Only load the OpenID servlets if we are using OpenID authentication
If the application was configured for HTTP authentication then we don't want the OpenID related servlets installed in the container, and we don't want to create the OpenID cache. These things can now be bypassed by controlling which modules we load. Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
@@ -17,6 +17,7 @@ package com.google.gerrit.server.http;
|
||||
import static com.google.inject.Stage.PRODUCTION;
|
||||
|
||||
import com.google.gerrit.client.reviewdb.Account;
|
||||
import com.google.gerrit.client.reviewdb.SystemConfig.LoginType;
|
||||
import com.google.gerrit.client.rpc.Common;
|
||||
import com.google.gerrit.client.rpc.Common.CurrentAccountImpl;
|
||||
import com.google.gerrit.git.PushAllProjectsOp;
|
||||
@@ -24,9 +25,11 @@ import com.google.gerrit.git.ReloadSubmitQueueOp;
|
||||
import com.google.gerrit.git.WorkQueue;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.gerrit.server.config.CanonicalWebUrlProvider;
|
||||
import com.google.gerrit.server.config.DatabaseModule;
|
||||
import com.google.gerrit.server.config.GerritServerModule;
|
||||
import com.google.gerrit.server.openid.OpenIdModule;
|
||||
import com.google.gerrit.server.ssh.SshDaemon;
|
||||
import com.google.gerrit.server.ssh.SshDaemonModule;
|
||||
import com.google.gerrit.server.ssh.SshInfo;
|
||||
@@ -34,10 +37,12 @@ import com.google.inject.ConfigurationException;
|
||||
import com.google.inject.CreationException;
|
||||
import com.google.inject.Guice;
|
||||
import com.google.inject.Injector;
|
||||
import com.google.inject.Module;
|
||||
import com.google.inject.OutOfScopeException;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.ProvisionException;
|
||||
import com.google.inject.servlet.GuiceServletContextListener;
|
||||
import com.google.inject.servlet.ServletModule;
|
||||
import com.google.inject.spi.Message;
|
||||
|
||||
import net.sf.ehcache.CacheManager;
|
||||
@@ -46,7 +51,9 @@ import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import javax.servlet.ServletContextEvent;
|
||||
@@ -87,10 +94,8 @@ public class GerritServletConfig extends GuiceServletContextListener {
|
||||
}
|
||||
|
||||
sysInjector = dbInjector.createChildInjector(new GerritServerModule());
|
||||
sshInjector = sysInjector.createChildInjector(new SshDaemonModule());
|
||||
webInjector =
|
||||
sysInjector.createChildInjector(new WebModule(sshInjector
|
||||
.getProvider(SshInfo.class)));
|
||||
sshInjector = createSshInjector();
|
||||
webInjector = createWebInjector();
|
||||
|
||||
// Push the Provider<HttpServletRequest> down into the canonical
|
||||
// URL provider. Its optional for that provider, but since we can
|
||||
@@ -107,6 +112,31 @@ public class GerritServletConfig extends GuiceServletContextListener {
|
||||
}
|
||||
}
|
||||
|
||||
private Injector createSshInjector() {
|
||||
return sysInjector.createChildInjector(new SshDaemonModule());
|
||||
}
|
||||
|
||||
private Injector createWebInjector() {
|
||||
final Provider<SshInfo> sshInfo = sshInjector.getProvider(SshInfo.class);
|
||||
final AuthConfig auth = sysInjector.getInstance(AuthConfig.class);
|
||||
|
||||
final List<Module> modules = new ArrayList<Module>();
|
||||
modules.add(new WebModule(sshInfo));
|
||||
|
||||
if (BecomeAnyAccountLoginServlet.isAllowed()) {
|
||||
