Combining Dagger and Servlet 3 works really well on stock Tomcat and
Jetty but it is a troublesome combination on JEE containers with their
own ideas on how to instantiate classes. JBoss AS 7 has been
particularly nasty and it is just simpler to scaleback and stay with
Servlet 2.5 than it is to fight all permuations of containers.
Instead of using constructor DI, the servlets and filters each have an
inject(ObjectGaph) method which is automatically called during
initialization. Each servlet or filter is responsible for retrieving
the required dependency from the graph. The Dagger object graph is
created in the context listener and stuffed into the context as an
attribute.
Change-Id: Ib5714584fe73e2a6b9c6fda12af080a43356cbda
Define manager interfaces and update all of Gitblit to use managers
These manager interfaces define how the GitBlit singleton will
eventually be split into smaller component managers. The Wicket app and
all servlets have been updated to request the needed managers. There
are _very_ few method signature changes - although there are a handful.
This is a surgical sharding of responsibility based on a proof of
concept refactor. Instead of random references to GittBlit.self()
there are now precise references to the manager interface required to
accomplish some task. Some tasks may require references to multiple
managers.
The code is now littered with calls to GitBlit.getManager(class) and
those familiar with the code-base will no doubt notice the duplication
of methods from IUserService in IUserManager and the addition of
implementation methods in the GitBlit context class. When the
GitBlit class is broken apart and the existing external authentication
user service classes are refactored to AuthenticationService classes,
this will again simplify and flatten. But in order to safely and
cleanly modularize the stable code-base we will have to live with a
little duplication for a short while.
Change-Id: I7314ec8acaab2dcc6092785ed4434cc09fdbbe16
Reorganized to Apache Standard Directory Layout & integrated Moxie
This is a massive commit which reorganizes the entire project structure
(although it is still monolithic), removes the Build classes, and
switches to Moxie, a smarter Ant build tookit based on the original
Gitblit Build classes.
The Ant build script will likely require additional fine-tuning, but
this is big step forward.
Implemented discrete repository access permissions to replace the
really primitive course-grained permissions used to this point. This
implementation allows for finer-grained access control, but still
falls short of integrated, branch-based permissions sought by some.
Access permissions follow the conventions established by Gitosis and
Gitolite so they should feel immediately comfortable to experienced
users. This permissions infrastructure is complete and works exactly as
expected. Unfortunately, there is no ui in this commit to change
permissions, that will be forthcoming. In the meantime, Gitblit
hot-reloads users.conf so the permissions can be manipulated at runtime
with a text editor.
The following per-repository permissions are now supported:
- V (view in web ui, RSS feeds, download zip)
- R (clone)
- RW (clone and push)
- RWC (clone and push with ref creation)
- RWD (clone and push with ref creation, deletion)
- RW+ (clone and push with ref creation, deletion, rewind)
And a users.conf entry looks something like this:
[user "hannibal"]
password = bossman
repository = RWD:topsecret.git
Draft project pages, project metadata, and RSS feeds
This is an in-progress feature to offer an interface for grouped
repositories. This may help installations with large numbers of
repositories stay organized. It also will be part of a future,
more advanced security model.
Added AccessRestrictionFilter and simplified authentication.
Replaced servlet container basic authentication with a custom servlet
filter which performs the same function. The advantage to this is
that the servlet container is now divorced from the webapp.
The login service (realm) also simplified a great deal and removes its
Jetty dependencies.
Additionally, the basic authorization pop-up will be displayed as
needed based on the repository's access restriction. This was
necessary for view-restricted repositories with the RSS feature. Its
also necessary for completely open repositories as before it would
prompt for credentials.
Improved feed syndication feature.