From ff87bcb303327f2ac3600a1f92a336e3ca6cda53 Mon Sep 17 00:00:00 2001 From: David Ostrovsky Date: Tue, 28 Aug 2018 09:02:07 +0200 Subject: [PATCH 1/7] PolyGerrit: Correctly detect the ACL for SetReadyForReview endpoint In I55dd6400 the ACL for set ready endpoint was extended to the administrators group, but PolyGerrit UI was missed to be extended as well. The PG UI is still checking whether to render Start Review button for change owners only. In I4598a6fb97 the ACL was extended even further for the project owners, so that the check on the client side is fundamentally wrong. Instead, the availability of the button must be solely derived from actions list provided by the server. Bug: Issue 9642 Change-Id: I08c35a610affc0d6e27bec80a3591d3ab9ebb990 --- .../change/gr-change-view/gr-change-view.js | 8 +++--- .../gr-change-view/gr-change-view_test.html | 28 +++++++++++-------- 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view.js b/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view.js index 97f0fe99c1..001f32c84d 100644 --- a/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view.js +++ b/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view.js @@ -98,7 +98,7 @@ }, _canStartReview: { type: Boolean, - computed: '_computeCanStartReview(_loggedIn, _change, _account)', + computed: '_computeCanStartReview(_change)', }, _comments: Object, /** @type {?} */ @@ -1109,9 +1109,9 @@ ]); }, - _computeCanStartReview(loggedIn, change, account) { - return !!(loggedIn && change.work_in_progress && - change.owner._account_id === account._account_id); + _computeCanStartReview(change) { + return !!(change.actions && change.actions.ready && + change.actions.ready.enabled); }, _computeReplyDisabled() { return false; }, diff --git a/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view_test.html b/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view_test.html index 6b867567b1..b37fac53f3 100644 --- a/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view_test.html +++ b/polygerrit-ui/app/elements/change/gr-change-view/gr-change-view_test.html @@ -1087,18 +1087,24 @@ limitations under the License. }); test('canStartReview computation', () => { - const account1 = {_account_id: 1}; - const account2 = {_account_id: 2}; - const change = { - owner: {_account_id: 1}, + const change1 = {}; + const change2 = { + actions: { + ready: { + enabled: true, + }, + }, }; - assert.isFalse(element._computeCanStartReview(true, change, account1)); - change.work_in_progress = false; - assert.isFalse(element._computeCanStartReview(true, change, account1)); - change.work_in_progress = true; - assert.isTrue(element._computeCanStartReview(true, change, account1)); - assert.isFalse(element._computeCanStartReview(false, change, account1)); - assert.isFalse(element._computeCanStartReview(true, change, account2)); + const change3 = { + actions: { + ready: { + label: 'Ready for Review', + }, + }, + }; + assert.isFalse(element._computeCanStartReview(change1)); + assert.isTrue(element._computeCanStartReview(change2)); + assert.isFalse(element._computeCanStartReview(change3)); }); test('header class computation', () => { From 9932a888654ddb34d62d354ed3d0290fc973f4de Mon Sep 17 00:00:00 2001 From: Gert van Dijk Date: Wed, 29 Aug 2018 13:06:52 +0200 Subject: [PATCH 2/7] Update JGit dependencies to fix building from source Depends on [1] which harmonizes JGit's dependency names to align with the names used in Gerrit since change I1e75690fe. Without [2], the build will fail with errors like: "no such package '@commons_compress//jar'" Also move the 'hamcrest-library' dependency out of WORKSPACE into the jgit rules where it will be added conditionally. [1] https://git.eclipse.org/r/#/c/128354/ Change-Id: I33be13e7f36ec2bcacbb9eb0983c88c6f3082097 --- WORKSPACE | 7 ------- lib/jgit/jgit.bzl | 9 +++++++++ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index 1e53592aca..d7114be6bd 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -671,13 +671,6 @@ maven_jar( sha1 = "42a25dc3219429f0e5d060061f71acb49bf010a0", ) -# Only