opendev/gerrit
Code Issues Proposed changes

Merge branch 'stable-2.7' into stable-2.8

Browse Source 
* stable-2.7:
  Make plugin servlet's context path authorization aware
This commit is contained in:
Shawn Pearce
2013-11-06 12:50:33 -08:00
parent 002c9cb5b2 a4b4ea27ed
commit 321a4adc1a
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java
View File

@@ -81,6 +81,8 @@ class HttpPluginServlet extends HttpServlet
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
private static final Logger log private static final Logger log
= LoggerFactory.getLogger(HttpPluginServlet.class); = LoggerFactory.getLogger(HttpPluginServlet.class);
private static final String PLUGINS_PREFIX = "/plugins/";
private static final String AUTHORIZED_PREFIX = "/a" + PLUGINS_PREFIX;
private final MimeUtilFileTypeRegistry mimeUtil; private final MimeUtilFileTypeRegistry mimeUtil;
private final Provider<String> webUrl; private final Provider<String> webUrl;
@@ -91,6 +93,7 @@ class HttpPluginServlet extends HttpServlet
private List<Plugin> pending = Lists.newArrayList(); private List<Plugin> pending = Lists.newArrayList();
private String base; private String base;
private String authorizedBase;
private final ConcurrentMap<String, PluginHolder> plugins private final ConcurrentMap<String, PluginHolder> plugins
= Maps.newConcurrentMap(); = Maps.newConcurrentMap();
@@ -129,7 +132,8 @@ class HttpPluginServlet extends HttpServlet
super.init(config); super.init(config);
String path = config.getServletContext().getContextPath(); String path = config.getServletContext().getContextPath();
base = Strings.nullToEmpty(path) + "/plugins/"; base = Strings.nullToEmpty(path) + PLUGINS_PREFIX;
authorizedBase = Strings.nullToEmpty(path) + AUTHORIZED_PREFIX;
for (Plugin plugin : pending) { for (Plugin plugin : pending) {
install(plugin); install(plugin);
} }
@@ -213,7 +217,8 @@ class HttpPluginServlet extends HttpServlet
return; return;
} }
WrappedRequest wr = new WrappedRequest(req, base + name); WrappedRequest wr = new WrappedRequest(req,
(isAuthorizedCall(req) ? authorizedBase : base) + name);
FilterChain chain = new FilterChain() { FilterChain chain = new FilterChain() {
@Override @Override
public void doFilter(ServletRequest req, ServletResponse res) public void doFilter(ServletRequest req, ServletResponse res)
@@ -228,6 +233,11 @@ class HttpPluginServlet extends HttpServlet
} }
} }
private boolean isAuthorizedCall(HttpServletRequest req) {
return !Strings.isNullOrEmpty(req.getServletPath())
&& req.getServletPath().startsWith(AUTHORIZED_PREFIX);
}
private static boolean isApiCall(HttpServletRequest req, List<String> parts) { private static boolean isApiCall(HttpServletRequest req, List<String> parts) {
String method = req.getMethod(); String method = req.getMethod();
int cnt = parts.size(); int cnt = parts.size();