From c828cf2db88956094a31a79741145688876879df Mon Sep 17 00:00:00 2001 From: James Moger Date: Fri, 23 May 2014 08:17:11 -0400 Subject: Use Guice-Servlet rather than custom code and expose the Injector This is a fairly functional variation of Gitblit with one notable exception: The security filters are not working properly. This is a design flaw in Guice that I have reported upstream [1]. The general idea is that Guice-Servlet filters are not properly wrapping the ServletRequest. This has historically been a problem for Guice-Servlet servlets but Google has fixed most of those issues. Unfortunately, all the same flaws reported against the servlet delegation also exist in Guice-Servlet filter delegation. :( [1]: https://code.google.com/p/google-guice/issues/detail?id=807 --- src/main/java/com/gitblit/guice/CoreModule.java | 100 ++++++++++++++++++++++ src/main/java/com/gitblit/guice/GuiceContext.java | 86 ------------------- src/main/java/com/gitblit/guice/GuiceModule.java | 100 ---------------------- src/main/java/com/gitblit/guice/WebModule.java | 99 +++++++++++++++++++++ 4 files changed, 199 insertions(+), 186 deletions(-) create mode 100644 src/main/java/com/gitblit/guice/CoreModule.java delete mode 100644 src/main/java/com/gitblit/guice/GuiceContext.java delete mode 100644 src/main/java/com/gitblit/guice/GuiceModule.java create mode 100644 src/main/java/com/gitblit/guice/WebModule.java (limited to 'src/main/java/com/gitblit/guice') diff --git a/src/main/java/com/gitblit/guice/CoreModule.java b/src/main/java/com/gitblit/guice/CoreModule.java new file mode 100644 index 00000000..9b479c09 --- /dev/null +++ b/src/main/java/com/gitblit/guice/CoreModule.java @@ -0,0 +1,100 @@ +/* + * Copyright 2014 gitblit.com. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gitblit.guice; + +import javax.inject.Singleton; + +import com.gitblit.FileSettings; +import com.gitblit.GitBlit; +import com.gitblit.IStoredSettings; +import com.gitblit.Keys; +import com.gitblit.manager.AuthenticationManager; +import com.gitblit.manager.FederationManager; +import com.gitblit.manager.IAuthenticationManager; +import com.gitblit.manager.IFederationManager; +import com.gitblit.manager.IGitblit; +import com.gitblit.manager.INotificationManager; +import com.gitblit.manager.IPluginManager; +import com.gitblit.manager.IProjectManager; +import com.gitblit.manager.IRepositoryManager; +import com.gitblit.manager.IRuntimeManager; +import com.gitblit.manager.IUserManager; +import com.gitblit.manager.NotificationManager; +import com.gitblit.manager.PluginManager; +import com.gitblit.manager.ProjectManager; +import com.gitblit.manager.RepositoryManager; +import com.gitblit.manager.RuntimeManager; +import com.gitblit.manager.UserManager; +import com.gitblit.transport.ssh.FileKeyManager; +import com.gitblit.transport.ssh.IPublicKeyManager; +import com.gitblit.transport.ssh.MemoryKeyManager; +import com.gitblit.transport.ssh.NullKeyManager; +import com.gitblit.utils.StringUtils; +import com.google.inject.AbstractModule; +import com.google.inject.Provides; + +/** + * CoreModule references all the core business objects. + * + * @author James Moger + * + */ +public class CoreModule extends AbstractModule { + + @Override + protected void configure() { + + bind(IStoredSettings.class).toInstance(new FileSettings()); + + // core managers + bind(IRuntimeManager.class).to(RuntimeManager.class).in(Singleton.class); + bind(IPluginManager.class).to(PluginManager.class).in(Singleton.class); + bind(INotificationManager.class).to(NotificationManager.class).in(Singleton.class); + bind(IUserManager.class).to(UserManager.class).in(Singleton.class); + bind(IAuthenticationManager.class).to(AuthenticationManager.class).in(Singleton.class); + bind(IRepositoryManager.class).to(RepositoryManager.class).in(Singleton.class); + bind(IProjectManager.class).to(ProjectManager.class).in(Singleton.class); + bind(IFederationManager.class).to(FederationManager.class).in(Singleton.class); + + // the monolithic manager + bind(IGitblit.class).to(GitBlit.class).in(Singleton.class); + } + + @Provides + @Singleton + IPublicKeyManager providePublicKeyManager(IStoredSettings settings, IRuntimeManager runtimeManager) { + + String clazz = settings.getString(Keys.git.sshKeysManager, FileKeyManager.class.getName()); + if (StringUtils.isEmpty(clazz)) { + clazz = FileKeyManager.class.getName(); + } + if (FileKeyManager.class.getName().equals(clazz)) { + return new FileKeyManager(runtimeManager); + } else if (NullKeyManager.class.getName().equals(clazz)) { + return new NullKeyManager(); + } else if (MemoryKeyManager.class.getName().equals(clazz)) { + return new MemoryKeyManager(); + } else { + try { + Class mgrClass = Class.forName(clazz); + return (IPublicKeyManager) mgrClass.newInstance(); + } catch (Exception e) { + + } + return null; + } + } +} \ No newline at end of file diff --git a/src/main/java/com/gitblit/guice/GuiceContext.java b/src/main/java/com/gitblit/guice/GuiceContext.java deleted file mode 100644 index 4361b7bd..00000000 --- a/src/main/java/com/gitblit/guice/GuiceContext.java +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 2014 gitblit.com. