Hoist RequireSslFilter out of WebModule
On googlesource.com we have a separate filter for this, and having two of them causes problems. Change-Id: If04b61be38eed67fa8edd5cbd164f4b97ea1e6e2
This commit is contained in:
Dave Borowitz
@@ -34,11 +34,20 @@ import javax.servlet.http.HttpServletResponse;
|
|||||||
|
|
||||||
/** Requires the connection to use SSL, redirects if not. */
|
/** Requires the connection to use SSL, redirects if not. */
|
||||||
@Singleton
|
@Singleton
|
||||||
class RequireSslFilter implements Filter {
|
public class RequireSslFilter implements Filter {
|
||||||
static class Module extends ServletModule {
|
public static class Module extends ServletModule {
|
||||||
|
private final boolean wantSsl;
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
Module(@Nullable @CanonicalWebUrl String canonicalUrl) {
|
||||||
|
this.wantSsl = canonicalUrl != null && canonicalUrl.startsWith("https:");
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configureServlets() {
|
protected void configureServlets() {
|
||||||
filter("/*").through(RequireSslFilter.class);
|
if (wantSsl) {
|
||||||
|
filter("/*").through(RequireSslFilter.class);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,6 @@ package com.google.gerrit.httpd;
|
|||||||
|
|
||||||
import static com.google.gerrit.extensions.registration.PrivateInternals_DynamicTypes.registerInParentInjectors;
|
import static com.google.gerrit.extensions.registration.PrivateInternals_DynamicTypes.registerInParentInjectors;
|
||||||
|
|
||||||
import com.google.gerrit.common.Nullable;
|
|
||||||
import com.google.gerrit.extensions.registration.DynamicSet;
|
import com.google.gerrit.extensions.registration.DynamicSet;
|
||||||
import com.google.gerrit.extensions.webui.WebUiPlugin;
|
import com.google.gerrit.extensions.webui.WebUiPlugin;
|
||||||
import com.google.gerrit.httpd.auth.become.BecomeAnyAccountModule;
|
import com.google.gerrit.httpd.auth.become.BecomeAnyAccountModule;
|
||||||
@@ -28,7 +27,6 @@ import com.google.gerrit.httpd.rpc.UiRpcModule;
|
|||||||
import com.google.gerrit.lifecycle.LifecycleModule;
|
import com.google.gerrit.lifecycle.LifecycleModule;
|
||||||
import com.google.gerrit.server.RemotePeer;
|
import com.google.gerrit.server.RemotePeer;
|
||||||
import com.google.gerrit.server.config.AuthConfig;
|
import com.google.gerrit.server.config.AuthConfig;
|
||||||
import com.google.gerrit.server.config.CanonicalWebUrl;
|
|
||||||
import com.google.gerrit.server.config.GerritRequestModule;
|
import com.google.gerrit.server.config.GerritRequestModule;
|
||||||
import com.google.gerrit.server.config.GitwebCgiConfig;
|
import com.google.gerrit.server.config.GitwebCgiConfig;
|
||||||
import com.google.gerrit.server.git.AsyncReceiveCommits;
|
import com.google.gerrit.server.git.AsyncReceiveCommits;
|
||||||
@@ -42,17 +40,14 @@ import java.net.SocketAddress;
|
|||||||
|
|
||||||
public class WebModule extends LifecycleModule {
|
public class WebModule extends LifecycleModule {
|
||||||
private final AuthConfig authConfig;
|
private final AuthConfig authConfig;
|
||||||
private final boolean wantSSL;
|
|
||||||
private final GitwebCgiConfig gitwebCgiConfig;
|
private final GitwebCgiConfig gitwebCgiConfig;
|
||||||
private final GerritOptions options;
|
private final GerritOptions options;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
WebModule(AuthConfig authConfig,
|
WebModule(AuthConfig authConfig,
|
||||||
