From 94e12c168f5eec300fd23d0de25c7dc93a96c429 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 03 Mar 2014 17:51:21 -0500
Subject: [PATCH] Eliminate Gravatar profile linking and improve api
---
src/main/java/com/gitblit/GitBlitServer.java | 79 +++++++++++++++++++++++++++++++++++----
1 files changed, 71 insertions(+), 8 deletions(-)
diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java
index ace1f2f..1e51577 100644
--- a/src/main/java/com/gitblit/GitBlitServer.java
+++ b/src/main/java/com/gitblit/GitBlitServer.java
@@ -20,6 +20,7 @@
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
+import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.InetAddress;
@@ -33,9 +34,13 @@
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import java.util.Properties;
import java.util.Scanner;
+import org.apache.log4j.PropertyConfigurator;
import org.eclipse.jetty.ajp.Ajp13SocketConnector;
+import org.eclipse.jetty.security.ConstraintMapping;
+import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.bio.SocketConnector;
@@ -44,6 +49,7 @@
import org.eclipse.jetty.server.ssl.SslConnector;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
import org.eclipse.jetty.server.ssl.SslSocketConnector;
+import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.webapp.WebAppContext;
import org.eclipse.jgit.storage.file.FileBasedConfig;
@@ -58,6 +64,7 @@
import com.beust.jcommander.Parameters;
import com.gitblit.authority.GitblitAuthority;
import com.gitblit.authority.NewCertificateConfig;
+import com.gitblit.servlet.GitblitContext;
import com.gitblit.utils.StringUtils;
import com.gitblit.utils.TimeUtils;
import com.gitblit.utils.X509Utils;
@@ -95,7 +102,7 @@
if (i + 1 == args.length) {
System.out.println("Invalid --baseFolder parameter!");
System.exit(-1);
- } else if (args[i + 1] != ".") {
+ } else if (!".".equals(args[i + 1])) {
folder = args[i + 1];
}
i = i + 1;
@@ -175,6 +182,34 @@
settings = new FileSettings(params.settingsfile);
}
}
+
+ if (params.dailyLogFile) {
+ // Configure log4j for daily log file generation
+ InputStream is = null;
+ try {
+ is = getClass().getResourceAsStream("/log4j.properties");
+ Properties loggingProperties = new Properties();
+ loggingProperties.load(is);
+
+ loggingProperties.put("log4j.appender.R.File", new File(baseFolder, "logs/gitblit.log").getAbsolutePath());
+ loggingProperties.put("log4j.rootCategory", "INFO, R");
+
+ if (settings.getBoolean(Keys.web.debugMode, false)) {
+ loggingProperties.put("log4j.logger.com.gitblit", "DEBUG");
+ }
+
+ PropertyConfigurator.configure(loggingProperties);
+ } catch (Exception e) {
+ e.printStackTrace();
+ } finally {
+ try {
+ is.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
logger = LoggerFactory.getLogger(GitBlitServer.class);
logger.info(Constants.BORDER);
logger.info(" _____ _ _ _ _ _ _");
@@ -212,6 +247,14 @@
}
if (params.port < 1024 && !isWindows()) {
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
+ }
+ if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
+ // redirect HTTP requests to HTTPS
+ if (httpConnector instanceof SelectChannelConnector) {
+ ((SelectChannelConnector) httpConnector).setConfidentialPort(params.securePort);
+ } else {
+ ((SocketConnector) httpConnector).setConfidentialPort(params.securePort);
+ }
}
connectors.add(httpConnector);
}
@@ -329,7 +372,7 @@
HashSessionManager sessionManager = new HashSessionManager();
sessionManager.setHttpOnly(true);
// Use secure cookies if only serving https
- sessionManager.setSecureCookies(params.port <= 0 && params.securePort > 0);
+ sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0);
rootContext.getSessionHandler().setSessionManager(sessionManager);
// Ensure there is a defined User Service
@@ -346,7 +389,7 @@
// Start up an in-memory LDAP server, if configured
try {
- if (StringUtils.isEmpty(params.ldapLdifFile) == false) {
+ if (!StringUtils.isEmpty(params.ldapLdifFile)) {
File ldifFile = new File(params.ldapLdifFile);
if (ldifFile != null && ldifFile.exists()) {
URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
@@ -380,9 +423,26 @@
// Set the server's contexts
server.setHandler(rootContext);
- // Setup the GitBlit context
- GitBlit gitblit = getGitBlitInstance();
- gitblit.configureContext(settings, baseFolder, true);
+ // redirect HTTP requests to HTTPS
+ if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
+ logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort));
+ // Create the internal mechanisms to handle secure connections and redirects
+ Constraint constraint = new Constraint();
+ constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+
+ ConstraintMapping cm = new ConstraintMapping();
+ cm.setConstraint(constraint);
+ cm.setPathSpec("/*");
+
+ ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
+ sh.setConstraintMappings(new ConstraintMapping[] { cm });
+
+ // Configure this context to use the Security Handler defined before
+ rootContext.setHandler(sh);
+ }
+
+ // Setup the Gitblit context
+ GitblitContext gitblit = newGitblit(settings, baseFolder);
rootContext.addEventListener(gitblit);
try {
@@ -401,8 +461,8 @@
}
}
- protected GitBlit getGitBlitInstance() {
- return GitBlit.self();
+ protected GitblitContext newGitblit(IStoredSettings settings, File baseFolder) {
+ return new GitblitContext(settings, baseFolder);
}
/**
@@ -585,6 +645,9 @@
@Parameter(names = { "--tempFolder" }, description = "Folder for server to extract built-in webapp")
public String temp = FILESETTINGS.getString(Keys.server.tempFolder, "temp");
+ @Parameter(names = { "--dailyLogFile" }, description = "Log to a rolling daily log file INSTEAD of stdout.")
+ public Boolean dailyLogFile = false;
+
/*
* GIT Servlet Parameters
*/
--
Gitblit v1.9.1