Re: Change in gerrit[stable-2.5]: DRAFT: Support for Realm plugins
60 views
Skip to first unread message
Luca Milanesio
Oct 19, 2012, 9:20:38 AM10/19/12
to dariusz...@gmail.com, Dave Borowitz, Edwin Kempin, Saša Živkov, repo-discuss Discussion
Wow :-) ... that's cool !
Looking forward to it: can you add as topic for the next hackathon ?
Luca.
On 19 Oct 2012, at 14:03, "Dariusz Łuksza" <noreply-gerritcoderevie...@google.com> wrote:
> Dariusz Łuksza has uploaded a new change for review.
>
> https://gerrit-review.googlesource.com/38560
>
>
> Change subject: DRAFT: Support for Realm plugins
> ......................................................................
>
> DRAFT: Support for Realm plugins
>
> This is a snapshot of my current work on enabling third party realm
> mechanism's in Gerrit.
>
> The approach is to discover all implementations of RealmExtension during
> Gerrit start up process. For this job we use reflections project to
> scan classpath for available implementations (because of performance
> issues currenlty I remove all path's that don't contains 'gerrit').
> Then we bind all implementations in Guice to be able to use DynamicSet
> in providers.
>
> Currenlty only "DEVELOPMENT_BECOME_ANY_ACCOUNT" and "OPENID" authType
> are working. I would provide implementations for rest in subsequent
> patches.
>
> Creating initial configuration during 'init' process is not in place
> mainly because of circular dependency on pgm and server modules. Maybe
> we should add separate module for realm plugin and have also separate
> modules for each realm implementation.
>
> Also realm names are hardcoded in client side module, this can be
> removed when also Web UI plugins will be in place.
>
> Apart from that, we don't bind realm cache module currently. I need to
> figure out where this should be done.
>
> In current solution adding new realm is really simple, just implement
> RealmExtension interface and your specific realm mechanism, pack it
> into jar and put it on Gerrit's class path. Change authType in
> gerrit.config, then restart service. And you done ;)
>
> Change-Id: I724d7999c2f8d85d9added2fcc6b52a69da2b50e
> Signed-off-by: Dariusz Luksza <dar...@luksza.org>
> ---
> M gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java
> M gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
> A gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountRealmExtension.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java
> A gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealm.java
> A gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealmExtension.java
> A gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealm.java
> A gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealmExtension.java
> M gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
> M gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
> M gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
> M gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java
> D gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AuthType.java
> M gerrit-server/pom.xml
> M gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
> M gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
> M gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
> M gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
> A gerrit-server/src/main/java/com/google/gerrit/server/account/RealmExtension.java
> M gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java
> M gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
> M gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
> A gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRelmExtension.java
> M gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
> M gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModule.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModuleProvider.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionProvider.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionsModule.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmProvider.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModule.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModuleProvider.java
