opendev/gerrit
Code Issues Proposed changes

Fix push over HTTP

Browse Source 
Authentication was broken for push over HTTP when using the internal
Jetty daemon, as the ProjectQoSFilter was installed in front of the
ProjectDigestFilter and asked for the user identity in order to know
which type of queue to schedule the request onto.  This caused the
ProjectQoSFilter to always authenticate the request as ANONYMOUS,
which later caused it to reject the push because Gerrit never
permits an anonymous user to push to a project.

Moving the ProjectQoSFilter after all other filters (but just before
the servlet itself) fixes this issue.  Fortunately Guice allows
us to register the filter after the servlet, which means we just
needed to flip the order the modules are installed into the injector.

Change-Id: Ie59db01e731e4269a968f10bb5d17e94afe6518e
Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
2010-12-13 10:22:53 -08:00
parent 4a400e486e
commit e143def387
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
View File

@@ -237,8 +237,8 @@ public class Daemon extends SiteProgram {
private Injector createWebInjector() {
final List<Module> modules = new ArrayList<Module>();
modules.add(sshInjector.getInstance(ProjectQoSFilter.Module.class));
modules.add(sshInjector.getInstance(WebModule.class));
modules.add(sshInjector.getInstance(ProjectQoSFilter.Module.class));
return sysInjector.createChildInjector(modules);
}