String errorMessage) throws IOException { if (!isAjaxRequest(request)) { if (securityService.isSecurityEnabled()) { response.addHeader("WWW-Authenticate", "Basic realm=\"GoCD\""); } } response.setStatus(statusCode); final ContentTypeAwareResponse contentTypeAwareResponse = CONTENT_TYPE_NEGOTIATION_MESSAGE_HANDLER.getResponse(request); response.setCharacterEncoding("utf-8"); response.setContentType(contentTypeAwareResponse.getContentType().toString()); response.getOutputStream().print(contentTypeAwareResponse.getFormattedMessage(errorMessage)); }
public void checkPipelineCreationAuthorizationAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } JsonElement group = new JsonParser().parse(request.body()).getAsJsonObject().get("group"); if (group == null) { throw new UnprocessableEntityException("Pipeline group must be specified for creating a pipeline."); } else { String groupName = group.getAsString(); if (StringUtils.isNotBlank(groupName) && !securityService.isUserAdminOfGroup(currentUsername(), groupName)) { throw renderForbiddenResponse(); } } }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { try { if (isPreviouslyAuthenticated(request)) { LOGGER.debug("Request is already authenticated."); filterChain.doFilter(request, response); return; } final UsernamePassword usernamePassword = BasicAuthHeaderExtractor.extractBasicAuthenticationCredentials(request.getHeader("Authorization")); if (usernamePassword != null) { LOGGER.debug("[Basic Authentication] Authorization header found for user '{}'", usernamePassword.getUsername()); } if (securityService.isSecurityEnabled()) { LOGGER.debug("Security is enabled."); filterWhenSecurityEnabled(request, response, filterChain, usernamePassword); } else { LOGGER.debug("Security is disabled."); filterWhenSecurityDisabled(request, response, filterChain, usernamePassword); } } catch (AuthenticationException e) { onAuthenticationFailure(request, response, e.getMessage()); } }
public void checkPipelineViewPermissionsAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled()) { return; } CaseInsensitiveString pipelineName = getPipelineNameFromRequest(request); if (!hasViewPermissionWorkaroundForNonExistantPipelineBug_4477(pipelineName, currentUsername())) { throw renderForbiddenResponse(); } }
public void checkAdminUserOrGroupAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled()) { return; } if (!(securityService.isUserAdmin(currentUsername()) || securityService.isUserGroupAdmin(currentUsername()))) { throw renderForbiddenResponse(); } }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (!securityService.isSecurityEnabled()) { LOGGER.debug("Not checking if user is enabled since security is disabled."); filterChain.doFilter(request, response); return; } final User user = getUser(request); if (persisted(user) && notInSession(request)) { SessionUtils.setUserId(request, user.getId()); } if (user.isEnabled()) { filterChain.doFilter(request, response); } else { SessionUtils.recreateSessionWithoutCopyingOverSessionState(request); handleFailure(request, response, "Your account has been disabled by the administrator"); } }
public void checkViewAccessToTemplateAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String templateName = request.params("template_name"); if (StringUtils.isNotBlank(templateName) && !securityService.isAuthorizedToViewTemplate(new CaseInsensitiveString(templateName), currentUsername())) { throw renderForbiddenResponse(); } if (StringUtils.isBlank(templateName) && !securityService.isAuthorizedToViewTemplates(currentUsername())) { throw renderForbiddenResponse(); } }
public void checkPipelineGroupAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String groupName = findPipelineGroupName(request); if (!securityService.isUserAdminOfGroup(currentUsername(), groupName)) { throw renderForbiddenResponse(); } }
public void checkAdminOrTemplateAdminAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String templateName = request.params("template_name"); if (StringUtils.isNotBlank(templateName) && !securityService.isAuthorizedToEditTemplate(new CaseInsensitiveString(templateName), currentUsername())) { throw renderForbiddenResponse(); } if (StringUtils.isBlank(templateName) && !securityService.isAuthorizedToViewAndEditTemplates(currentUsername())) { throw renderForbiddenResponse(); } }
public void checkPipelineGroupOperateUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String groupName = findPipelineGroupName(request); if (!securityService.hasOperatePermissionForGroup(currentUserLoginName(), groupName)) { throw renderForbiddenResponse(); } }
public void checkAnyAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled()) { return; } if (!(securityService.isUserAdmin(currentUsername()) || securityService.isUserGroupAdmin(currentUsername()) || securityService.isAuthorizedToViewAndEditTemplates(currentUsername()))) { throw renderForbiddenResponse(); } }