needed when jgit is built from the development tree -maven_jar( - name = "hamcrest-library", - artifact = "org.hamcrest:hamcrest-library:1.3", - sha1 = "4785a3c21320980282f9f33d0d1264a69040538f", -) - TRUTH_VERS = "0.32" maven_jar( diff --git a/lib/jgit/jgit.bzl b/lib/jgit/jgit.bzl index 3d536bb957..960b12b363 100644 --- a/lib/jgit/jgit.bzl +++ b/lib/jgit/jgit.bzl @@ -18,9 +18,18 @@ def jgit_repos(): name = "jgit", path = LOCAL_JGIT_REPO, ) + jgit_maven_repos_dev() else: jgit_maven_repos() +def jgit_maven_repos_dev(): + # Transitive dependencies from JGit's WORKSPACE. + maven_jar( + name = "hamcrest-library", + artifact = "org.hamcrest:hamcrest-library:1.3", + sha1 = "4785a3c21320980282f9f33d0d1264a69040538f", + ) + def jgit_maven_repos(): maven_jar( name = "jgit-lib", From ce98c50f38906c8516fdc66fe36593e339426dab Mon Sep 17 00:00:00 2001 From: David Pursehouse Date: Fri, 31 Aug 2018 10:15:26 +0900 Subject: [PATCH 3/7] Specify charset in constructors of InputStreamReader ErrorProne reports a warning [1] about implicit use of the platform default charset. [1] http://errorprone.info/bugpattern/DefaultCharset Change-Id: Id661781773ca175b52a17cf4d80c37fad17344a8 --- .../test/java/com/google/gerrit/acceptance/HttpResponse.java | 4 +++- .../com/google/gerrit/gpg/PushCertificateCheckerTest.java | 2 +- .../com/google/gerrit/server/mail/send/ValidatorTest.java | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/HttpResponse.java b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/HttpResponse.java index b62e932ed1..6c0379358e 100644 --- a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/HttpResponse.java +++ b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/HttpResponse.java @@ -14,6 +14,8 @@ package com.google.gerrit.acceptance; +import static java.nio.charset.StandardCharsets.UTF_8; + import com.google.common.base.Preconditions; import java.io.IOException; import java.io.InputStreamReader; @@ -34,7 +36,7 @@ public class HttpResponse { public Reader getReader() throws IllegalStateException, IOException { if (reader == null && response.getEntity() != null) { - reader = new InputStreamReader(response.getEntity().getContent()); + reader = new InputStreamReader(response.getEntity().getContent(), UTF_8); } return reader; } diff --git a/gerrit-gpg/src/test/java/com/google/gerrit/gpg/PushCertificateCheckerTest.java b/gerrit-gpg/src/test/java/com/google/gerrit/gpg/PushCertificateCheckerTest.java index 8b7900d948..3f5bc3cb0a 100644 --- a/gerrit-gpg/src/test/java/com/google/gerrit/gpg/PushCertificateCheckerTest.java +++ b/gerrit-gpg/src/test/java/com/google/gerrit/gpg/PushCertificateCheckerTest.java @@ -184,7 +184,7 @@ public class PushCertificateCheckerTest { } String cert = payload + new String(bout.toByteArray(), UTF_8); - Reader reader = new InputStreamReader(new ByteArrayInputStream(cert.getBytes(UTF_8))); + Reader reader = new InputStreamReader(new ByteArrayInputStream(cert.getBytes(UTF_8)), UTF_8); PushCertificateParser parser = new PushCertificateParser(repo, signedPushConfig); return parser.parse(reader); } diff --git a/gerrit-server/src/test/java/com/google/gerrit/server/mail/send/ValidatorTest.java b/gerrit-server/src/test/java/com/google/gerrit/server/mail/send/ValidatorTest.java index 8cf1097ccb..5fafcf7530 100644 --- a/gerrit-server/src/test/java/com/google/gerrit/server/mail/send/ValidatorTest.java +++ b/gerrit-server/src/test/java/com/google/gerrit/server/mail/send/ValidatorTest.java @@ -16,6 +16,7 @@ package com.google.gerrit.server.mail.send; import static com.google.common.truth.Truth.assertThat; import static com.google.common.truth.Truth.assert_; +import static java.nio.charset.StandardCharsets.UTF_8; import java.io.BufferedReader; import java.io.InputStream; @@ -36,7 +37,7 @@ public class ValidatorTest { if (in == null) { throw new Exception("TLD list not found"); } - BufferedReader r = new BufferedReader(new InputStreamReader(in)); + BufferedReader r = new BufferedReader(new InputStreamReader(in, UTF_8)); String tld; while ((tld = r.readLine()) != null) { if (tld.startsWith("# ") || tld.startsWith("XN--")) { From e898aeded6242deabe32e054a9698b7c37c203e2 Mon Sep 17 00:00:00 2001 From: David Pursehouse Date: Fri, 31 Aug 2018 10:17:41 +0900 Subject: [PATCH 4/7] SshSession: Specify charset in constructor of Scanner ErrorProne reports a warning [1] about implicit use of the platform default charset. [1] http://errorprone.info/bugpattern/DefaultCharset Change-Id: I8ed3f12ead13087c143a1235bef66de620b36ae6 --- .../test/java/com/google/gerrit/acceptance/SshSession.