Merge "Make plugin servlet's context path authorization aware" into stable-2.6
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java
index 549c239..d3693a5 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java
@@ -78,6 +78,8 @@
private static final long serialVersionUID = 1L;
private static final Logger log
= LoggerFactory.getLogger(HttpPluginServlet.class);
+ private static final String PLUGINS_PREFIX = "/plugins/";
+ private static final String AUTHORIZED_PREFIX = "/a" + PLUGINS_PREFIX;
private final MimeUtilFileTypeRegistry mimeUtil;
private final Provider<String> webUrl;
@@ -88,6 +90,7 @@
private List<Plugin> pending = Lists.newArrayList();
private String base;
+ private String authorizedBase;
private final ConcurrentMap<String, PluginHolder> plugins
= Maps.newConcurrentMap();
@@ -126,7 +129,8 @@
super.init(config);
String path = config.getServletContext().getContextPath();
- base = Strings.nullToEmpty(path) + "/plugins/";
+ base = Strings.nullToEmpty(path) + PLUGINS_PREFIX;
+ authorizedBase = Strings.nullToEmpty(path) + AUTHORIZED_PREFIX;
for (Plugin plugin : pending) {
install(plugin);
}
@@ -210,7 +214,8 @@
return;
}
- WrappedRequest wr = new WrappedRequest(req, base + name);
+ WrappedRequest wr = new WrappedRequest(req,
+ (isAuthorizedCall(req) ? authorizedBase : base) + name);
FilterChain chain = new FilterChain() {
@Override
public void doFilter(ServletRequest req, ServletResponse res)
@@ -225,6 +230,11 @@
}
}
+ private boolean isAuthorizedCall(HttpServletRequest req) {
+ return !Strings.isNullOrEmpty(req.getServletPath())
+ && req.getServletPath().startsWith(AUTHORIZED_PREFIX);
+ }
+
private static boolean isApiCall(HttpServletRequest req, List<String> parts) {
String method = req.getMethod();
int cnt = parts.size();