> M gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
> M pom.xml
> 46 files changed, 803 insertions(+), 395 deletions(-)
>
>
>
> diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java b/gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java
> index e89cdd2..d40f0af 100644
> --- a/gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java
> +++ b/gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java
> @@ -14,23 +14,22 @@
>
> package com.google.gerrit.common.auth.userpass;
>
> -import com.google.gerrit.reviewdb.client.AuthType;
>
> public class LoginResult {
> public boolean success;
> public boolean isNew;
>
> - protected AuthType authType;
> + protected String authType;
> protected Error error;
>
> protected LoginResult() {
> }
>
> - public LoginResult(final AuthType authType) {
> + public LoginResult(final String authType) {
> this.authType = authType;
> }
>
> - public AuthType getAuthType() {
> + public String getAuthType() {
> return authType;
> }
>
> diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java b/gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
> index 7c16129..43dc722 100644
> --- a/gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
> +++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
> @@ -19,7 +19,6 @@
> import com.google.gerrit.reviewdb.client.Account.FieldName;
> import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadCommand;
> import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.client.Project;
> import com.google.gwtexpui.safehtml.client.RegexFindReplace;
>
> @@ -37,7 +36,7 @@
> protected boolean useContributorAgreements;
> protected boolean useContactInfo;
> protected boolean allowRegisterNewEmail;
> - protected AuthType authType;
> + protected String authType;
> protected Set<DownloadScheme> downloadSchemes;
> protected Set<DownloadCommand> downloadCommands;
> protected String gitDaemonUrl;
> @@ -100,11 +99,11 @@
> allowedOpenIDs = l;
> }
>
> - public AuthType getAuthType() {
> + public String getAuthType() {
> return authType;
> }
>
> - public void setAuthType(final AuthType t) {
> + public void setAuthType(final String t) {
> authType = t;
> }
>
> @@ -239,7 +238,7 @@
> }
>
> public boolean siteHasUsernames() {
> - if (getAuthType() == AuthType.CUSTOM_EXTENSION
> + if ("CUSTOM_EXTENSION".equalsIgnoreCase(getAuthType())
> && getHttpPasswordUrl() != null
> && !canEdit(FieldName.USER_NAME)) {
> return false;
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
> index aefad27..3e05b00 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
> @@ -577,16 +577,14 @@
> final SignInMode mode = SignInMode.valueOf(args[0]);
> final String msg = KeyUtil.decode(args[1]);
> final String to = MINE;
> - switch (Gerrit.getConfig().getAuthType()) {
> - case OPENID:
> - new OpenIdSignInDialog(mode, to, msg).center();
> - break;
> - case LDAP:
> - case LDAP_BIND:
> - new UserPassSignInDialog(to, msg).center();
> - break;
> - default:
> - return null;
> + final String authType = Gerrit.getConfig().getAuthType();
> + if ("OPENID".equalsIgnoreCase(authType)) {
> + new OpenIdSignInDialog(mode, to, msg).center();
> + } else if ("LDAP".equalsIgnoreCase(authType)
> + || "LDAP_BIND".equalsIgnoreCase(authType)) {
> + new UserPassSignInDialog(to, msg).center();
> + } else {
> + return null;
> }
> switch (mode) {
> case SIGN_IN:
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
> index 8fe658b..4d88989 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
> @@ -15,8 +15,8 @@
> package com.google.gerrit.client;
>
> import static com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
> -import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT;
> import static com.google.gerrit.common.data.GlobalCapability.CREATE_GROUP;
> +import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT;
>
> import com.google.gerrit.client.account.AccountCapabilities;