modules.add(new ServletModule() {
|
||||
@Override
|
||||
protected void configureServlets() {
|
||||
serve("/become").with(BecomeAnyAccountLoginServlet.class);
|
||||
}
|
||||
});
|
||||
} else if (auth.getLoginType() == LoginType.OPENID) {
|
||||
modules.add(new OpenIdModule());
|
||||
}
|
||||
|
||||
return sysInjector.createChildInjector(modules);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Injector getInjector() {
|
||||
init();
|
||||
|
||||
@@ -56,10 +56,6 @@ class WebModule extends FactoryModule {
|
||||
serve("/prettify/*").with(PrettifyServlet.class);
|
||||
serve("/ssh_info").with(SshServlet.class);
|
||||
serve("/static/*").with(StaticServlet.class);
|
||||
|
||||
if (BecomeAnyAccountLoginServlet.isAllowed()) {
|
||||
serve("/become").with(BecomeAnyAccountLoginServlet.class);
|
||||
}
|
||||
}
|
||||
});
|
||||
install(new UiRpcModule());
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.google.gerrit.server.rpc;
|
||||
package com.google.gerrit.server.openid;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -0,0 +1,34 @@
|
||||
// Copyright (C) 2009 The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.google.gerrit.server.openid;
|
||||
|
||||
import com.google.gerrit.server.http.RpcServletModule;
|
||||
import com.google.gerrit.server.rpc.UiRpcModule;
|
||||
import com.google.inject.servlet.ServletModule;
|
||||
|
||||
/** Servlets and RPC support related to OpenID authentication. */
|
||||
public class OpenIdModule extends ServletModule {
|
||||
@Override
|
||||
protected void configureServlets() {
|
||||
serve("/" + OpenIdServiceImpl.RETURN_URL).with(OpenIdLoginServlet.class);
|
||||
|
||||
install(new RpcServletModule(UiRpcModule.PREFIX) {
|
||||
@Override
|
||||
protected void configureServlets() {
|
||||
rpc(OpenIdServiceImpl.class);
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -12,7 +12,7 @@
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.google.gerrit.server.rpc;
|
||||
package com.google.gerrit.server.openid;
|
||||
|
||||
import com.google.gerrit.client.SignInDialog;
|
||||
import com.google.gerrit.client.SignInDialog.Mode;
|
||||
@@ -23,7 +23,6 @@ import com.google.gerrit.client.reviewdb.Account;
|
||||
import com.google.gerrit.client.reviewdb.AccountExternalId;
|
||||
import com.google.gerrit.client.reviewdb.AccountExternalIdAccess;
|
||||
import com.google.gerrit.client.reviewdb.ReviewDb;
|
||||
import com.google.gerrit.client.reviewdb.SystemConfig;
|
||||
import com.google.gerrit.client.rpc.Common;
|
||||
import com.google.gerrit.server.UrlEncoded;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
@@ -81,6 +80,8 @@ class OpenIdServiceImpl implements OpenIdService {
|
||||
private static final Logger log =
|
||||
LoggerFactory.getLogger(OpenIdServiceImpl.class);
|
||||
|
||||
static final String RETURN_URL = "OpenID";
|
||||
|
||||
private static final String P_MODE = "gerrit.mode";
|
||||
private static final String P_TOKEN = "gerrit.token";
|
||||
private static final String P_REMEMBER = "gerrit.remember";
|
||||
@@ -113,32 +114,24 @@ class OpenIdServiceImpl implements OpenIdService {
|
||||
urlProvider = up;
|
||||
schema = sf;
|
||||
manager = new ConsumerManager();
|
||||
if (authConfig.getLoginType() == SystemConfig.LoginType.OPENID) {
|
||||
final Cache base = cacheMgr.getCache("openid");
|
||||
discoveryCache = new SelfPopulatingCache(base, new CacheEntryFactory() {