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/SshSession.java b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/SshSession.java index 227951f9cf..c433cadaa4 100644 --- a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/SshSession.java +++ b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/SshSession.java @@ -17,6 +17,7 @@ package com.google.gerrit.acceptance; import static com.google.common.base.Preconditions.checkState; import static com.google.common.truth.Truth.assertThat; import static com.google.common.truth.Truth.assert_; +import static java.nio.charset.StandardCharsets.UTF_8; import com.jcraft.jsch.ChannelExec; import com.jcraft.jsch.JSch; @@ -52,10 +53,10 @@ public class SshSession { InputStream err = channel.getErrStream(); channel.connect(); - Scanner s = new Scanner(err).useDelimiter("\\A"); + Scanner s = new Scanner(err, UTF_8.name()).useDelimiter("\\A"); error = s.hasNext() ? s.next() : null; - s = new Scanner(in).useDelimiter("\\A"); + s = new Scanner(in, UTF_8.name()).useDelimiter("\\A"); return s.hasNext() ? s.next() : ""; } finally { channel.disconnect(); From 625965f800a65a551e2adbd09af91775209ff8a5 Mon Sep 17 00:00:00 2001 From: Gerrit Code Review Date: Thu, 30 Aug 2018 11:31:35 -0700 Subject: [PATCH 5/7] InitSshd: Use correct flag to set empty passphrase From https://www.ssh.com/ssh/keygen/: -N "New" Provides a new passphrase for the key. -P "Passphrase" Provides the (old) passphrase when reading a key. PiperOrigin-RevId: 210948400 Change-Id: Iba3a674f81686987fef60f0fd5a5f42aa5b9dd86 --- .../src/main/java/com/google/gerrit/pgm/init/InitSshd.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitSshd.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitSshd.java index 0cad722382..d963cbb7ed 100644 --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitSshd.java +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitSshd.java @@ -104,7 +104,7 @@ class InitSshd implements InitStep { "-q" /* quiet */, "-t", "rsa", - "-P", + "-N", emptyPassphraseArg, "-C", comment, From b545f0cae553bf0381b5df85079c7e0e11113ad3 Mon Sep 17 00:00:00 2001 From: David Ostrovsky Date: Sat, 11 Aug 2018 10:40:26 +0200 Subject: [PATCH 6/7] Ensure user authentication in AllRequestFilter filters The current order of filters declaration make request authentication only work when HTTP request is issued from the Gerrit UI, but not work when REST API is used. In Daemon#createWebInjector() we have this: [...] modules.add(RequestContextFilter.module()); modules.add(AllRequestFilter.module()); modules.add(RequestMetricsFilter.module()); modules.add(H2CacheBasedWebSession.module()); modules.add(sysInjector.getInstance(GitOverHttpModule.class)); [...] The are two major use cases to consider: 1. Gerrit UI request: when authenticated user session is found and set in RequestContextFilter, before AllRequestFilter, that's why in AllRequestFilter we have a user: Account: 1000000 username: admin 2. REST API request, e.g.: curl --user user http://localhost:8080/a/config/server/version "2.14.7-9-g9ebfce95b7-dirty" Here the AllRequestFilter is bound before GitOverHttpModule, that provides ProjectBasicAuthFilter filter, and thus, there is no identified user: anonymous Adapt the AllRequestFilter registration order to fix authentication also for REST API requests. This is needed for Javamelody's monitoring filter to work properly for Prometheus scraping request: curl -u user http://localhost:8080/a/monitoring?format=prometheus There is more context and discussions in these CLs: https://gerrit-review.googlesource.com/c/plugins/javamelody/+/192411 https://gerrit-review.googlesource.com/c/plugins/javamelody/+/192170 https://gerrit-review.googlesource.com/c/gerrit/+/164991 Change-Id: I925e952474440cb612080dafd917a01dba8f3330 --- gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java | 2 +- .../main/java/com/google/gerrit/httpd/WebAppInitializer.