opendev/gerrit
Code Issues Proposed changes

Merge branch 'stable-2.7' into stable-2.8

Browse Source 
* stable-2.7:
  Make plugin servlet's context path authorization aware
This commit is contained in:
Shawn Pearce
2013-11-06 12:50:33 -08:00
parent 002c9cb5b2 a4b4ea27ed
commit 321a4adc1a
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java
View File

@@ -81,6 +81,8 @@ class HttpPluginServlet extends HttpServlet
private static final long serialVersionUID = 1L;
private static final Logger log
= LoggerFactory.getLogger(HttpPluginServlet.class);
private static final String PLUGINS_PREFIX = "/plugins/";
private static final String AUTHORIZED_PREFIX = "/a" + PLUGINS_PREFIX;
private final MimeUtilFileTypeRegistry mimeUtil;
private final Provider<String> webUrl;
@@ -91,6 +93,7 @@ class HttpPluginServlet extends HttpServlet
private List<Plugin> pending = Lists.newArrayList();
private String base;
private String authorizedBase;
private final ConcurrentMap<String, PluginHolder> plugins
= Maps.newConcurrentMap();
@@ -129,7 +132,8 @@ class HttpPluginServlet extends HttpServlet
super.init(config);
String path = config.getServletContext().getContextPath();
base = Strings.nullToEmpty(path) + "/plugins/";
base = Strings.nullToEmpty(path) + PLUGINS_PREFIX;
authorizedBase = Strings.nullToEmpty(path) + AUTHORIZED_PREFIX;
for (Plugin plugin : pending) {
install(plugin);
}
@@ -213,7 +217,8 @@ class HttpPluginServlet extends HttpServlet
return;
}
WrappedRequest wr = new WrappedRequest(req, base + name);
WrappedRequest wr = new WrappedRequest(req,
(isAuthorizedCall(req) ? authorizedBase : base) + name);
FilterChain chain = new FilterChain() {
@Override
public void doFilter(ServletRequest req, ServletResponse res)
@@ -228,6 +233,11 @@ class HttpPluginServlet extends HttpServlet
}
}
private boolean isAuthorizedCall(HttpServletRequest req) {
return !Strings.isNullOrEmpty(req.getServletPath())
&& req.getServletPath().startsWith(AUTHORIZED_PREFIX);
}
private static boolean isApiCall(HttpServletRequest req, List<String> parts) {
String method = req.getMethod();
int cnt = parts.size();