| | |
|---|
| | | import java.util.Scanner;
|
|---|
| | |
|
|---|
| | | import org.eclipse.jetty.ajp.Ajp13SocketConnector;
|
|---|
| | | import org.eclipse.jetty.security.ConstraintMapping;
|
|---|
| | | import org.eclipse.jetty.security.ConstraintSecurityHandler;
|
|---|
| | | import org.eclipse.jetty.server.Connector;
|
|---|
| | | import org.eclipse.jetty.server.Server;
|
|---|
| | | import org.eclipse.jetty.server.bio.SocketConnector;
|
|---|
| | |
|---|
| | | import org.eclipse.jetty.server.ssl.SslConnector;
|
|---|
| | | import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
|
|---|
| | | import org.eclipse.jetty.server.ssl.SslSocketConnector;
|
|---|
| | | import org.eclipse.jetty.util.security.Constraint;
|
|---|
| | | import org.eclipse.jetty.util.thread.QueuedThreadPool;
|
|---|
| | | import org.eclipse.jetty.webapp.WebAppContext;
|
|---|
| | | import org.eclipse.jgit.storage.file.FileBasedConfig;
|
|---|
| | |
|---|
| | | import com.beust.jcommander.Parameters;
|
|---|
| | | import com.gitblit.authority.GitblitAuthority;
|
|---|
| | | import com.gitblit.authority.NewCertificateConfig;
|
|---|
| | | import com.gitblit.servlet.GitblitContext;
|
|---|
| | | import com.gitblit.utils.StringUtils;
|
|---|
| | | import com.gitblit.utils.TimeUtils;
|
|---|
| | | import com.gitblit.utils.X509Utils;
|
|---|
| | |
|---|
| | | if (i + 1 == args.length) {
|
|---|
| | | System.out.println("Invalid --baseFolder parameter!");
|
|---|
| | | System.exit(-1);
|
|---|
| | | } else if (args[i + 1] != ".") {
|
|---|
| | | } else if (!".".equals(args[i + 1])) {
|
|---|
| | | folder = args[i + 1];
|
|---|
| | | }
|
|---|
| | | i = i + 1;
|
|---|
| | |
|---|
| | | if (params.port < 1024 && !isWindows()) {
|
|---|
| | | logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
|
|---|
| | | }
|
|---|
| | | if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
|
|---|
| | | // redirect HTTP requests to HTTPS
|
|---|
| | | if (httpConnector instanceof SelectChannelConnector) {
|
|---|
| | | ((SelectChannelConnector) httpConnector).setConfidentialPort(params.securePort);
|
|---|
| | | } else {
|
|---|
| | | ((SocketConnector) httpConnector).setConfidentialPort(params.securePort);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | connectors.add(httpConnector);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | |
|---|
| | | HashSessionManager sessionManager = new HashSessionManager();
|
|---|
| | | sessionManager.setHttpOnly(true);
|
|---|
| | | // Use secure cookies if only serving https
|
|---|
| | | sessionManager.setSecureCookies(params.port <= 0 && params.securePort > 0);
|
|---|
| | | sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0);
|
|---|
| | | rootContext.getSessionHandler().setSessionManager(sessionManager);
|
|---|
| | |
|
|---|
| | | // Ensure there is a defined User Service
|
|---|
| | |
|---|
| | |
|
|---|
| | | // Start up an in-memory LDAP server, if configured
|
|---|
| | | try {
|
|---|
| | | if (StringUtils.isEmpty(params.ldapLdifFile) == false) {
|
|---|
| | | if (!StringUtils.isEmpty(params.ldapLdifFile)) {
|
|---|
| | | File ldifFile = new File(params.ldapLdifFile);
|
|---|
| | | if (ldifFile != null && ldifFile.exists()) {
|
|---|
| | | URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
|
|---|
| | |
|---|
| | | // Set the server's contexts
|
|---|
| | | server.setHandler(rootContext);
|
|---|
| | |
|
|---|
| | | // Setup the GitBlit context
|
|---|
| | | GitBlit gitblit = getGitBlitInstance();
|
|---|
| | | gitblit.configureContext(settings, baseFolder, true);
|
|---|
| | | // redirect HTTP requests to HTTPS
|
|---|
| | | if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
|
|---|
| | | logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort));
|
|---|
| | | // Create the internal mechanisms to handle secure connections and redirects
|
|---|
| | | Constraint constraint = new Constraint();
|
|---|
| | | constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
|
|---|
| | |
|
|---|
| | | ConstraintMapping cm = new ConstraintMapping();
|
|---|
| | | cm.setConstraint(constraint);
|
|---|
| | | cm.setPathSpec("/*");
|
|---|
| | |
|
|---|
| | | ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
|
|---|
| | | sh.setConstraintMappings(new ConstraintMapping[] { cm });
|
|---|
| | |
|
|---|
| | | // Configure this context to use the Security Handler defined before
|
|---|
| | | rootContext.setHandler(sh);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | // Setup the Gitblit context
|
|---|
| | | GitblitContext gitblit = newGitblit(settings, baseFolder);
|
|---|
| | | rootContext.addEventListener(gitblit);
|
|---|
| | |
|
|---|
| | | try {
|
|---|
| | |
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | protected GitBlit getGitBlitInstance() {
|
|---|
| | | return GitBlit.self();
|
|---|
| | | protected GitblitContext newGitblit(IStoredSettings settings, File baseFolder) {
|
|---|
| | | return new GitblitContext(settings, baseFolder);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | /**
|
|---|
