Allow multiple Servlet filters on Jetty HTTPD

Enable the ability to specify httpd.filterClass more than once to have mutiple Servlet filters installed at startup. Change-Id: I460bb5e56640f55ff7b380072dce6d44353ed3e7
2017-05-03 22:20:51 +01:00
parent cbd3339f5a
commit dcb4bd544c
2 changed files with 10 additions and 6 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -2505,9 +2505,12 @@ Typical usage is in conjunction with the `auth.type=HTTP` as replacement
 of an Apache HTTP proxy layer as security enforcement on top of Gerrit
 by returning a trusted username as HTTP Header.
 +
+Allow multiple values to install multiple servlet filters.
+
 Example of using a security library secure.jar under $GERRIT_SITE/lib
-that provides a org.anyorg.MySecureFilter Servlet Filter that enforces
-a trusted username in the `TRUSTED_USER` HTTP Header:
+that provides a org.anyorg.MySecureHeaderFilter Servlet Filter that enforces
+a trusted username in the `TRUSTED_USER` HTTP Header and
+org.anyorg.MySecureIPFilter that performs source IP security filtering:

 ----
 [auth]
@@ -2515,7 +2518,8 @@ a trusted username in the `TRUSTED_USER` HTTP Header:
 	httpHeader = TRUSTED_USER

 [httpd]
-	filterClass = org.anyorg.MySecureFilter
+	filterClass = org.anyorg.MySecureHeaderFilter
+	filterClass = org.anyorg.MySecureIPFilter
 ----

 [[httpd.robotsFile]]httpd.robotsFile::
--- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
+++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
@@ -398,12 +398,12 @@ public class JettyServer {
    //
    app.setContextPath(contextPath);

-    // HTTP front-end filter to be used as surrogate of Apache HTTP
+    // HTTP front-end filters to be used as surrogate of Apache HTTP
    // reverse-proxy filtering.
    // It is meant to be used as simpler tiny deployment of custom-made
    // security enforcement (Security tokens, IP-based security filtering, others)
-    String filterClassName = cfg.getString("httpd", null, "filterClass");
-    if (filterClassName != null) {
+    String[] filterClassNames = cfg.getStringList("httpd", null, "filterClass");
+    for (String filterClassName : filterClassNames) {
      try {
        @SuppressWarnings("unchecked")
        Class<? extends Filter> filterClass =