diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index ec73a32f3f..e93996e9b5 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -383,6 +383,12 @@ Sets "path" attribute of the authentication cookie. + If not set, HTTP request's path is used. +[[auth.cookieDomain]]auth.cookieDomain:: ++ +Sets "domain" attribute of the authentication cookie. ++ +If not set, HTTP request's domain is used. + [[auth.cookieSecure]]auth.cookieSecure:: + Sets "secure" flag of the authentication cookie. If true, cookies diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java index a1cfec7cb8..3a3a33f871 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java @@ -17,6 +17,7 @@ package com.google.gerrit.httpd; import static java.util.concurrent.TimeUnit.HOURS; import com.google.gerrit.common.data.HostPageData; +import com.google.common.base.Strings; import com.google.gerrit.httpd.WebSessionManager.Key; import com.google.gerrit.httpd.WebSessionManager.Val; import com.google.gerrit.reviewdb.client.Account; @@ -202,9 +203,9 @@ public abstract class CacheBasedWebSession implements WebSession { } String path = authConfig.getCookiePath(); - if (path == null || path.isEmpty()) { + if (Strings.isNullOrEmpty(path)) { path = request.getContextPath(); - if (path == null || path.isEmpty()) { + if (Strings.isNullOrEmpty(path)) { path = "/"; } } @@ -214,6 +215,12 @@ public abstract class CacheBasedWebSession implements WebSession { } outCookie = new Cookie(ACCOUNT_COOKIE, token); + + String domain = authConfig.getCookieDomain(); + if (!Strings.isNullOrEmpty(domain)) { + outCookie.setDomain(domain); + } + outCookie.setSecure(isSecure(request)); outCookie.setPath(path); outCookie.setMaxAge(ageSeconds); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java index c3bd519630..f2fc94e948 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java @@ -58,6 +58,7 @@ public class AuthConfig { private final List trustedOpenIDs; private final List allowedOpenIDs; private final String cookiePath; + private final String cookieDomain; private final boolean cookieSecure; private final SignedToken emailReg; private final boolean allowRegisterNewEmail; @@ -84,6 +85,7 @@ public class AuthConfig { trustedOpenIDs = toPatterns(cfg, "trustedOpenID"); allowedOpenIDs = toPatterns(cfg, "allowedOpenID"); cookiePath = cfg.getString("auth", null, "cookiepath"); + cookieDomain = cfg.getString("auth", null, "cookiedomain"); cookieSecure = cfg.getBoolean("auth", "cookiesecure", false); trustContainerAuth = cfg.getBoolean("auth", "trustContainerAuth", false); enableRunAs = cfg.getBoolean("auth", null, "enableRunAs", true); @@ -179,6 +181,10 @@ public class AuthConfig { return cookiePath; } + public String getCookieDomain() { + return cookieDomain; + } + public boolean getCookieSecure() { return cookieSecure; }