Line data    Source code

       1             : // Copyright (C) 2011 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.httpd.auth.container;
      16             : 
      17             : import com.google.gerrit.common.Nullable;
      18             : import com.google.gerrit.httpd.LoginUrlToken;
      19             : import com.google.gerrit.server.config.CanonicalWebUrl;
      20             : import com.google.gerrit.util.http.CacheHeaders;
      21             : import com.google.inject.Inject;
      22             : import com.google.inject.Provider;
      23             : import com.google.inject.Singleton;
      24             : import java.io.IOException;
      25             : import javax.servlet.http.HttpServlet;
      26             : import javax.servlet.http.HttpServletRequest;
      27             : import javax.servlet.http.HttpServletResponse;
      28             : 
      29             : /**
      30             :  * Servlet bound to {@code /login/*} to redirect after client SSL certificate login.
      31             :  *
      32             :  * <p>When using client SSL certificate one should normally never see the sign in dialog. However,
      33             :  * this will happen if users session gets invalidated in some way. Like in other authentication
      34             :  * types, we need to force page to fully reload in order to initialize a new session and create a
      35             :  * valid xsrfKey.
      36             :  */
      37             : @Singleton
      38             : public class HttpsClientSslCertLoginServlet extends HttpServlet {
      39             :   private static final long serialVersionUID = 1L;
      40             : 
      41             :   private final Provider<String> urlProvider;
      42             : 
      43             :   @Inject
      44             :   public HttpsClientSslCertLoginServlet(
      45           0 :       @CanonicalWebUrl @Nullable final Provider<String> urlProvider) {
      46           0 :     this.urlProvider = urlProvider;
      47           0 :   }
      48             : 
      49             :   @Override
      50             :   protected void doGet(HttpServletRequest req, HttpServletResponse rsp) throws IOException {
      51           0 :     final StringBuilder rdr = new StringBuilder();
      52           0 :     rdr.append(urlProvider.get());
      53           0 :     rdr.append(LoginUrlToken.getToken(req));
      54             : 
      55           0 :     CacheHeaders.setNotCacheable(rsp);
      56           0 :     rsp.sendRedirect(rdr.toString());
      57           0 :   }
      58             : }