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java index d6ae6e1c1d..b57dfc6b35 100644 --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java @@ -513,10 +513,10 @@ public class Daemon extends SiteProgram { modules.add(new ProjectQoSFilter.Module()); } modules.add(RequestContextFilter.module()); - modules.add(AllRequestFilter.module()); modules.add(RequestMetricsFilter.module()); modules.add(H2CacheBasedWebSession.module()); modules.add(sysInjector.getInstance(GitOverHttpModule.class)); + modules.add(AllRequestFilter.module()); modules.add(sysInjector.getInstance(WebModule.class)); modules.add(sysInjector.getInstance(RequireSslFilter.Module.class)); modules.add(new HttpPluginModule()); diff --git a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java index 8bc091a7b7..441f2b5ab5 100644 --- a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java +++ b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java @@ -401,9 +401,9 @@ public class WebAppInitializer extends GuiceServletContextListener implements Fi private Injector createWebInjector() { final List modules = new ArrayList<>(); modules.add(RequestContextFilter.module()); - modules.add(AllRequestFilter.module()); modules.add(RequestMetricsFilter.module()); modules.add(sysInjector.getInstance(GitOverHttpModule.class)); + modules.add(AllRequestFilter.module()); modules.add(sysInjector.getInstance(WebModule.class)); modules.add(sysInjector.getInstance(RequireSslFilter.Module.class)); if (sshInjector != null) { From b8695a315d52ac48148fd700e0fb26d609ca5fd5 Mon Sep 17 00:00:00 2001 From: David Ostrovsky Date: Fri, 31 Aug 2018 08:55:47 +0200 Subject: [PATCH 7/7] GitOverHttpModule: Bind REST auth filter in its own module GitOverHttpModule is binding both filters for git over HTTP and for REST requests. Extract filter definition for REST requests in its own module. Change-Id: If03e76c906bc3e0cac827b49f5f087cc859be4cd --- .../google/gerrit/httpd/GerritAuthModule.java | 55 +++++++++++++++++++ .../gerrit/httpd/GitOverHttpModule.java | 32 ++--------- .../java/com/google/gerrit/pgm/Daemon.java | 2 + .../gerrit/httpd/WebAppInitializer.java | 1 + 4 files changed, 63 insertions(+), 27 deletions(-) create mode 100644 gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritAuthModule.java diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritAuthModule.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritAuthModule.java new file mode 100644 index 0000000000..c0ef207194 --- /dev/null +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritAuthModule.java @@ -0,0 +1,55 @@ +// Copyright (C) 2018 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.httpd; + +import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_WO_AUTH_REGEX; + +import com.google.gerrit.extensions.client.GitBasicAuthPolicy; +import com.google.gerrit.server.config.AuthConfig; +import com.google.inject.Inject; +import com.google.inject.servlet.ServletModule; +import javax.servlet.Filter; + +/** Configures filter for authenticating REST requests. */ +public class GerritAuthModule extends ServletModule { + private static final String NOT_AUTHORIZED_LFS_URL_REGEX = "^(?:(?!