|
||||
public Object createEntry(final Object objKey) throws Exception {
|
||||
try {
|
||||
final List<?> list = manager.discover((String) objKey);
|
||||
return list != null && !list.isEmpty() ? list : null;
|
||||
} catch (DiscoveryException e) {
|
||||
return null;
|
||||
}
|
||||
|
||||
final Cache base = cacheMgr.getCache("openid");
|
||||
discoveryCache = new SelfPopulatingCache(base, new CacheEntryFactory() {
|
||||
public Object createEntry(final Object objKey) throws Exception {
|
||||
try {
|
||||
final List<?> list = manager.discover((String) objKey);
|
||||
return list != null && !list.isEmpty() ? list : null;
|
||||
} catch (DiscoveryException e) {
|
||||
return null;
|
||||
}
|
||||
});
|
||||
cacheMgr.replaceCacheWithDecoratedCache(base, discoveryCache);
|
||||
} else {
|
||||
discoveryCache = null;
|
||||
}
|
||||
}
|
||||
});
|
||||
cacheMgr.replaceCacheWithDecoratedCache(base, discoveryCache);
|
||||
}
|
||||
|
||||
public void discover(final String openidIdentifier,
|
||||
final SignInDialog.Mode mode, final boolean remember,
|
||||
final String returnToken, final AsyncCallback<DiscoveryResult> callback) {
|
||||
if (authConfig.getLoginType() != SystemConfig.LoginType.OPENID) {
|
||||
callback.onFailure(new IllegalStateException("OpenID not enabled"));
|
||||
return;
|
||||
}
|
||||
|
||||
final State state;
|
||||
state = init(openidIdentifier, mode, remember, returnToken);
|
||||
if (state == null) {
|
||||
@@ -327,7 +320,7 @@ class OpenIdServiceImpl implements OpenIdService {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private static void debugRequest(final HttpServletRequest req) {
|
||||
System.err.println(req.getMethod() + " /login");
|
||||
System.err.println(req.getMethod() + " /" + RETURN_URL);
|
||||
for (final String n : new TreeMap<String, Object>(req.getParameterMap())
|
||||
.keySet()) {
|
||||
for (final String v : req.getParameterValues(n)) {
|
||||
@@ -564,7 +557,7 @@ class OpenIdServiceImpl implements OpenIdService {
|
||||
|
||||
final String contextUrl = urlProvider.get();
|
||||
final DiscoveryInformation discovered = manager.associate(list);
|
||||
final UrlEncoded retTo = new UrlEncoded(contextUrl + "login");
|
||||
final UrlEncoded retTo = new UrlEncoded(contextUrl + RETURN_URL);
|
||||
retTo.put(P_MODE, mode.name());
|
||||
if (returnToken != null && returnToken.length() > 0) {
|
||||
retTo.put(P_TOKEN, returnToken);
|
||||
@@ -19,21 +19,20 @@ import com.google.gerrit.server.patch.PatchDetailServiceImpl;
|
||||
|
||||
/** Registers servlets to answer RPCs from client UI. */
|
||||
public class UiRpcModule extends RpcServletModule {
|
||||
public static final String PREFIX = "/gerrit/rpc/";
|
||||
|
||||
public UiRpcModule() {
|
||||
super("/gerrit/rpc/");
|
||||
super(PREFIX);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configureServlets() {
|
||||
serve("/login").with(OpenIdLoginServlet.class);
|
||||
|
||||
rpc(AccountServiceImpl.class);
|
||||
rpc(AccountSecurityImpl.class);
|
||||
rpc(GroupAdminServiceImpl.class);
|
||||
rpc(ChangeDetailServiceImpl.class);
|
||||
rpc(ChangeListServiceImpl.class);
|
||||
rpc(ChangeManageServiceImpl.class);
|
||||
rpc(OpenIdServiceImpl.class);
|
||||
rpc(PatchDetailServiceImpl.class);
|
||||
rpc(ProjectAdminServiceImpl.class);
|
||||
rpc(SuggestServiceImpl.class);
|
||||
|
||||
Reference in New Issue
Block a user