opendev/gerrit
Code Issues Proposed changes

Use a filter to enforce all HTTP requests through SSL

Browse Source 
Rather than checking only the host page, enforce SSL on every
request, including our JavaScript, icons, and RPCs.

Change-Id: I902e958fd53afa8e16fbc9c599852ee9faaec474
Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
2009-12-12 20:11:48 -08:00
parent fae4227ccb
commit a2a69c8e58
3 changed files with 112 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
View File

@@ -29,8 +29,10 @@ import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.RemotePeer;
import com.google.gerrit.server.account.AccountManager;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.FactoryModule;
import com.google.gerrit.server.config.GerritRequestModule;
import com.google.gerrit.server.config.Nullable;
import com.google.gerrit.server.contact.ContactStore;
import com.google.gerrit.server.contact.ContactStoreProvider;
import com.google.gerrit.server.ssh.SshInfo;
@@ -49,15 +51,19 @@ public class WebModule extends FactoryModule {
private final Provider<SshInfo> sshInfoProvider;
private final Provider<SshKeyCache> sshKeyCacheProvider;
private final AuthType authType;
private final boolean wantSSL;
private final GitWebConfig gitWebConfig;
@Inject
WebModule(final Provider<SshInfo> sshInfoProvider,
final Provider<SshKeyCache> sshKeyCacheProvider,
final AuthConfig authConfig, final Injector creatingInjector) {
final AuthConfig authConfig,
@CanonicalWebUrl @Nullable final String canonicalUrl,
final Injector creatingInjector) {
this.sshInfoProvider = sshInfoProvider;
this.sshKeyCacheProvider = sshKeyCacheProvider;
this.authType = authConfig.getAuthType();
this.wantSSL = canonicalUrl != null && canonicalUrl.startsWith("https:");
this.gitWebConfig =
creatingInjector.createChildInjector(new AbstractModule() {
@@ -77,6 +83,10 @@ public class WebModule extends FactoryModule {
}
});
if (wantSSL) {
install(new RequireSslFilter.Module());
}
switch (authType) {
case OPENID:
install(new OpenIdModule());