Merge changes Iba3a674f,I8ed3f12e,Id6617817 into stable-2.14
* changes:
InitSshd: Use correct flag to set empty passphrase
SshSession: Specify charset in constructor of Scanner
Specify charset in constructors of InputStreamReader
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritAuthModule.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritAuthModule.java
new file mode 100644
index 0000000..c0ef207
--- /dev/null
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritAuthModule.java
@@ -0,0 +1,55 @@
+// Copyright (C) 2018 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.httpd;
+
+import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_WO_AUTH_REGEX;
+
+import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
+import com.google.gerrit.server.config.AuthConfig;
+import com.google.inject.Inject;
+import com.google.inject.servlet.ServletModule;
+import javax.servlet.Filter;
+
+/** Configures filter for authenticating REST requests. */
+public class GerritAuthModule extends ServletModule {
+ private static final String NOT_AUTHORIZED_LFS_URL_REGEX = "^(?:(?!/a/))" + LFS_URL_WO_AUTH_REGEX;
+ private final AuthConfig authConfig;
+
+ @Inject
+ GerritAuthModule(AuthConfig authConfig) {
+ this.authConfig = authConfig;
+ }
+
+ @Override
+ protected void configureServlets() {
+ Class<? extends Filter> authFilter = retreiveAuthFilterFromConfig(authConfig);
+
+ filterRegex(NOT_AUTHORIZED_LFS_URL_REGEX).through(authFilter);
+ filter("/a/*").through(authFilter);
+ }
+
+ static Class<? extends Filter> retreiveAuthFilterFromConfig(AuthConfig authConfig) {
+ Class<? extends Filter> authFilter;
+ if (authConfig.isTrustContainerAuth()) {
+ authFilter = ContainerAuthFilter.class;
+ } else {
+ authFilter =
+ authConfig.getGitBasicAuthPolicy() == GitBasicAuthPolicy.OAUTH
+ ? ProjectOAuthFilter.class
+ : ProjectBasicAuthFilter.class;
+ }
+ return authFilter;
+ }
+}
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java
index 3f3737d..8400d60 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java
@@ -14,20 +14,16 @@
package com.google.gerrit.httpd;
-import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_WO_AUTH_REGEX;
+import static com.google.gerrit.httpd.GitOverHttpServlet.URL_REGEX;
-import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
import com.google.gerrit.reviewdb.client.CoreDownloadSchemes;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.DownloadConfig;
import com.google.inject.Inject;
import com.google.inject.servlet.ServletModule;
-import javax.servlet.Filter;
/** Configures Git access over HTTP with authentication. */
public class GitOverHttpModule extends ServletModule {
- private static final String NOT_AUTHORIZED_LFS_URL_REGEX = "^(?:(?!/a/))" + LFS_URL_WO_AUTH_REGEX;
-
private final AuthConfig authConfig;
private final DownloadConfig downloadConfig;
@@ -39,28 +35,10 @@
@Override
protected void configureServlets() {
- Class<? extends Filter> authFilter;
- if (authConfig.isTrustContainerAuth()) {
- authFilter = ContainerAuthFilter.class;
- } else {
- authFilter =
- authConfig.getGitBasicAuthPolicy() == GitBasicAuthPolicy.OAUTH
- ? ProjectOAuthFilter.class
- : ProjectBasicAuthFilter.class;
+ if (downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.ANON_HTTP)
+ || downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.HTTP)) {
+ filterRegex(URL_REGEX).through(GerritAuthModule.retreiveAuthFilterFromConfig(authConfig));
+ serveRegex(URL_REGEX).with(GitOverHttpServlet.class);
}
-
- if (isHttpEnabled()) {
- String git = GitOverHttpServlet.URL_REGEX;
- filterRegex(git).through(authFilter);
- serveRegex(git).with(GitOverHttpServlet.class);
- }
-
- filterRegex(NOT_AUTHORIZED_LFS_URL_REGEX).through(authFilter);
- filter("/a/*").through(authFilter);
- }
-
- private boolean isHttpEnabled() {
- return downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.ANON_HTTP)
- || downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.HTTP);
}
}
diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
index d6ae6e1..8327513 100644
--- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
+++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
@@ -24,6 +24,7 @@
import com.google.gerrit.extensions.client.AuthType;
import com.google.gerrit.gpg.GpgModule;
import com.google.gerrit.httpd.AllRequestFilter;
+import com.google.gerrit.httpd.GerritAuthModule;
import com.google.gerrit.httpd.GetUserFilter;
import com.google.gerrit.httpd.GitOverHttpModule;
import com.google.gerrit.httpd.H2CacheBasedWebSession;
@@ -513,10 +514,11 @@
modules.add(new ProjectQoSFilter.Module());
}
modules.add(RequestContextFilter.module());
- modules.add(AllRequestFilter.module());
modules.add(RequestMetricsFilter.module());
modules.add(H2CacheBasedWebSession.module());
+ modules.add(sysInjector.getInstance(GerritAuthModule.class));
modules.add(sysInjector.getInstance(GitOverHttpModule.class));
+ modules.add(AllRequestFilter.module());
modules.add(sysInjector.getInstance(WebModule.class));
modules.add(sysInjector.getInstance(RequireSslFilter.Module.class));
modules.add(new HttpPluginModule());
diff --git a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
index 8bc091a..4815366 100644
--- a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
+++ b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
@@ -401,9 +401,10 @@
private Injector createWebInjector() {
final List<Module> modules = new ArrayList<>();
modules.add(RequestContextFilter.module());
- modules.add(AllRequestFilter.module());
modules.add(RequestMetricsFilter.module());
+ modules.add(sysInjector.getInstance(GerritAuthModule.class));
modules.add(sysInjector.getInstance(GitOverHttpModule.class));
+ modules.add(AllRequestFilter.module());
modules.add(sysInjector.getInstance(WebModule.class));
modules.add(sysInjector.getInstance(RequireSslFilter.Module.class));
if (sshInjector != null) {
