Support OpenID behind an HTTP proxy

Administrators may now set http.proxy to point to their local network's proxy server and allow Gerrit to still use external OpenID authentication. Bug: issue 105 Change-Id: I6482405b942acad6275fc0cf4be86d67bf7dba48 Signed-off-by: Shawn O. Pearce <sop@google.com>
2009-11-17 16:03:16 -08:00 · 2009-11-17 16:03:16 -08:00 · 309d8d365a
parent 3cf7fbdf16
commit 309d8d365a
2 changed files with 59 additions and 9 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@ -575,8 +575,27 @@ Gerrit appends any necessary query arguments onto the end of this URL.
 For example, "?p=$project.git;h=$commit".


-[[httpd]] Section httpd
-~~~~~~~~~~~~~~~~~~~~~~~
+[[http]]Section http
+~~~~~~~~~~~~~~~~~~~~
+
+[[http.proxy]]http.proxy::
+	URL of the proxy server when making outgoing HTTP
+	connections for OpenID login transactions.  Syntax
+	should be `http://`'hostname'`:`'port'.
+
+[[http.proxyUsername]]http.proxyUsername::
+	Optional username to authenticate to the HTTP proxy with.
+	This property is honored only if the username does not 
+	appear in the http.proxy property above.
+
+[[http.proxyPassword]]http.proxyPassword::
+	Optional password to authenticate to the HTTP proxy with.
+	This property is honored only if the password does not 
+	appear in the http.proxy property above.
+
+
+[[httpd]]Section httpd
+~~~~~~~~~~~~~~~~~~~~~~

 The httpd section configures the embedded servlet container.

--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdServiceImpl.java
@ -28,6 +28,7 @@ import com.google.gerrit.server.account.AccountManager;
 import com.google.gerrit.server.cache.Cache;
 import com.google.gerrit.server.cache.SelfPopulatingCache;
 import com.google.gerrit.server.config.CanonicalWebUrl;
+import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.config.Nullable;
 import com.google.gwt.user.client.rpc.AsyncCallback;
 import com.google.gwtorm.client.KeyUtil;
@ -36,6 +37,7 @@ import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import com.google.inject.name.Named;

+import org.eclipse.jgit.lib.Config;
 import org.openid4java.consumer.ConsumerException;
 import org.openid4java.consumer.ConsumerManager;
 import org.openid4java.consumer.VerificationResult;
@ -52,10 +54,14 @@ import org.openid4java.message.ax.FetchResponse;
 import org.openid4java.message.sreg.SRegMessage;
 import org.openid4java.message.sreg.SRegRequest;
 import org.openid4java.message.sreg.SRegResponse;
+import org.openid4java.util.HttpClientFactory;
+import org.openid4java.util.ProxyProperties;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.List;

 import javax.servlet.http.Cookie;
@ -97,7 +103,33 @@ class OpenIdServiceImpl implements OpenIdService {
      final Provider<IdentifiedUser> iu,
      @CanonicalWebUrl @Nullable final Provider<String> up,
      @Named("openid") final Cache<String, List> openidCache,
-      final AccountManager am) throws ConsumerException {
+      @GerritServerConfig final Config config, final AccountManager am)
+      throws ConsumerException, MalformedURLException {
+
+    if (config.getString("http", null, "proxy") != null) {
+      final URL proxyUrl = new URL(config.getString("http", null, "proxy"));
+      String username = config.getString("http", null, "proxyUsername");
+      String password = config.getString("http", null, "proxyPassword");
+
+      final String userInfo = proxyUrl.getUserInfo();
+      if (userInfo != null) {
+        int c = userInfo.indexOf(':');
+        if (0 < c) {
+          username = userInfo.substring(0, c);
+          password = userInfo.substring(c + 1);
+        } else {
+          username = userInfo;
+        }
+      }
+
+      final ProxyProperties proxy = new ProxyProperties();
+      proxy.setProxyHostName(proxyUrl.getHost());
+      proxy.setProxyPort(proxyUrl.getPort());
+      proxy.setUserName(username);
+      proxy.setPassword(password);
+      HttpClientFactory.setProxyProperties(proxy);
+    }
+
    webSession = cf;
    identifiedUser = iu;
    urlProvider = up;
@ -117,9 +149,9 @@ class OpenIdServiceImpl implements OpenIdService {
    };
  }

-  public void discover(final String openidIdentifier,
-      final SignInMode mode, final boolean remember,
-      final String returnToken, final AsyncCallback<DiscoveryResult> callback) {
+  public void discover(final String openidIdentifier, final SignInMode mode,
+      final boolean remember, final String returnToken,
+      final AsyncCallback<DiscoveryResult> callback) {
    final State state;
    state = init(openidIdentifier, mode, remember, returnToken);
    if (state == null) {
@ -429,9 +461,8 @@ class OpenIdServiceImpl implements OpenIdService {
    rsp.sendRedirect(rdr.toString());
  }

-  private State init(final String openidIdentifier,
-      final SignInMode mode, final boolean remember,
-      final String returnToken) {
+  private State init(final String openidIdentifier, final SignInMode mode,
+      final boolean remember, final String returnToken) {
    final List<?> list = discoveryCache.get(openidIdentifier);
    if (list == null || list.isEmpty()) {
      return null;