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gitblit.guice; - -import javax.servlet.ServletContext; -import javax.servlet.ServletContextEvent; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.gitblit.servlet.InjectionContextListener; -import com.google.inject.AbstractModule; -import com.google.inject.Guice; -import com.google.inject.Injector; - -/** - * Guice servlet context listener is a context listener that uses Guice to - * instantiate and inject servlets, filters, and anything else you might want. - * - * @author James Moger - * - */ -public abstract class GuiceContext extends InjectionContextListener { - - public static final String INJECTOR_NAME = Injector.class.getName(); - - protected final Logger logger = LoggerFactory.getLogger(getClass()); - - protected abstract AbstractModule [] getModules(); - - protected abstract void destroyContext(ServletContext context); - - protected Injector getInjector(ServletContext context) { - Object o = context.getAttribute(INJECTOR_NAME); - if (o == null) { - logger.debug("instantiating Guice modules"); - AbstractModule [] modules = getModules(); - logger.debug("getting Guice injector"); - try { - o = Guice.createInjector(modules); - logger.debug("setting Guice injector into {} attribute", INJECTOR_NAME); - context.setAttribute(INJECTOR_NAME, o); - } catch (Throwable t) { - logger.error("an error occurred creating the Guice injector", t); - } - } - return (Injector) o; - } - - /** - * Instantiates an object. - * - * @param clazz - * @return the object - */ - @Override - protected X instantiate(ServletContext context, Class clazz) { - try { - Injector injector = getInjector(context); - return injector.getInstance(clazz); - } catch (Throwable t) { - logger.error(null, t); - } - return null; - } - - @Override - public final void contextDestroyed(ServletContextEvent contextEvent) { - ServletContext context = contextEvent.getServletContext(); - context.removeAttribute(INJECTOR_NAME); - destroyContext(context); - } -} diff --git a/src/main/java/com/gitblit/guice/GuiceModule.java b/src/main/java/com/gitblit/guice/GuiceModule.java deleted file mode 100644 index 254e0680..00000000 --- a/src/main/java/com/gitblit/guice/GuiceModule.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright 2014 gitblit.com. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gitblit.guice; - -import javax.inject.Singleton; - -import com.gitblit.FileSettings; -import com.gitblit.GitBlit; -import com.gitblit.IStoredSettings; -import com.gitblit.Keys; -import com.gitblit.manager.AuthenticationManager; -import com.gitblit.manager.FederationManager; -import com.gitblit.manager.IAuthenticationManager; -import com.gitblit.manager.IFederationManager; -import com.gitblit.manager.IGitblit; -import com.gitblit.manager.INotificationManager; -import com.gitblit.manager.IPluginManager; -import com.gitblit.manager.IProjectManager; -import com.gitblit.manager.IRepositoryManager; -import com.gitblit.manager.IRuntimeManager; -import com.gitblit.manager.IUserManager; -import com.gitblit.manager.NotificationManager; -import com.gitblit.manager.PluginManager; -import com.gitblit.manager.ProjectManager; -import com.gitblit.manager.RepositoryManager; -import com.gitblit.manager.RuntimeManager; -import com.gitblit.manager.UserManager; -import com.gitblit.transport.ssh.FileKeyManager; -import com.gitblit.transport.ssh.IPublicKeyManager; -import com.gitblit.transport.ssh.MemoryKeyManager; -import com.gitblit.transport.ssh.NullKeyManager; -import com.gitblit.utils.StringUtils; -import com.google.inject.AbstractModule; -import com.google.inject.Provides; - -/** - * GuiceModule references all injectable objects. - * - * @author James Moger - * - */ -public class GuiceModule extends AbstractModule { - - @Override - protected void configure() { - - bind(IStoredSettings.class).toInstance(new FileSettings()); - - // core managers - bind(IRuntimeManager.class).to(RuntimeManager.class).in(Singleton.class); - bind(IPluginManager.class).to(PluginManager.class).in(Singleton.class); - bind(INotificationManager.class).to(NotificationManager.class).in(Singleton.class); - bind(IUserManager.class).to(UserManager.class).in(Singleton.class); - bind(IAuthenticationManager.class).to(AuthenticationManager.class).in(Singleton.class); - bind(IRepositoryManager.class).to(RepositoryManager.class).in(Singleton.class); - bind(IProjectManager.class).to(ProjectManager.class).in(Singleton.class); - bind(IFederationManager.class).to(FederationManager.class).in(Singleton.class); - - // the