Skip to content

Commit

Permalink
Updated RemoteUserConfluenceAuth to 1.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@AngusWarren
AngusWarren committed Sep 23, 2016
1 parent a938efc commit 799658d
Show file tree
Hide file tree
Showing 5 changed files with 70 additions and 33 deletions.
17 changes: 17 additions & 0 deletions RemoteUserConfluenceAuth/RemoteUserConfluenceAuth.properties
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
## This file can override some default behaviour if saved in
## WEB-INF/classes/RemoteUserConfluenceAuth.properties

## If you're passing the username in an HTTP header, set the name here in
## lowercase. Leave blank to use the special REMOTE_USER header.
#header=x-proxy-username
#header=
header=x-forward-name

## Use trustedhosts to specify specific hosts which are allowed to authenticate
## via HTTP headers. Leave blank to allow all hosts. It supports a comma
## separated list of IP addresses. It does not support subnets or ranges.
#trustedhosts=192.168.0.1,192.168.0.2
#trustedhosts=192.168.0.1
#trustedhosts=192.168.0.1,127.0.0.1
#trustedhosts=
trustedhosts=10.1.1.100,127.0.0.1
2 changes: 1 addition & 1 deletion RemoteUserConfluenceAuth/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>anguswarren.confluence</groupId>
<artifactId>RemoteUserConfluenceAuth</artifactId>
<version>1.1</version>
<version>1.2</version>

<organization>
<name>Angus Warren</name>
Expand Down
84 changes: 52 additions & 32 deletions RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2011 Angus Warren
* Copyright 2016 Angus Warren
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -17,52 +17,72 @@
package anguswarren.confluence;

import org.apache.log4j.Category;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Properties;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.atlassian.core.util.ClassLoaderUtils;
import com.atlassian.confluence.user.ConfluenceAuthenticator;

public class RemoteUserConfluenceAuth extends ConfluenceAuthenticator
{
public class RemoteUserConfluenceAuth extends ConfluenceAuthenticator {
private static final Category log = Category.getInstance(RemoteUserConfluenceAuth.class);

public Principal getUser(HttpServletRequest request, HttpServletResponse response)
{
public Principal getUser(HttpServletRequest request, HttpServletResponse response) {
Principal user = null;
try
{
if(request.getSession() != null && request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY) != null)
{
try {
if (request.getSession() != null && request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY) != null) {
log.debug("Session found; user already logged in");
user = (Principal) request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY);
String username = user.getName();
user = getUser(username);
}
else
{
log.debug("Trying RemoteUserConfluenceAuth SSO");
String remoteuser = request.getRemoteUser();
log.debug("remote_user set to: " + remoteuser);
if(remoteuser != null)
{
String[] username = remoteuser.split("@");
user = getUser(username[0]);
log.debug("Logging in with username: " + user);
request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY, user);
request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_OUT_KEY, null);
}
else
{
log.warn("remote_user is null");
return null;
} else {
Properties p = new Properties();
try {
InputStream iStream = ClassLoaderUtils.getResourceAsStream("RemoteUserConfluenceAuth.properties", this.getClass());
p.load(iStream);
} catch (Exception e) {
log.debug("Exception loading propertie. The properties file is optional anyway, so this may not be an issues: " + e, e);
}

String trustedhosts = p.getProperty("trustedhosts");
if (trustedhosts != null) {
String ipAddress = request.getRemoteAddr();
if (Arrays.asList(trustedhosts.split(",")).contains(ipAddress)) {
log.debug("IP found in trustedhosts.");
} else {
log.debug("IP not found in trustedhosts: " + ipAddress);
return null;
}
} else {
log.debug("trustedhosts not configured. If you're using http headers, this may be a security issue.");
}

String remoteuser = null;
String header = p.getProperty("header");
if (header == null) {
log.debug("Trying REMOTE_USER for SSO");
remoteuser = request.getRemoteUser();
} else {
log.debug("Trying HTTP header '" + header + "' for SSO");
remoteuser = request.getHeader(header);
}

if (remoteuser != null) {
String[] username = remoteuser.split("@");
user = getUser(username[0]);
log.debug("Logging in with username: " + user);
request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY, user);
request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_OUT_KEY, null);
} else {
log.debug("remote_user is null");
return null;
}
}
}
catch (Exception e)
{
log.warn("Exception: " + e, e);
} catch (Exception e) {
log.error("Exception: " + e, e);
}
return user;
}

}
Binary file added builds/RemoteUserConfluenceAuth-1.2.jar
View file
Binary file not shown.
Binary file added builds/RemoteUserConfluenceAuth-1.2.tar.gz
View file
Binary file not shown.

0 comments on commit 799658d

Please sign in to comment.