Google Git
Sign in
gerrit/gerrit/8e5c1c6e454d02b1a4bb61b700647ae6cc4ed94e^!/.
commit
8e5c1c6e454d02b1a4bb61b700647ae6cc4ed94e
[log] [tgz]
author
Luca Milanesio <luca.milanesio@gmail.com>
Fri Jan 10 14:07:43 2025 +0000
committer
Luca Milanesio <luca.milanesio@gmail.com>
Fri Jan 10 09:25:34 2025 -0800
tree
08fce8ccfaf9f4f6a3da75e0ca32f6b1cd5d49f4
parent
de7c8f26e246a86ea1067a64260ba7edb2548bc0 [diff]
Audit: fetch current user and sessionId at the beginning of the REST API

Before this change, the current user and sessionId for the audit
trail of the REST API were fetched at the end of the execution.

For regular REST API execution, there are no specific issues in fetching
user and sessionId at any time; however, when running the plugin-reload
API, the Guice injections can be amended and influenced by the plugin
loader, therefore the request to fetch the sessionId and user at the
end of the API may fail, assuming that the plugin has impacted
the HTTP-related injections.

An example of the failure to reload the pull-replicaton plugin is:

1) [Guice/ErrorInCustomProvider]: OutOfScopeException:
   Cannot access scoped [WebSession]. Either we are not currently inside
   an HTTP Servlet request, or you may have forgotten to apply
   GuiceFilter as a servlet filter for this request.

   at DynamicItem.bind(DynamicItem.java:111) while locating WebSession

Learn more:
  https://github.com/google/guice/wiki/ERROR_IN_CUSTOM_PROVIDER

Retrieve the user and sessionId at the beginning of the REST-API
servlet service method, making sure that the values are the same
across the whole API invocation.

Bug: Issue 388863156
Release-Notes: Fix OutOfScopeException when reloading plugins via REST-API
Change-Id: I8e61044e969bbad0267ddb63a5615936f64094cd

diff --git a/java/com/google/gerrit/httpd/restapi/RestApiServlet.java b/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
index b4acfc0..f1cbc26 100644
--- a/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
+++ b/java/com/google/gerrit/httpd/restapi/RestApiServlet.java

@@ -324,6 +324,8 @@
     Object inputRequestBody = null;
     RestResource rsrc = TopLevelResource.INSTANCE;
     ViewData viewData = null;
+    String sessionId = globals.webSession.get().getSessionId();
+    CurrentUser currentUser = globals.currentUser.get();
 
     try (TraceContext traceContext = enableTracing(req, res)) {
       String requestUri = requestUri(req);
@@ -759,8 +761,8 @@
             metric, System.nanoTime() - startNanos, TimeUnit.NANOSECONDS);
         globals.auditService.dispatch(
             new ExtendedHttpAuditEvent(
-                globals.webSession.get().getSessionId(),
-                globals.currentUser.get(),
+                sessionId,
+                currentUser,
                 req,
                 auditStartTs,
                 qp != null ? qp.params() : ImmutableListMultimap.of(),