fix: Fix jetty crashing when redirecting HTTP to HTTPS
Jetty 9.3 changed the `setHandler` on the ServletContextHandler to no
longer automatically detect SecurityHandler, SessionHandler, etc. It
simply passes on the setHandler request to the ContextHandler class
(with a warning logged). So make sure to explicitly use the method
`setSecurityHandler` to set the ContraintSecurityHandler responsible
for the http -> https redirection.
Instead of adding another setting and having to explain how the new one
and the existing `requireClientCertificates` setting are interdependent,
let's use the existing setting and add new values.
It is changed from a boolean to a string, with the values `required`,
`optional` and `disabled`. To keep backward compatibility with the old
values, the `true` value is mapped to `required` and the `false` value
is mapped to `optional`.
For Java 9+ define the classpath instead of using a Launcher.
The (moxie and other) Launcher do not work with Java 9 and later anymore.
It used to dynamically extend the classpath, misusing an internal
interface of the `URLClassLoader`. This is no longer possible since Java 9,
which closed that path and does not offer any way to dynamically extend
the classpath during runtime.
So the choice is between providing one large Jar with everything in it,
providing a Jar that has the Jars in `ext` listed explicitly in its
manifest, and specifying the classpath on the command line where
the `ext` directory can be added and all contained jar files will
be put on the classpath.
The motivation for the Launcher class was to be able to simply drop
new jar files into a directory and they will be picked up at the
application start, without having to specify a classpath. We opt
for solution three here. This way jar files can still be dropped
into the ext directory, albeit the directory needs to be added to
the classpath on the command line. Unfortunately using a wildcard
is not possible in the manifest file. We change the calls in the
script files accordingly. This seems like a good compromise,
since no one will run the application manually typing the whole
commandline anyway.
This also does away with the splash screen, by the way. Again,
doesn't seem like a big loss, as I don't think it was ever shown
for the Authority.
Personally, I am not convinced that it is the best way, because
I don't really think that the use case of dropping whatever jar
files into the `ext` directory is a valid one that happened a lot.
This does not yet fix the client programs, which still use a
Launcher. Maybe for them a all-in-one Jar is a better solution.
Fixes #1262
Fixes #1294
Report Java versions used during build and server start.
With three versions about to be supported right now
it is getting more important to know which Java version is
used when building and testing Gitblit, and which Java
version is used to run Gitblit.
So have the Moxie build report the javac version, and the
JVM version that Moxie is running on. These might be
different.
The `GitBlitServer` will print the Java version and vendor,
so that it gets visible if a user would paste a log output
for analysis.
Set secure session cookies when redirecting from HTTP to HTTPS.
So far for session cookies the secure property was only set when no
HTTP port was opened. This changes to also set it when HTTP is redirected
to the HTTPS port.
Support serving repositories over the SSH transport
Gitblit would greatly benefit from an integrated SSH server. This would
complete the transport trifecta.
Change-Id: I6fb95abe65655fa74d47ea71522d8d9a1541450c
Define manager interfaces and update all of Gitblit to use managers
These manager interfaces define how the GitBlit singleton will
eventually be split into smaller component managers. The Wicket app and
all servlets have been updated to request the needed managers. There
are _very_ few method signature changes - although there are a handful.
This is a surgical sharding of responsibility based on a proof of
concept refactor. Instead of random references to GittBlit.self()
there are now precise references to the manager interface required to
accomplish some task. Some tasks may require references to multiple
managers.
The code is now littered with calls to GitBlit.getManager(class) and
those familiar with the code-base will no doubt notice the duplication
of methods from IUserService in IUserManager and the addition of
implementation methods in the GitBlit context class. When the
GitBlit class is broken apart and the existing external authentication
user service classes are refactored to AuthenticationService classes,
this will again simplify and flatten. But in order to safely and
cleanly modularize the stable code-base we will have to live with a
little duplication for a short while.
Change-Id: I7314ec8acaab2dcc6092785ed4434cc09fdbbe16
Reorganized to Apache Standard Directory Layout & integrated Moxie
This is a massive commit which reorganizes the entire project structure
(although it is still monolithic), removes the Build classes, and
switches to Moxie, a smarter Ant build tookit based on the original
Gitblit Build classes.
The Ant build script will likely require additional fine-tuning, but
this is big step forward.
Migrated to JUnit4-style tests.
Replaced assertTrue with assertEquals where appropriate.
Start Gitblit instance with dedicated unit testing settings file and
user service.
Integrated RPC, Federation, and Git servlet unit tests into suite.
If an object id was not specified Gitblit used HEAD to perform the
operation. This breaks under some conditions like working with a
repository that does not have any commits on master but does have
commits on a vcs-import branch.
The new approach is to centralize the resolution of unspecified object
ids to a common method which resolves HEAD first but uses the most
recently modified branch if HEAD points to nothing.
This commit also includes a non-functional method for creating an empty
branch. I couldn't figure out how to make JGit create an orphaned
branch.
* Build script overhaul including building & publishing GO, WAR, Docs,
and Site.
* Restored JGit 0.12.1 dependency and backported Blame. Got tired of
waiting for JGit 1.0.0 Maven artifacts.
* Changed Summary Page layout
* Optional cookie authentication
* Added icons for log, tags, and branches panels.
* Show last commit author and short message on branches panel.
* Unit testing.
* Documentation.