opendev/gerrit
Code Issues Proposed changes

Merge "Add a dedicated servlet for checking a user's authorization"

Browse Source
This commit is contained in:
Patrick Hiesel
2019-08-06 11:59:02 +00:00
committed by Gerrit Code Review
parent 9d108ae99d a27023ff1e
commit c69baae7f8
4 changed files with 97 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/com/google/gerrit/httpd/UrlModule.java
View File

@@ -19,6 +19,7 @@ import static com.google.inject.Scopes.SINGLETON;
import com.google.common.base.Strings;
import com.google.gerrit.common.PageLinks;
import com.google.gerrit.extensions.client.AuthType;
import com.google.gerrit.httpd.raw.AuthorizationCheckServlet;
import com.google.gerrit.httpd.raw.CatServlet;
import com.google.gerrit.httpd.raw.SshInfoServlet;
import com.google.gerrit.httpd.raw.ToolServlet;
@@ -82,6 +83,9 @@ class UrlModule extends ServletModule {
serveRegex("^/(?:a/)?tools/(.*)$").with(ToolServlet.class);
// Serve auth check. Mainly used by PolyGerrit for checking if a user is still logged in.
serveRegex("^/(?:a/)?auth-check$").with(AuthorizationCheckServlet.class);
// Bind servlets for REST root collections.
// The '/plugins/' root collection is already handled by HttpPluginServlet
// which is bound in HttpPluginModule. We cannot bind it here again although

51
java/com/google/gerrit/httpd/raw/AuthorizationCheckServlet.java Normal file
View File

@@ -0,0 +1,51 @@
// Copyright (C) 2018 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.httpd.raw;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.util.http.CacheHeaders;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Offers a dedicated endpoint for checking if a user is still logged in. Returns {@code 204
* NO_CONTENT} for logged-in users, {@code 403 FORBIDDEN} otherwise.
*
* <p>Mainly used by PolyGerrit to check if a user is still logged in.
*/
@Singleton
public class AuthorizationCheckServlet extends HttpServlet {
private final Provider<CurrentUser> user;
@Inject
AuthorizationCheckServlet(Provider<CurrentUser> user) {
this.user = user;
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException {
CacheHeaders.setNotCacheable(res);
if (user.get().isIdentifiedUser()) {
res.setStatus(HttpServletResponse.SC_NO_CONTENT);
} else {
res.setStatus(HttpServletResponse.SC_FORBIDDEN);
}
}
}