Add User to the http request attributes

GetUserFilter is adding the user to the request attribute so the user who requested the URL is printed in the httpd_log but it is only applied when running Gerrit with the embedded servlet container. Move GetUserFilter from the gerrit-pgm to gerrit-httpd so it can be applied when running Gerrit in a servlet container (e.g. Tomcat). Add a parameter http.addUserAsRequestAttribute in gerrit config to enable/disable this filter. It is enabled by default. In tomcat, pattern %{User}r can be used in the AccessLog to print user to get same functionality as httpd_log when running with the embedded servlet container. Change-Id: I591d594848a5b2d4aa9389965365e0621b39a51c
2014-03-03 13:52:45 -05:00
parent a2467073ac
commit 88e33ac9f1
5 changed files with 42 additions and 26 deletions
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GetUserFilter.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GetUserFilter.java
@@ -0,0 +1,93 @@
+// Copyright (C) 2012 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.httpd;
+
+import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.IdentifiedUser;
+import com.google.gerrit.server.config.GerritServerConfig;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import com.google.inject.servlet.ServletModule;
+
+import org.eclipse.jgit.lib.Config;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+/**
+ * Stores user as a request attribute, so the servlet container access log like
+ * {@link HttpLog} can include the the user for the request outside of the
+ * request scope.
+ */
+@Singleton
+public class GetUserFilter implements Filter {
+
+  public static final String REQ_ATTR_KEY = "User";
+
+  public static class Module extends ServletModule {
+
+    private final boolean enabled;
+
+    @Inject
+    Module(@GerritServerConfig final Config cfg) {
+      enabled = cfg.getBoolean("http", "addUserAsRequestAttribute", true);
+    }
+
+    @Override
+    protected void configureServlets() {
+      if (enabled) {
+        filter("/*").through(GetUserFilter.class);
+      }
+    }
+  }
+
+  private final Provider<CurrentUser> userProvider;
+
+  @Inject
+  GetUserFilter(final Provider<CurrentUser> userProvider) {
+    this.userProvider = userProvider;
+  }
+
+  @Override
+  public void doFilter(
+      ServletRequest req, ServletResponse resp, FilterChain chain)
+      throws IOException, ServletException {
+    CurrentUser user = userProvider.get();
+    if (user != null && user.isIdentifiedUser()) {
+      IdentifiedUser who = (IdentifiedUser) user;
+      if (who.getUserName() != null && !who.getUserName().isEmpty()) {
+        req.setAttribute(REQ_ATTR_KEY, who.getUserName());
+      } else {
+        req.setAttribute(REQ_ATTR_KEY, "a/" + who.getAccountId());
+      }
+    }
+    chain.doFilter(req, resp);
+  }
+
+  @Override
+  public void destroy() {
+  }
+
+  @Override
+  public void init(FilterConfig arg0) {
+  }
+}