/a/))" + LFS_URL_WO_AUTH_REGEX; + private final AuthConfig authConfig; + + @Inject + GerritAuthModule(AuthConfig authConfig) { + this.authConfig = authConfig; + } + + @Override + protected void configureServlets() { + Class authFilter = retreiveAuthFilterFromConfig(authConfig); + + filterRegex(NOT_AUTHORIZED_LFS_URL_REGEX).through(authFilter); + filter("/a/*").through(authFilter); + } + + static Class retreiveAuthFilterFromConfig(AuthConfig authConfig) { + Class authFilter; + if (authConfig.isTrustContainerAuth()) { + authFilter = ContainerAuthFilter.class; + } else { + authFilter = + authConfig.getGitBasicAuthPolicy() == GitBasicAuthPolicy.OAUTH + ? ProjectOAuthFilter.class + : ProjectBasicAuthFilter.class; + } + return authFilter; + } +} diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java index 3f3737d214..8400d60d4b 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GitOverHttpModule.java @@ -14,20 +14,16 @@ package com.google.gerrit.httpd; -import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_WO_AUTH_REGEX; +import static com.google.gerrit.httpd.GitOverHttpServlet.URL_REGEX; -import com.google.gerrit.extensions.client.GitBasicAuthPolicy; import com.google.gerrit.reviewdb.client.CoreDownloadSchemes; import com.google.gerrit.server.config.AuthConfig; import com.google.gerrit.server.config.DownloadConfig; import com.google.inject.Inject; import com.google.inject.servlet.ServletModule; -import javax.servlet.Filter; /** Configures Git access over HTTP with authentication. */ public class GitOverHttpModule extends ServletModule { - private static final String NOT_AUTHORIZED_LFS_URL_REGEX = "^(?:(?!/a/))" + LFS_URL_WO_AUTH_REGEX; - private final AuthConfig authConfig; private final DownloadConfig downloadConfig; @@ -39,28 +35,10 @@ public class GitOverHttpModule extends ServletModule { @Override protected void configureServlets() { - Class authFilter; - if (authConfig.isTrustContainerAuth()) { - authFilter = ContainerAuthFilter.class; - } else { - authFilter = - authConfig.getGitBasicAuthPolicy() == GitBasicAuthPolicy.OAUTH - ? ProjectOAuthFilter.class - : ProjectBasicAuthFilter.class; + if (downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.ANON_HTTP) + || downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.HTTP)) { + filterRegex(URL_REGEX).through(GerritAuthModule.retreiveAuthFilterFromConfig(authConfig)); + serveRegex(URL_REGEX).with(GitOverHttpServlet.class); } - - if (isHttpEnabled()) { - String git = GitOverHttpServlet.URL_REGEX; - filterRegex(git).through(authFilter); - serveRegex(git).with(GitOverHttpServlet.class); - } - - filterRegex(NOT_AUTHORIZED_LFS_URL_REGEX).through(authFilter); - filter("/a/*").through(authFilter); - } - - private boolean isHttpEnabled() { - return downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.ANON_HTTP) - || downloadConfig.getDownloadSchemes().contains(CoreDownloadSchemes.HTTP); } } diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java index b57dfc6b35..832751346c 100644 --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java @@ -24,6 +24,7 @@ import com.google.gerrit.elasticsearch.ElasticIndexModule; import com.google.gerrit.extensions.client.AuthType; import com.google.gerrit.gpg.GpgModule; import com.google.gerrit.httpd.AllRequestFilter; +import com.google.gerrit.httpd.GerritAuthModule; import com.google.gerrit.httpd.GetUserFilter; import com.google.gerrit.httpd.GitOverHttpModule; import com.google.gerrit.httpd.H2CacheBasedWebSession; @@ -515,6 +516,7 @@ public class Daemon extends SiteProgram { modules.add(RequestContextFilter.module()); modules.add(RequestMetricsFilter.module()); modules.add(H2CacheBasedWebSession.module()); + modules.add(sysInjector.getInstance(GerritAuthModule.class)); modules.add(sysInjector.getInstance(GitOverHttpModule.class)); modules.add(AllRequestFilter.module()); modules.add(sysInjector.getInstance(WebModule.class)); diff --git a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java index 441f2b5ab5..4815366cc7 100644 --- a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java +++ b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java @@ -402,6 +402,7 @@ public class WebAppInitializer extends GuiceServletContextListener implements Fi final List modules = new ArrayList<>(); modules.add(RequestContextFilter.module()); modules.add(RequestMetricsFilter.module()); + modules.add(sysInjector.getInstance(GerritAuthModule.class)); modules.add(sysInjector.getInstance(GitOverHttpModule.class)); modules.add(AllRequestFilter.module()); modules.add(sysInjector.getInstance(WebModule.class));