Control X-Gerrit-RunAs with auth.enableRunAs variable

If auth.enableRunAs is set to false by the server administrators the X-Gerrit-RunAs HTTP header will be rejected. Change-Id: Ie6697ecd5a581bb170b5a1e0a83d7b0308cbffe1
2013-06-11 12:29:17 -07:00
parent d937068cc5
commit a931fe1bad
2 changed files with 31 additions and 8 deletions
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/RunAsFilter.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/RunAsFilter.java
@@ -21,12 +21,14 @@ import com.google.gerrit.httpd.restapi.RestApiServlet;
 import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.account.AccountResolver;
+import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import com.google.inject.servlet.ServletModule;

+import org.eclipse.jgit.lib.Config;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -54,26 +56,37 @@ class RunAsFilter implements Filter {
    }
  }

+  private final boolean enabled;
  private final Provider<WebSession> session;
  private final AccountResolver accountResolver;

  @Inject
-  RunAsFilter(Provider<WebSession> session, AccountResolver accountResolver) {
+  RunAsFilter(@GerritServerConfig Config config,
+      Provider<WebSession> session,
+      AccountResolver accountResolver) {
+    this.enabled = config.getBoolean("auth", null, "enableRunAs", true);
    this.session = session;
    this.accountResolver = accountResolver;
  }

  @Override
-  public void doFilter(ServletRequest request, ServletResponse res,
+  public void doFilter(ServletRequest request, ServletResponse response,
      FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
+    HttpServletResponse res = (HttpServletResponse) response;

    String runas = req.getHeader(RUN_AS);
    if (runas != null) {
+      if (!enabled) {
+        RestApiServlet.replyError(res,
+            SC_FORBIDDEN,
+            RUN_AS + " disabled by auth.enableRunAs = false");
+        return;
+      }
+
      CurrentUser self = session.get().getCurrentUser();
      if (!self.getCapabilities().canRunAs()) {
-        RestApiServlet.replyError(
-            (HttpServletResponse) res,
+        RestApiServlet.replyError(res,
            SC_FORBIDDEN,
            "not permitted to use " + RUN_AS);
        return;
@@ -84,15 +97,13 @@ class RunAsFilter implements Filter {
        target = accountResolver.find(runas);
      } catch (OrmException e) {
        log.warn("cannot resolve account for " + RUN_AS, e);
-        RestApiServlet.replyError(
-            (HttpServletResponse) res,
+        RestApiServlet.replyError(res,
            SC_INTERNAL_SERVER_ERROR,
            "cannot resolve " + RUN_AS);
        return;
      }
      if (target == null) {
-        RestApiServlet.replyError(
-            (HttpServletResponse) res,
+        RestApiServlet.replyError(res,
            SC_FORBIDDEN,
            "no account matches " + RUN_AS);
        return;