Add ability to set authentication cookie's domain

Change-Id: Ib74c95dd298f19df689c9843ee3144f387505865

Documentation/config-gerrit.txt

@@ -383,6 +383,12 @@ Sets "path" attribute of the authentication cookie.
 +
 If not set, HTTP request's path is used.
 
+[[auth.cookieDomain]]auth.cookieDomain::
++
+Sets "domain" attribute of the authentication cookie.
++
+If not set, HTTP request's domain is used.
+
 [[auth.cookieSecure]]auth.cookieSecure::
 +
 Sets "secure" flag of the authentication cookie.  If true, cookies

gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java

@@ -17,6 +17,7 @@ package com.google.gerrit.httpd;
 import static java.util.concurrent.TimeUnit.HOURS;
 
 import com.google.gerrit.common.data.HostPageData;
+import com.google.common.base.Strings;
 import com.google.gerrit.httpd.WebSessionManager.Key;
 import com.google.gerrit.httpd.WebSessionManager.Val;
 import com.google.gerrit.reviewdb.client.Account;
@@ -202,9 +203,9 @@ public abstract class CacheBasedWebSession implements WebSession {
     }
 
     String path = authConfig.getCookiePath();
-    if (path == null || path.isEmpty()) {
+    if (Strings.isNullOrEmpty(path)) {
       path = request.getContextPath();
-      if (path == null || path.isEmpty()) {
+      if (Strings.isNullOrEmpty(path)) {
         path = "/";
       }
     }
@@ -214,6 +215,12 @@ public abstract class CacheBasedWebSession implements WebSession {
     }
 
     outCookie = new Cookie(ACCOUNT_COOKIE, token);
+
+    String domain = authConfig.getCookieDomain();
+    if (!Strings.isNullOrEmpty(domain)) {
+      outCookie.setDomain(domain);
+    }
+
     outCookie.setSecure(isSecure(request));
     outCookie.setPath(path);
     outCookie.setMaxAge(ageSeconds);

gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java

@@ -58,6 +58,7 @@ public class AuthConfig {
   private final List<OpenIdProviderPattern> trustedOpenIDs;
   private final List<OpenIdProviderPattern> allowedOpenIDs;
   private final String cookiePath;
+  private final String cookieDomain;
   private final boolean cookieSecure;
   private final SignedToken emailReg;
   private final boolean allowRegisterNewEmail;
@@ -84,6 +85,7 @@ public class AuthConfig {
     trustedOpenIDs = toPatterns(cfg, "trustedOpenID");
     allowedOpenIDs = toPatterns(cfg, "allowedOpenID");
     cookiePath = cfg.getString("auth", null, "cookiepath");
+    cookieDomain = cfg.getString("auth", null, "cookiedomain");
     cookieSecure = cfg.getBoolean("auth", "cookiesecure", false);
     trustContainerAuth = cfg.getBoolean("auth", "trustContainerAuth", false);
     enableRunAs = cfg.getBoolean("auth", null, "enableRunAs", true);
@@ -179,6 +181,10 @@ public class AuthConfig {
     return cookiePath;
   }
 
+  public String getCookieDomain() {
+    return cookieDomain;
+  }
+
   public boolean getCookieSecure() {
     return cookieSecure;
   }