Move auth-headers set creation out of the SamlWebFilter
Define an annotated binding in the Module that provides injection of the
@AuthHeaders Set<String>.
Change-Id: I928a793479b4c65265f911f84b3bdea8b2d9694f
diff --git a/src/main/java/com/googlesource/gerrit/plugins/saml/AuthHeaders.java b/src/main/java/com/googlesource/gerrit/plugins/saml/AuthHeaders.java
new file mode 100644
index 0000000..e4e6848
--- /dev/null
+++ b/src/main/java/com/googlesource/gerrit/plugins/saml/AuthHeaders.java
@@ -0,0 +1,24 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.saml;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import com.google.inject.BindingAnnotation;
+import java.lang.annotation.Retention;
+
+@Retention(RUNTIME)
+@BindingAnnotation
+public @interface AuthHeaders {}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/saml/Module.java b/src/main/java/com/googlesource/gerrit/plugins/saml/Module.java
index 4e43958..f39daad 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/saml/Module.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/saml/Module.java
@@ -14,7 +14,14 @@
package com.googlesource.gerrit.plugins.saml;
+import com.google.common.collect.Sets;
+import com.google.gerrit.server.config.AuthConfig;
import com.google.inject.AbstractModule;
+import com.google.inject.Provides;
+import com.google.inject.ProvisionException;
+import com.google.inject.Singleton;
+import java.util.HashSet;
+import java.util.Set;
import org.pac4j.saml.client.SAML2Client;
public class Module extends AbstractModule {
@@ -22,4 +29,27 @@
protected void configure() {
bind(SAML2Client.class).toProvider(SamlClientProvider.class);
}
+
+ @Provides
+ @Singleton
+ @AuthHeaders
+ public Set<String> getAuthHeaders(AuthConfig auth) {
+ HashSet<String> authHeaders =
+ Sets.newHashSet(
+ auth.getLoginHttpHeader().toUpperCase(),
+ auth.getHttpEmailHeader().toUpperCase(),
+ auth.getHttpExternalIdHeader().toUpperCase());
+
+ if (authHeaders.contains("") || authHeaders.contains(null)) {
+ throw new ProvisionException("All authentication headers must be set.");
+ }
+
+ if (authHeaders.size() != 3) {
+ throw new ProvisionException(
+ "Unique values for httpUserNameHeader, "
+ + "httpEmailHeader and httpExternalIdHeader are required.");
+ }
+
+ return authHeaders;
+ }
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
index ecc1de5..aca8a40 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
@@ -16,7 +16,6 @@
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Iterators;
-import com.google.common.collect.Sets;
import com.google.gerrit.entities.Account;
import com.google.gerrit.extensions.api.GerritApi;
import com.google.gerrit.extensions.api.accounts.Accounts;
@@ -35,6 +34,7 @@
import java.util.List;
import java.util.Locale;
import java.util.Objects;
+import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -69,7 +69,7 @@
private final SAML2Client saml2Client;
private final SamlConfig samlConfig;
private final AuthConfig auth;
- private final HashSet<String> authHeaders;
+ private final Set<String> authHeaders;
private final SamlMembership samlMembership;
private final GerritApi gApi;
private final Accounts accounts;
@@ -80,6 +80,7 @@
AuthConfig auth,
SamlConfig samlConfig,
SamlMembership samlMembership,
+ @AuthHeaders Set<String> authHeaders,
GerritApi gApi,
Accounts accounts,
SAML2Client saml2Client,
@@ -89,21 +90,7 @@
this.samlMembership = samlMembership;
log.debug("Max Authentication Lifetime: " + samlConfig.getMaxAuthLifetimeAttr());
this.saml2Client = saml2Client;
-
- this.authHeaders =
- Sets.newHashSet(
- auth.getLoginHttpHeader().toUpperCase(),
- auth.getHttpEmailHeader().toUpperCase(),
- auth.getHttpExternalIdHeader().toUpperCase());
- if (authHeaders.contains("") || authHeaders.contains(null)) {
- throw new RuntimeException("All authentication headers must be set.");
- }
- if (authHeaders.size() != 3) {
- throw new RuntimeException(
- "Unique values for httpUserNameHeader, "
- + "httpEmailHeader and httpExternalIdHeader are required.");
- }
-
+ this.authHeaders = authHeaders;
this.gApi = gApi;
this.accounts = accounts;
this.oneOffRequestContext = oneOffRequestContext;
diff --git a/src/test/java/com/googlesource/gerrit/plugins/saml/SamlWebFilterIT.java b/src/test/java/com/googlesource/gerrit/plugins/saml/SamlWebFilterIT.java
index 9ef428d..9442c3a 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/saml/SamlWebFilterIT.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/saml/SamlWebFilterIT.java
@@ -26,6 +26,7 @@
import com.google.gerrit.testing.ConfigSuite;
import com.google.gerrit.util.http.testutil.FakeHttpServletRequest;
import com.google.gerrit.util.http.testutil.FakeHttpServletResponse;
+import com.google.inject.Module;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
@@ -79,6 +80,11 @@
assertThat(account.name).isEqualTo(samlDisplayName);
}
+ @Override
+ public Module createModule() {
+ return new com.googlesource.gerrit.plugins.saml.Module();
+ }
+
private static class FakeHttpServletRequestWithSession extends FakeHttpServletRequest {
HttpSession session;
