opendev/gerrit
Code Issues Proposed changes

Enable specific AccessPaths based on authentication

Browse Source 
If the authentication method permits an AccessPath, add it to the
WebSession as a permitted path. Downstream from authentication a
CurrentUser can change its access path based on the entry point of
the request, allowing RefControl to make decisions around this as
expected, without running into the race condition of making user
before the real access method can be determined.

This allows authentication systems to decide on their own if the
REST_API was sufficiently protected from a potentially evil script.

Change-Id: Iefbe6745421f5f438bc06e2e4578a7207718b9a5
This commit is contained in:
Shawn O. Pearce
2012-11-14 10:55:26 -08:00
parent f7d96cbb03
commit 0185d428db
18 changed files with 107 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gerrit-server/src/main/java/com/google/gerrit/server/PeerDaemonUser.java
View File

@@ -40,7 +40,7 @@ public class PeerDaemonUser extends CurrentUser {
@Inject
protected PeerDaemonUser(CapabilityControl.Factory capabilityControlFactory,
@Assisted SocketAddress peer) {
super(capabilityControlFactory, AccessPath.SSH_COMMAND);
super(capabilityControlFactory);
this.peer = peer;
}