Google Git
Sign in
gerrit/gerrit/a716d228d4a25e3952663a9dcc4bb2c2851f6cb4^!/.
commit
a716d228d4a25e3952663a9dcc4bb2c2851f6cb4
[log]
author
Jacek Centkowski <geminica.programs@gmail.com>
Thu Oct 24 03:22:41 2013 -0700
committer
Jacek Centkowski <geminica.programs@gmail.com>
Wed Nov 06 00:51:09 2013 -0800
tree
35a4940766f678cd1b50c1fc330329f7a6ce23c1
parent
dd1ef1d11440650123a1783339cde5d8fdd267e6 [diff]
Make plugin servlet's context path authorization aware

When authorized call is performed to plugin servlet its context
contains authorization prefix. Therefore request URI can be matched with
servlet's path and as a result properly handled.

Change-Id: I6b5efc8dfdd3dda85ba8cf1a86a127b19ab9ea6d
Signed-off-by: Jacek Centkowski <geminica.programs@gmail.com>

diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java
index 549c239..d3693a5 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java

@@ -78,6 +78,8 @@
   private static final long serialVersionUID = 1L;
   private static final Logger log
       = LoggerFactory.getLogger(HttpPluginServlet.class);
+  private static final String PLUGINS_PREFIX = "/plugins/";
+  private static final String AUTHORIZED_PREFIX = "/a" + PLUGINS_PREFIX;
 
   private final MimeUtilFileTypeRegistry mimeUtil;
   private final Provider<String> webUrl;
@@ -88,6 +90,7 @@
 
   private List<Plugin> pending = Lists.newArrayList();
   private String base;
+  private String authorizedBase;
   private final ConcurrentMap<String, PluginHolder> plugins
       = Maps.newConcurrentMap();
 
@@ -126,7 +129,8 @@
     super.init(config);
 
     String path = config.getServletContext().getContextPath();
-    base = Strings.nullToEmpty(path) + "/plugins/";
+    base = Strings.nullToEmpty(path) + PLUGINS_PREFIX;
+    authorizedBase = Strings.nullToEmpty(path) + AUTHORIZED_PREFIX;
     for (Plugin plugin : pending) {
       install(plugin);
     }
@@ -210,7 +214,8 @@
       return;
     }
 
-    WrappedRequest wr = new WrappedRequest(req, base + name);
+    WrappedRequest wr = new WrappedRequest(req,
+        (isAuthorizedCall(req) ? authorizedBase : base) + name);
     FilterChain chain = new FilterChain() {
       @Override
       public void doFilter(ServletRequest req, ServletResponse res)
@@ -225,6 +230,11 @@
     }
   }
 
+  private boolean isAuthorizedCall(HttpServletRequest req) {
+    return !Strings.isNullOrEmpty(req.getServletPath())
+        && req.getServletPath().startsWith(AUTHORIZED_PREFIX);
+  }
+
   private static boolean isApiCall(HttpServletRequest req, List<String> parts) {
     String method = req.getMethod();
     int cnt = parts.size();