> import com.google.gerrit.client.auth.openid.OpenIdSignInDialog;
> @@ -41,7 +41,6 @@
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.client.AccountDiffPreference;
> import com.google.gerrit.reviewdb.client.AccountGeneralPreferences;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gwt.core.client.EntryPoint;
> import com.google.gwt.core.client.GWT;
> import com.google.gwt.core.client.JavaScriptObject;
> @@ -249,34 +248,33 @@
>
> /** Sign the user into the application. */
> public static void doSignIn(String token) {
> - switch (myConfig.getAuthType()) {
> - case HTTP:
> - case HTTP_LDAP:
> - case CLIENT_SSL_CERT_LDAP:
> - case CUSTOM_EXTENSION:
> - Location.assign(loginRedirect(token));
> - break;
> + Window.alert("1: " + myConfig.getAuthType());
> + String authType = myConfig.getAuthType();
> + Window.alert("2: " + authType);
> + if ("HTTP".equalsIgnoreCase(authType) ||
> + "HTTP_LDAP".equalsIgnoreCase(authType) ||
> + "CLIENT_SSL_CERT_LDAP".equalsIgnoreCase(authType) ||
> + "CUSTOM_EXTENSION".equalsIgnoreCase(authType)) {
>
> - case DEVELOPMENT_BECOME_ANY_ACCOUNT:
> - Location.assign(selfRedirect("/become"));
> - break;
> + Location.assign(loginRedirect(token));
> + } else if ("DEVELOPMENT_BECOME_ANY_ACCOUNT".equalsIgnoreCase(authType)) {
>
> - case OPENID_SSO:
> - final RootPanel gBody = RootPanel.get("gerrit_body");
> - OpenIdSsoPanel singleSignOnPanel = new OpenIdSsoPanel();
> - gBody.add(singleSignOnPanel);
> - singleSignOnPanel.authenticate(SignInMode.SIGN_IN, token);
> - break;
> + Location.assign(selfRedirect("/become"));
> + } else if ("OPENID_SSO".equalsIgnoreCase(authType)) {
>
> - case OPENID:
> - new OpenIdSignInDialog(SignInMode.SIGN_IN, token, null).center();
> - break;
> + final RootPanel gBody = RootPanel.get("gerrit_body");
> + OpenIdSsoPanel singleSignOnPanel = new OpenIdSsoPanel();
> + gBody.add(singleSignOnPanel);
> + singleSignOnPanel.authenticate(SignInMode.SIGN_IN, token);
> + } else if ("OPENID".equalsIgnoreCase(authType)) {
>
> - case LDAP:
> - case LDAP_BIND:
> - new UserPassSignInDialog(token, null).center();
> - break;
> + new OpenIdSignInDialog(SignInMode.SIGN_IN, token, null).center();
> + } else if ("LDAP".equalsIgnoreCase(authType) ||
> + "LDAP_BIND".equalsIgnoreCase(authType)) {
> +
> + new UserPassSignInDialog(token, null).center();
> }
> +
> }
>
> public static String loginRedirect(String token) {
> @@ -645,57 +643,45 @@
> menuLeft.add(m, C.menuDocumentation());
> }
>
> + final String authType = cfg.getAuthType();
> if (signedIn) {
> whoAmI();
> addLink(menuRight, C.menuSettings(), PageLinks.SETTINGS);
> - if (cfg.getAuthType() != AuthType.CLIENT_SSL_CERT_LDAP) {
> + if (!authType.equalsIgnoreCase("CLIENT_SSL_CERT_LDAP")) {
> menuRight.add(anchor(C.menuSignOut(), selfRedirect("/logout")));
> }
> } else {
> - switch (cfg.getAuthType()) {
> - case HTTP:
> - case HTTP_LDAP:
> - case CLIENT_SSL_CERT_LDAP:
> - break;
> -
> - case OPENID:
> - menuRight.addItem(C.menuRegister(), new Command() {
> - public void execute() {
> - final String to = History.getToken();
> - new OpenIdSignInDialog(SignInMode.REGISTER, to, null).center();
> - }
> - });
> - menuRight.addItem(C.menuSignIn(), new Command() {
> - public void execute() {
> - doSignIn(History.getToken());
> - }
> - });
> - break;
> -
> - case OPENID_SSO:
> - menuRight.addItem(C.menuSignIn(), new Command() {
> - public void execute() {
> - doSignIn(History.getToken());
> - }
> - });
> - break;
> -
> - case LDAP:
> - case LDAP_BIND:
> - case CUSTOM_EXTENSION:
> - if (cfg.getRegisterUrl() != null) {
> - menuRight.add(anchor(C.menuRegister(), cfg.getRegisterUrl()));
> + if ("OPENID".equalsIgnoreCase(authType)) {
> + menuRight.addItem(C.menuRegister(), new Command() {
> + public void execute() {
> + final String to = History.getToken();
> + new OpenIdSignInDialog(SignInMode.REGISTER, to, null).center();
> }
> - menuRight.addItem(C.menuSignIn(), new Command() {
> - public void execute() {
> - doSignIn(History.getToken());
> - }
> - });
> - break;
> -
> - case DEVELOPMENT_BECOME_ANY_ACCOUNT:
> - menuRight.add(anchor("Become", selfRedirect("/become")));
> - break;
> + });
> + menuRight.addItem(C.menuSignIn(), new Command() {
> + public void execute() {
> + doSignIn(History.getToken());
> + }
> + });
> + } else if ("OPENID_SSO".equalsIgnoreCase(authType)) {
> + menuRight.addItem(C.menuSignIn(), new Command() {
> + public void execute() {
> + doSignIn(History.getToken());
> + }
> + });
> + } else if ("LDAP".equalsIgnoreCase(authType)
> + || "LDAP_BIND".equalsIgnoreCase(authType)
> + || "CUSTOM_EXTENSION".equalsIgnoreCase(authType)) {
> + if (cfg.getRegisterUrl() != null) {
> + menuRight.add(anchor(C.menuRegister(), cfg.getRegisterUrl()));
> + }
> + menuRight.addItem(C.menuSignIn(), new Command() {
> + public void execute() {
> + doSignIn(History.getToken());
> + }
> + });
> + } else if ("DEVELOPMENT_BECOME_ANY_ACCOUNT".equalsIgnoreCase(authType)) {
> + menuRight.add(anchor("Become", selfRedirect("/become")));
> }
> }
> }
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java
> index f354496..5862997 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java
> @@ -20,6 +20,7 @@
> import com.google.gwt.event.logical.shared.CloseHandler;
> import com.google.gwt.user.client.DOM;
> import com.google.gwt.user.client.History;
> +import com.google.gwt.user.client.Window;
> import com.google.gwt.user.client.ui.Button;
> import com.google.gwt.user.client.ui.FlowPanel;
> import com.google.gwt.user.client.ui.HTML;
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
> index 4fbe7a0..d4c27c6 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
> @@ -22,7 +22,6 @@
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.client.Account.FieldName;
> import com.google.gerrit.reviewdb.client.AccountExternalId;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.client.ContactInformation;
> import com.google.gwt.event.dom.client.ChangeEvent;
> import com.google.gwt.event.dom.client.ChangeHandler;
> @@ -285,7 +284,7 @@
> Util.ACCOUNT_SEC.registerEmail(addr, new GerritCallback<Account>() {
> public void onSuccess(Account currentUser) {
> box.hide();
> - if (Gerrit.getConfig().getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
> + if ("DEVELOPMENT_BECOME_ANY_ACCOUNT".equalsIgnoreCase(Gerrit.getConfig().getAuthType())) {
> currentEmail = addr;
> if (emailPick.getItemCount() == 0) {
> onSaveSuccess(currentUser);
> @@ -325,7 +324,7 @@
> buttons.add(register);
> buttons.add(cancel);
>
> - if (Gerrit.getConfig().getAuthType() != AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
> + if ("DEVELOPMENT_BECOME_ANY_ACCOUNT".equalsIgnoreCase(Gerrit.getConfig().getAuthType())) {
> body.add(new HTML(Util.C.descRegisterNewEmail()));
> }
> body.add(inEmail);
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java
> index 899aa03..3eed5d2 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java
> @@ -59,20 +59,17 @@
> });
> add(deleteIdentity);
>
> - switch (Gerrit.getConfig().getAuthType()) {
> - case OPENID: {
> - final Button linkIdentity = new Button(Util.C.buttonLinkIdentity());
> - linkIdentity.addClickHandler(new ClickHandler() {
> - @Override
> - public void onClick(final ClickEvent event) {
> - final String to = History.getToken();
> - new OpenIdSignInDialog(SignInMode.LINK_IDENTIY, to, null).center();
> - }
> - });
> - add(linkIdentity);
> - break;
> - }
> - }
> + if ("OPENID".equalsIgnoreCase(Gerrit.getConfig().getAuthType())) {
> + final Button linkIdentity = new Button(Util.C.buttonLinkIdentity());
> + linkIdentity.addClickHandler(new ClickHandler() {
> + @Override
> + public void onClick(final ClickEvent event) {
> + final String to = History.getToken();
> + new OpenIdSignInDialog(SignInMode.LINK_IDENTIY, to, null).center();
> + }
> + });
> + add(linkIdentity);
> + }
> }
>
> @Override
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
> index ea7c04b..9218302 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
> @@ -240,23 +240,18 @@
> }
> });
>
> - switch (Gerrit.getConfig().getAuthType()) {
> - case HTTP_LDAP:
> - case LDAP:
> - case LDAP_BIND:
> - case CLIENT_SSL_CERT_LDAP:
> - break;
> - default:
> - return;
> + String authType = Gerrit.getConfig().getAuthType();
> + if ("HTTP_LDAP".equals(authType) || "LDAP".equalsIgnoreCase(authType)
> + || "LDAP_BIND".equalsIgnoreCase(authType)
> + || "CLIENT_SSL_CERT_LDAP".equalsIgnoreCase(authType)) {
> + final VerticalPanel fp = new VerticalPanel();
> + fp.setStyleName(Gerrit.RESOURCES.css().groupTypePanel());
> + fp.add(new SmallHeading(Util.C.headingGroupType()));
> + fp.add(typeSystem);
> + fp.add(typeSelect);
> + fp.add(saveType);
> + add(fp);
> }
> -
> - final VerticalPanel fp = new VerticalPanel();
> - fp.setStyleName(Gerrit.RESOURCES.css().groupTypePanel());
> - fp.add(new SmallHeading(Util.C.headingGroupType()));
> - fp.add(typeSystem);
> - fp.add(typeSelect);
> - fp.add(saveType);
> - add(fp);
> }
>
> private void setType(final AccountGroup.Type newType) {
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java
> index ccdd1ec..28c9372 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java
> @@ -14,10 +14,9 @@
>
> package com.google.gerrit.client.auth.userpass;
>
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gwt.i18n.client.Messages;
>
> public interface UserPassMessages extends Messages {
> String signInAt(String hostname);
> - String authenticationUnavailable(AuthType authType);
> + String authenticationUnavailable(String authType);
> }
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java
> index 7e314cc..285952a 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java
> @@ -29,7 +29,8 @@
> import com.google.gerrit.common.data.PatchSetDetail;
> import com.google.gerrit.reviewdb.client.AccountDiffPreference;
> import com.google.gerrit.reviewdb.client.AccountGeneralPreferences;
> -import com.google.gerrit.reviewdb.client.AuthType;
> +import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadCommand;
> +import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
> import com.google.gerrit.reviewdb.client.Change;
> import com.google.gerrit.reviewdb.client.ChangeMessage;
> import com.google.gerrit.reviewdb.client.Patch;
> @@ -37,8 +38,6 @@
> import com.google.gerrit.reviewdb.client.PatchSetInfo;
> import com.google.gerrit.reviewdb.client.Project;
> import com.google.gerrit.reviewdb.client.UserIdentity;
> -import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadCommand;
> -import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
> import com.google.gwt.core.client.GWT;
> import com.google.gwt.event.dom.client.ClickEvent;
> import com.google.gwt.event.dom.client.ClickHandler;
> @@ -400,7 +399,7 @@
>
> private static boolean siteReliesOnHttp() {
> return Gerrit.getConfig().getGitHttpUrl() != null
> - && Gerrit.getConfig().getAuthType() == AuthType.CUSTOM_EXTENSION
> + && "CUSTOM_EXTENSION".equalsIgnoreCase(Gerrit.getConfig().getAuthType())
> && !Gerrit.getConfig().siteHasUsernames();
> }
>
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
> index c1f3ae4..65fb5c2 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
> @@ -85,27 +85,7 @@
>
> private GerritConfig create() throws MalformedURLException {
> final GerritConfig config = new GerritConfig();
> - switch (authConfig.getAuthType()) {
> - case OPENID:
> - config.setAllowedOpenIDs(authConfig.getAllowedOpenIDs());
> - break;
> -
> - case OPENID_SSO:
> - config.setOpenIdSsoUrl(authConfig.getOpenIdSsoUrl());
> - break;
> -
> - case LDAP:
> - case LDAP_BIND:
> - config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
> - config.setEditFullNameUrl(cfg.getString("auth", null, "editFullNameUrl"));
> - break;
> -
> - case CUSTOM_EXTENSION:
> - config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
> - config.setEditFullNameUrl(cfg.getString("auth", null, "editFullNameUrl"));
> - config.setHttpPasswordUrl(cfg.getString("auth", null, "httpPasswordUrl"));
> - break;
> - }
> + realm.setAdditionalConfiguraction(config);
> config.setUseContributorAgreements(cfg.getBoolean("auth",
> "contributoragreements", false));
> config.setGitDaemonUrl(cfg.getString("gerrit", null, "canonicalgiturl"));
