My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 2209: Issues when using HTTP Authentication on root
9 people starred this issue and may be notified of changes. Back to list
Status:  Released
Owner:  ----
Closed:  Jun 2015


Sign in to add a comment
 
Project Member Reported by u.wol...@gmail.com, Oct 20, 2013
I have noticed two problems (?) with HTTP auth used together with a reverse proxy. I think it would not be an issue if you use the documented method to only protect /login/ with HTTP auth, but I have got some feedback from some users of the plugin which told me that their instance is protected on root (/; i.e. every request). I know there is a way to configure Gerrit to show changes / projects only to registered users, but I can understand the statement that it *may* be more secure to just protect the whole instance with HTTP auth done by reverse proxy (which works fine, except for the following two points).

#1: HTTP Clone
Clone HTTP is not possible at all. Both reverse proxy password and Gerrit HTTP password are not accepted at password prompt (using the addresses shown in the project detail page). I have not found a workaround for this issue.

#2: REST API
A direct access to authenticated REST API (a/) is not directly possible. As a workaround, I first do a login with the /login/ url with a following to the rest API. This way I can use the reverse proxy authentication information (but not the HTTP Password displayed in Gerrit settings).

Is this the expected behavior? IMHO it would just be easier for everyone to just leave authentication of every request to the reverse proxy when using "auth.type = HTTP".

(I have posted this issue already on gerrit discussion list, but got no reply so far: https://groups.google.com/forum/#!topic/repo-discuss/UnQd3HsL820 )
Feb 22, 2015
Project Member #1 u.wol...@gmail.com
This is related to issue #1473. See also my comment here: https://gerrit-review.googlesource.com/43320
Mar 2, 2015
Project Member #2 david.pu...@sonymobile.com
https://gerrit-review.googlesource.com/#/c/65541/
Status: ChangeUnderReview
Jun 8, 2015
Project Member #3 david.pu...@sonymobile.com
(No comment was entered for this change.)
Status: Submitted
Labels: FixedIn-2.12
Jul 27, 2015
#4 geekmug
Can this get merged into stable-2.11? This patch applies cleanly and it provides a way to fix  issue #3208  for people (i.e., me). I rolled my own local gerrit.war for the time being, but it would be good if there was an official build. If 2.12 is due out sooner than a 2.11.3 would be out, then nevermind!
Aug 4, 2015
Project Member #5 edwin.ke...@gmail.com
Change for 2.11:
  https://gerrit-review.googlesource.com/70070
Aug 4, 2015
Project Member #6 edwin.ke...@gmail.com
 Issue 3208  has been merged into this issue.
Aug 6, 2015
Project Member #7 u.wol...@gmail.com
@geek...: The change is in review for 2.11 (backport). It would be great if your could verify that it fixes things for your as well (I do not have time to test it right now). Please post test-results here.
Aug 18, 2015
#8 geekmug
Sorry for the delay in responding, I can confirm that the backport in 70070 works for me.
Aug 18, 2015
Project Member #9 david.pu...@sonymobile.com
(No comment was entered for this change.)
Labels: -FixedIn-2.12 FixedIn-2.11.3
Aug 20, 2015
Project Member #10 david.pu...@sonymobile.com
(No comment was entered for this change.)
Status: Released
Sign in to add a comment

Powered by Google Project Hosting