@CanonicalWebUrl @Nullable String canonicalUrl,
|
|
||||||
GerritOptions options,
|
GerritOptions options,
|
||||||
GitwebCgiConfig gitwebCgiConfig) {
|
GitwebCgiConfig gitwebCgiConfig) {
|
||||||
this.authConfig = authConfig;
|
this.authConfig = authConfig;
|
||||||
this.wantSSL = canonicalUrl != null && canonicalUrl.startsWith("https:");
|
|
||||||
this.options = options;
|
this.options = options;
|
||||||
this.gitwebCgiConfig = gitwebCgiConfig;
|
this.gitwebCgiConfig = gitwebCgiConfig;
|
||||||
}
|
}
|
||||||
@@ -62,9 +57,6 @@ public class WebModule extends LifecycleModule {
|
|||||||
bind(RequestScopePropagator.class).to(GuiceRequestScopePropagator.class);
|
bind(RequestScopePropagator.class).to(GuiceRequestScopePropagator.class);
|
||||||
bind(HttpRequestContext.class);
|
bind(HttpRequestContext.class);
|
||||||
|
|
||||||
if (wantSSL) {
|
|
||||||
install(new RequireSslFilter.Module());
|
|
||||||
}
|
|
||||||
install(new RunAsFilter.Module());
|
install(new RunAsFilter.Module());
|
||||||
|
|
||||||
installAuthModule();
|
installAuthModule();
|
||||||
|
|||||||
@@ -28,6 +28,7 @@ import com.google.gerrit.httpd.GitOverHttpModule;
|
|||||||
import com.google.gerrit.httpd.H2CacheBasedWebSession;
|
import com.google.gerrit.httpd.H2CacheBasedWebSession;
|
||||||
import com.google.gerrit.httpd.HttpCanonicalWebUrlProvider;
|
import com.google.gerrit.httpd.HttpCanonicalWebUrlProvider;
|
||||||
import com.google.gerrit.httpd.RequestContextFilter;
|
import com.google.gerrit.httpd.RequestContextFilter;
|
||||||
|
import com.google.gerrit.httpd.RequireSslFilter;
|
||||||
import com.google.gerrit.httpd.WebModule;
|
import com.google.gerrit.httpd.WebModule;
|
||||||
import com.google.gerrit.httpd.WebSshGlueModule;
|
import com.google.gerrit.httpd.WebSshGlueModule;
|
||||||
import com.google.gerrit.httpd.auth.oauth.OAuthModule;
|
import com.google.gerrit.httpd.auth.oauth.OAuthModule;
|
||||||
@@ -445,6 +446,7 @@ public class Daemon extends SiteProgram {
|
|||||||
modules.add(H2CacheBasedWebSession.module());
|
modules.add(H2CacheBasedWebSession.module());
|
||||||
modules.add(sysInjector.getInstance(GitOverHttpModule.class));
|
modules.add(sysInjector.getInstance(GitOverHttpModule.class));
|
||||||
modules.add(sysInjector.getInstance(WebModule.class));
|
modules.add(sysInjector.getInstance(WebModule.class));
|
||||||
|
modules.add(sysInjector.getInstance(RequireSslFilter.Module.class));
|
||||||
modules.add(new HttpPluginModule());
|
modules.add(new HttpPluginModule());
|
||||||
if (sshd) {
|
if (sshd) {
|
||||||
modules.add(sshInjector.getInstance(WebSshGlueModule.class));
|
modules.add(sshInjector.getInstance(WebSshGlueModule.class));
|
||||||
|
|||||||
@@ -349,6 +349,7 @@ public class WebAppInitializer extends GuiceServletContextListener
|
|||||||
modules.add(AllRequestFilter.module());
|
modules.add(AllRequestFilter.module());
|
||||||
modules.add(sysInjector.getInstance(GitOverHttpModule.class));
|
modules.add(sysInjector.getInstance(GitOverHttpModule.class));
|
||||||
modules.add(sysInjector.getInstance(WebModule.class));
|
modules.add(sysInjector.getInstance(WebModule.class));
|
||||||
|
modules.add(sysInjector.getInstance(RequireSslFilter.Module.class));
|
||||||
if (sshInjector != null) {
|
if (sshInjector != null) {
|
||||||
modules.add(sshInjector.getInstance(WebSshGlueModule.class));
|
modules.add(sshInjector.getInstance(WebSshGlueModule.class));
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user