From e072ae6def010f86be4ffd2df2592e31c2a85377 Mon Sep 17 00:00:00 2001
From: Alfred Schmid <A.Schmid@ff-muenchen.de>
Date: Wed, 19 Feb 2014 11:04:16 -0500
Subject: [PATCH] Documented default value for empty groups filter

---
 src/main/java/com/gitblit/GitBlitServer.java |   45 +++++++++++++++++++++++++++++++++++++--------
 1 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java
index ace1f2f..522fb57 100644
--- a/src/main/java/com/gitblit/GitBlitServer.java
+++ b/src/main/java/com/gitblit/GitBlitServer.java
@@ -36,6 +36,8 @@
 import java.util.Scanner;
 
 import org.eclipse.jetty.ajp.Ajp13SocketConnector;
+import org.eclipse.jetty.security.ConstraintMapping;
+import org.eclipse.jetty.security.ConstraintSecurityHandler;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.bio.SocketConnector;
@@ -44,6 +46,7 @@
 import org.eclipse.jetty.server.ssl.SslConnector;
 import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
 import org.eclipse.jetty.server.ssl.SslSocketConnector;
+import org.eclipse.jetty.util.security.Constraint;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.eclipse.jetty.webapp.WebAppContext;
 import org.eclipse.jgit.storage.file.FileBasedConfig;
@@ -58,6 +61,7 @@
 import com.beust.jcommander.Parameters;
 import com.gitblit.authority.GitblitAuthority;
 import com.gitblit.authority.NewCertificateConfig;
+import com.gitblit.servlet.GitblitContext;
 import com.gitblit.utils.StringUtils;
 import com.gitblit.utils.TimeUtils;
 import com.gitblit.utils.X509Utils;
@@ -95,7 +99,7 @@
 				if (i + 1 == args.length) {
 					System.out.println("Invalid --baseFolder parameter!");
 					System.exit(-1);
-				} else if (args[i + 1] != ".") {
+				} else if (!".".equals(args[i + 1])) {
 					folder = args[i + 1];
 				}
 				i = i + 1;
@@ -213,6 +217,14 @@
 			if (params.port < 1024 && !isWindows()) {
 				logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
 			}
+			if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
+				// redirect HTTP requests to HTTPS
+				if (httpConnector instanceof SelectChannelConnector) {
+					((SelectChannelConnector) httpConnector).setConfidentialPort(params.securePort);
+				} else {
+					((SocketConnector) httpConnector).setConfidentialPort(params.securePort);
+				}
+			}
 			connectors.add(httpConnector);
 		}
 
@@ -329,7 +341,7 @@
 		HashSessionManager sessionManager = new HashSessionManager();
 		sessionManager.setHttpOnly(true);
 		// Use secure cookies if only serving https
-		sessionManager.setSecureCookies(params.port <= 0 && params.securePort > 0);
+		sessionManager.setSecureRequestOnly(params.port <= 0 && params.securePort > 0);
 		rootContext.getSessionHandler().setSessionManager(sessionManager);
 
 		// Ensure there is a defined User Service
@@ -346,7 +358,7 @@
 
 		// Start up an in-memory LDAP server, if configured
 		try {
-			if (StringUtils.isEmpty(params.ldapLdifFile) == false) {
+			if (!StringUtils.isEmpty(params.ldapLdifFile)) {
 				File ldifFile = new File(params.ldapLdifFile);
 				if (ldifFile != null && ldifFile.exists()) {
 					URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
@@ -380,9 +392,26 @@
 		// Set the server's contexts
 		server.setHandler(rootContext);
 
-		// Setup the GitBlit context
-		GitBlit gitblit = getGitBlitInstance();
-		gitblit.configureContext(settings, baseFolder, true);
+		// redirect HTTP requests to HTTPS
+		if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
+			logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort));
+			// Create the internal mechanisms to handle secure connections and redirects
+			Constraint constraint = new Constraint();
+			constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+
+			ConstraintMapping cm = new ConstraintMapping();
+			cm.setConstraint(constraint);
+			cm.setPathSpec("/*");
+
+			ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
+			sh.setConstraintMappings(new ConstraintMapping[] { cm });
+
+			// Configure this context to use the Security Handler defined before
+			rootContext.setHandler(sh);
+		}
+
+		// Setup the Gitblit context
+		GitblitContext gitblit = newGitblit(settings, baseFolder);
 		rootContext.addEventListener(gitblit);
 
 		try {
@@ -401,8 +430,8 @@
 		}
 	}
 
-	protected GitBlit getGitBlitInstance() {
-		return GitBlit.self();
+	protected GitblitContext newGitblit(IStoredSettings settings, File baseFolder) {
+		return new GitblitContext(settings, baseFolder);
 	}
 
 	/**

--
Gitblit v1.9.1