From 79cad53bba094cffa1d25581edbf4972a5158cd4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 29 Nov 2013 11:03:01 -0500
Subject: [PATCH] Update to Moxie 0.9.1

---
 src/main/java/com/gitblit/GitBlitServer.java |   41 +++++++++++++++++++++++++++++++++++------
 1 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java
index ace1f2f..292eec4 100644
--- a/src/main/java/com/gitblit/GitBlitServer.java
+++ b/src/main/java/com/gitblit/GitBlitServer.java
@@ -36,6 +36,8 @@
 import java.util.Scanner;
 
 import org.eclipse.jetty.ajp.Ajp13SocketConnector;
+import org.eclipse.jetty.security.ConstraintMapping;
+import org.eclipse.jetty.security.ConstraintSecurityHandler;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.bio.SocketConnector;
@@ -44,6 +46,7 @@
 import org.eclipse.jetty.server.ssl.SslConnector;
 import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
 import org.eclipse.jetty.server.ssl.SslSocketConnector;
+import org.eclipse.jetty.util.security.Constraint;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.eclipse.jetty.webapp.WebAppContext;
 import org.eclipse.jgit.storage.file.FileBasedConfig;
@@ -95,7 +98,7 @@
 				if (i + 1 == args.length) {
 					System.out.println("Invalid --baseFolder parameter!");
 					System.exit(-1);
-				} else if (args[i + 1] != ".") {
+				} else if (!".".equals(args[i + 1])) {
 					folder = args[i + 1];
 				}
 				i = i + 1;
@@ -213,6 +216,14 @@
 			if (params.port < 1024 && !isWindows()) {
 				logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
 			}
+			if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
+				// redirect HTTP requests to HTTPS
+				if (httpConnector instanceof SelectChannelConnector) {
+					((SelectChannelConnector) httpConnector).setConfidentialPort(params.securePort);
+				} else {
+					((SocketConnector) httpConnector).setConfidentialPort(params.securePort);
+				}
+			}
 			connectors.add(httpConnector);
 		}
 
@@ -329,7 +340,7 @@
 		HashSessionManager sessionManager = new HashSessionManager();
 		sessionManager.setHttpOnly(true);
 		// Use secure cookies if only serving https
-		sessionManager.setSecureCookies(params.port <= 0 && params.securePort > 0);
+		sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0);
 		rootContext.getSessionHandler().setSessionManager(sessionManager);
 
 		// Ensure there is a defined User Service
@@ -346,7 +357,7 @@
 
 		// Start up an in-memory LDAP server, if configured
 		try {
-			if (StringUtils.isEmpty(params.ldapLdifFile) == false) {
+			if (!StringUtils.isEmpty(params.ldapLdifFile)) {
 				File ldifFile = new File(params.ldapLdifFile);
 				if (ldifFile != null && ldifFile.exists()) {
 					URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
@@ -380,8 +391,26 @@
 		// Set the server's contexts
 		server.setHandler(rootContext);
 
+		// redirect HTTP requests to HTTPS
+		if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
+			logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort));
+			// Create the internal mechanisms to handle secure connections and redirects
+			Constraint constraint = new Constraint();
+			constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+
+			ConstraintMapping cm = new ConstraintMapping();
+			cm.setConstraint(constraint);
+			cm.setPathSpec("/*");
+
+			ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
+			sh.setConstraintMappings(new ConstraintMapping[] { cm });
+
+			// Configure this context to use the Security Handler defined before
+			rootContext.setHandler(sh);
+		}
+
 		// Setup the GitBlit context
-		GitBlit gitblit = getGitBlitInstance();
+		GitBlit gitblit = newGitblit(settings, baseFolder);
 		gitblit.configureContext(settings, baseFolder, true);
 		rootContext.addEventListener(gitblit);
 
@@ -401,8 +430,8 @@
 		}
 	}
 
-	protected GitBlit getGitBlitInstance() {
-		return GitBlit.self();
+	protected GitBlit newGitblit(IStoredSettings settings, File baseFolder) {
+		return new GitBlit(settings, baseFolder);
 	}
 
 	/**

--
Gitblit v1.9.1