monolithic manager - bind(IGitblit.class).to(GitBlit.class).in(Singleton.class); - } - - @Provides - @Singleton - IPublicKeyManager providePublicKeyManager(IStoredSettings settings, IRuntimeManager runtimeManager) { - - String clazz = settings.getString(Keys.git.sshKeysManager, FileKeyManager.class.getName()); - if (StringUtils.isEmpty(clazz)) { - clazz = FileKeyManager.class.getName(); - } - if (FileKeyManager.class.getName().equals(clazz)) { - return new FileKeyManager(runtimeManager); - } else if (NullKeyManager.class.getName().equals(clazz)) { - return new NullKeyManager(); - } else if (MemoryKeyManager.class.getName().equals(clazz)) { - return new MemoryKeyManager(); - } else { - try { - Class mgrClass = Class.forName(clazz); - return (IPublicKeyManager) mgrClass.newInstance(); - } catch (Exception e) { - - } - return null; - } - } -} \ No newline at end of file diff --git a/src/main/java/com/gitblit/guice/WebModule.java b/src/main/java/com/gitblit/guice/WebModule.java new file mode 100644 index 00000000..b4f9899f --- /dev/null +++ b/src/main/java/com/gitblit/guice/WebModule.java @@ -0,0 +1,99 @@ +/* + * Copyright 2014 gitblit.com. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gitblit.guice; + +import java.util.HashMap; +import java.util.Map; + +import com.gitblit.Constants; +import com.gitblit.servlet.BranchGraphServlet; +import com.gitblit.servlet.DownloadZipServlet; +import com.gitblit.servlet.EnforceAuthenticationFilter; +import com.gitblit.servlet.FederationServlet; +import com.gitblit.servlet.GitServlet; +import com.gitblit.servlet.LogoServlet; +import com.gitblit.servlet.PagesServlet; +import com.gitblit.servlet.ProxyFilter; +import com.gitblit.servlet.PtServlet; +import com.gitblit.servlet.RawServlet; +import com.gitblit.servlet.RobotsTxtServlet; +import com.gitblit.servlet.RpcServlet; +import com.gitblit.servlet.SparkleShareInviteServlet; +import com.gitblit.servlet.SyndicationServlet; +import com.gitblit.wicket.GitblitWicketFilter; +import com.google.common.base.Joiner; +import com.google.inject.servlet.ServletModule; + +/** + * Defines all the web servlets & filters. + * + * @author James Moger + * + */ +public class WebModule extends ServletModule { + + final static String ALL = "/*"; + + @Override + protected void configureServlets() { + // servlets + serve(fuzzy(Constants.R_PATH), fuzzy(Constants.GIT_PATH)).with(GitServlet.class); + serve(fuzzy(Constants.RAW_PATH)).with(RawServlet.class); + serve(fuzzy(Constants.PAGES)).with(PagesServlet.class); + serve(fuzzy(Constants.RPC_PATH)).with(RpcServlet.class); + serve(fuzzy(Constants.ZIP_PATH)).with(DownloadZipServlet.class); + serve(fuzzy(Constants.SYNDICATION_PATH)).with(SyndicationServlet.class); + + serve(fuzzy(Constants.FEDERATION_PATH)).with(FederationServlet.class); + serve(fuzzy(Constants.SPARKLESHARE_INVITE_PATH)).with(SparkleShareInviteServlet.class); + serve(fuzzy(Constants.BRANCH_GRAPH_PATH)).with(BranchGraphServlet.class); + serve(Constants.PT_PATH).with(PtServlet.class); + serve("/robots.txt").with(RobotsTxtServlet.class); + serve("/logo.png").with(LogoServlet.class); + + // global filters + filter(ALL).through(ProxyFilter.class); + filter(ALL).through(EnforceAuthenticationFilter.class); + + // security filters +// filter(fuzzy(Constants.R_PATH), fuzzy(Constants.GIT_PATH)).through(GitFilter.class); +// filter(fuzzy(Constants.RAW_PATH)).through(RawFilter.class); +// filter(fuzzy(Constants.PAGES)).through(PagesFilter.class); +// filter(fuzzy(Constants.RPC_PATH)).through(RpcFilter.class); +// filter(fuzzy(Constants.ZIP_PATH)).through(DownloadZipFilter.class); +// filter(fuzzy(Constants.SYNDICATION_PATH)).through(SyndicationFilter.class); + + // Wicket + String toIgnore = Joiner.on(",").join(Constants.R_PATH, Constants.GIT_PATH, Constants.RAW_PATH, + Constants.PAGES, Constants.RPC_PATH, Constants.ZIP_PATH, Constants.SYNDICATION_PATH, + Constants.FEDERATION_PATH, Constants.SPARKLESHARE_INVITE_PATH, Constants.BRANCH_GRAPH_PATH, + Constants.PT_PATH, "/robots.txt", "/logo.png"); + + Map params = new HashMap(); + params.put(GitblitWicketFilter.FILTER_MAPPING_PARAM, ALL); + params.put(GitblitWicketFilter.IGNORE_PATHS_PARAM, toIgnore); + filter(ALL).through(GitblitWicketFilter.class, params); + } + + private String fuzzy(String path) { + if (path.endsWith(ALL)) { + return path; + } else if (path.endsWith("/")) { + return path + "*"; + } + return path + ALL; + } +} -- cgit v1.2.3