Merge "Allows explicit login with auth.type = HTTP*"
This commit is contained in:
Shawn Pearce
@@ -255,6 +255,26 @@ The "Sign In" link will send users directly to this URL.
|
||||
HTTP header to trust the username from, or unset to select HTTP basic
|
||||
or digest authentication. Only used if `auth.type` is set to HTTP.
|
||||
|
||||
[[auth.loginUrl]]auth.loginUrl::
|
||||
+
|
||||
URL to redirect a browser to after the end-user has clicked on the
|
||||
login link in the upper right corner. Only used if 'auth.type' was set
|
||||
to HTTP or HTTP_LDAP.
|
||||
Organizations using an enterprise single-sign-on solution may want to
|
||||
redirect the browser to the SSO product's sign-in page for completing the
|
||||
login process and validate their credentials.
|
||||
+
|
||||
If set, Gerrit allows to access anonymously until the end-user performs the login
|
||||
and then provides a trusted identity through the HTTP header.
|
||||
If not set, Gerrit requires the HTTP header with a trusted identity
|
||||
otherwise returns the error page LoginRedirect.html.
|
||||
|
||||
[[auth.loginText]]auth.loginText::
|
||||
+
|
||||
Text displayed in the loginUrl link. Only used if 'auth.loginUrl' was set.
|
||||
+
|
||||
If not set, the 'Sign In' text is used.
|
||||
|
||||
[[auth.logoutUrl]]auth.logoutUrl::
|
||||
+
|
||||
URL to redirect a browser to after the end-user has clicked on the
|
||||
|
||||
@@ -26,6 +26,8 @@ import java.util.Set;
|
||||
public class GerritConfig implements Cloneable {
|
||||
protected String registerUrl;
|
||||
protected String registerText;
|
||||
protected String loginUrl;
|
||||
protected String loginText;
|
||||
protected String httpPasswordUrl;
|
||||
protected String reportBugUrl;
|
||||
|
||||
@@ -48,6 +50,22 @@ public class GerritConfig implements Cloneable {
|
||||
protected int suggestFrom;
|
||||
protected int changeUpdateDelay;
|
||||
|
||||
public String getLoginUrl() {
|
||||
return loginUrl;
|
||||
}
|
||||
|
||||
public void setLoginUrl(final String u) {
|
||||
loginUrl = u;
|
||||
}
|
||||
|
||||
public String getLoginText() {
|
||||
return loginText;
|
||||
}
|
||||
|
||||
public void setLoginText(String signinText) {
|
||||
this.loginText = signinText;
|
||||
}
|
||||
|
||||
public String getRegisterUrl() {
|
||||
return registerUrl;
|
||||
}
|
||||
|
||||
@@ -729,8 +729,6 @@ public class Gerrit implements EntryPoint {
|
||||
whoAmI(cfg.getAuthType() != AuthType.CLIENT_SSL_CERT_LDAP);
|
||||
} else {
|
||||
switch (cfg.getAuthType()) {
|
||||
case HTTP:
|
||||
case HTTP_LDAP:
|
||||
case CLIENT_SSL_CERT_LDAP:
|
||||
break;
|
||||
|
||||
@@ -759,6 +757,14 @@ public class Gerrit implements EntryPoint {
|
||||
});
|
||||
break;
|
||||
|
||||
case HTTP:
|
||||
case HTTP_LDAP:
|
||||
if (cfg.getLoginUrl() != null) {
|
||||
final String signinText = cfg.getLoginText() == null ? C.menuSignIn() : cfg.getLoginText();
|
||||
menuRight.add(anchor(signinText, cfg.getLoginUrl()));
|
||||
}
|
||||
break;
|
||||
|
||||
case LDAP:
|
||||
case LDAP_BIND:
|
||||
case CUSTOM_EXTENSION:
|
||||
|
||||
@@ -94,10 +94,14 @@ class GerritConfigProvider implements Provider<GerritConfig> {
|
||||
config.setHttpPasswordUrl(cfg.getString("auth", null, "httpPasswordUrl"));
|
||||
break;
|
||||
|
||||
case CLIENT_SSL_CERT_LDAP:
|
||||
case DEVELOPMENT_BECOME_ANY_ACCOUNT:
|
||||
case HTTP:
|
||||
case HTTP_LDAP:
|
||||
config.setLoginUrl(cfg.getString("auth", null, "loginurl"));
|
||||
config.setLoginText(cfg.getString("auth", null, "logintext"));
|
||||
break;
|
||||
|
||||
case CLIENT_SSL_CERT_LDAP:
|
||||
case DEVELOPMENT_BECOME_ANY_ACCOUNT:
|
||||
case OPENID:
|
||||
case OPENID_SSO:
|
||||
break;
|
||||
|
||||
@@ -88,7 +88,7 @@ public class WebModule extends FactoryModule {
|
||||
switch (authConfig.getAuthType()) {
|
||||
case HTTP:
|
||||
case HTTP_LDAP:
|
||||
install(new HttpAuthModule());
|
||||
install(new HttpAuthModule(authConfig));
|
||||
break;
|
||||
|
||||
case CLIENT_SSL_CERT_LDAP:
|
||||
|
||||
@@ -14,13 +14,22 @@
|
||||
|
||||
package com.google.gerrit.httpd.auth.container;
|
||||
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.inject.servlet.ServletModule;
|
||||
|
||||
/** Servlets and support related to HTTP authentication. */
|
||||
public class HttpAuthModule extends ServletModule {
|
||||
private final AuthConfig authConfig;
|
||||
|
||||
public HttpAuthModule(final AuthConfig authConfig) {
|
||||
this.authConfig = authConfig;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configureServlets() {
|
||||
filter("/").through(HttpAuthFilter.class);
|
||||
if (authConfig.getLoginUrl() == null) {
|
||||
filter("/").through(HttpAuthFilter.class);
|
||||
}
|
||||
serve("/login", "/login/*").with(HttpLoginServlet.class);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -40,6 +40,7 @@ public class AuthConfig {
|
||||
private final boolean enableRunAs;
|
||||
private final boolean userNameToLowerCase;
|
||||
private final boolean gitBasicAuth;
|
||||
private final String loginUrl;
|
||||
private final String logoutUrl;
|
||||
private final String openIdSsoUrl;
|
||||
private final List<String> openIdDomains;
|
||||
@@ -57,6 +58,7 @@ public class AuthConfig {
|
||||
throws XsrfException {
|
||||
authType = toType(cfg);
|
||||
httpHeader = cfg.getString("auth", null, "httpheader");
|
||||
loginUrl = cfg.getString("auth", null, "loginurl");
|
||||
logoutUrl = cfg.getString("auth", null, "logouturl");
|
||||
openIdSsoUrl = cfg.getString("auth", null, "openidssourl");
|
||||
openIdDomains = Arrays.asList(cfg.getStringList("auth", null, "openIdDomain"));
|
||||
@@ -124,6 +126,10 @@ public class AuthConfig {
|
||||
return httpHeader;
|
||||
}
|
||||
|
||||
public String getLoginUrl() {
|
||||
return loginUrl;
|
||||
}
|
||||
|
||||
public String getLogoutURL() {
|
||||
return logoutUrl;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user