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
> index 1a48bb5..7e97897 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
> @@ -14,14 +14,10 @@
>
> package com.google.gerrit.httpd;
>
> -import static com.google.inject.Scopes.SINGLETON;
> import static com.google.gerrit.extensions.registration.PrivateInternals_DynamicTypes.registerInParentInjectors;
> +import static com.google.inject.Scopes.SINGLETON;
>
> import com.google.gerrit.common.data.GerritConfig;
> -import com.google.gerrit.httpd.auth.become.BecomeAnyAccountLoginServlet;
> -import com.google.gerrit.httpd.auth.container.HttpAuthModule;
> -import com.google.gerrit.httpd.auth.container.HttpsClientSslCertModule;
> -import com.google.gerrit.httpd.auth.ldap.LdapAuthModule;
> import com.google.gerrit.httpd.gitweb.GitWebModule;
> import com.google.gerrit.httpd.rpc.UiRpcModule;
> import com.google.gerrit.lifecycle.LifecycleModule;
> @@ -31,10 +27,10 @@
> import com.google.gerrit.server.account.ChangeUserName;
> import com.google.gerrit.server.account.ClearPassword;
> import com.google.gerrit.server.account.GeneratePassword;
> -import com.google.gerrit.server.config.AuthConfig;
> import com.google.gerrit.server.config.CanonicalWebUrl;
> import com.google.gerrit.server.config.FactoryModule;
> import com.google.gerrit.server.config.GerritRequestModule;
> +import com.google.gerrit.server.config.RealmWebModule;
> import com.google.gerrit.server.contact.ContactStore;
> import com.google.gerrit.server.contact.ContactStoreProvider;
> import com.google.gerrit.server.util.GuiceRequestScopePropagator;
> @@ -42,7 +38,6 @@
> import com.google.inject.AbstractModule;
> import com.google.inject.Inject;
> import com.google.inject.Injector;
> -import com.google.inject.ProvisionException;
> import com.google.inject.servlet.RequestScoped;
> import com.google.inject.servlet.ServletModule;
>
> @@ -51,18 +46,18 @@
> import javax.annotation.Nullable;
>
> public class WebModule extends FactoryModule {
> - private final AuthConfig authConfig;
> private final UrlModule.UrlConfig urlConfig;
> private final boolean wantSSL;
> private final GitWebConfig gitWebConfig;
> + private final ServletModule realmWebModule;
>
> @Inject
> - WebModule(final AuthConfig authConfig,
> - final UrlModule.UrlConfig urlConfig,
> + WebModule(final UrlModule.UrlConfig urlConfig,
> @CanonicalWebUrl @Nullable final String canonicalUrl,
> - final Injector creatingInjector) {
> - this.authConfig = authConfig;
> + final Injector creatingInjector,
> + @RealmWebModule ServletModule realmWebModule) {
> this.urlConfig = urlConfig;
> + this.realmWebModule = realmWebModule;
> this.wantSSL = canonicalUrl != null && canonicalUrl.startsWith("https:");
>
> this.gitWebConfig =
> @@ -82,39 +77,7 @@
> if (wantSSL) {
> install(new RequireSslFilter.Module());
> }
> -
> - switch (authConfig.getAuthType()) {
> - case HTTP:
> - case HTTP_LDAP:
> - install(new HttpAuthModule());
> - break;
> -
> - case CLIENT_SSL_CERT_LDAP:
> - install(new HttpsClientSslCertModule());
> - break;
> -
> - case LDAP:
> - case LDAP_BIND:
> - install(new LdapAuthModule());
> - break;
> -
> - case DEVELOPMENT_BECOME_ANY_ACCOUNT:
> - install(new ServletModule() {
> - @Override
> - protected void configureServlets() {
> - serve("/become").with(BecomeAnyAccountLoginServlet.class);
> - }
> - });
> - break;
> -
> - case OPENID:
> - case OPENID_SSO:
> - // OpenID support is bound in WebAppInitializer and Daemon.
> - case CUSTOM_EXTENSION:
> - break;
> - default:
> - throw new ProvisionException("Unsupported loginType: " + authConfig.getAuthType());
> - }
> + install(realmWebModule);
>
> install(new UrlModule(urlConfig));
> install(new UiRpcModule());
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountRealmExtension.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountRealmExtension.java
> new file mode 100644
> index 0000000..57792d6
> --- /dev/null
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountRealmExtension.java
> @@ -0,0 +1,49 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.become;
> +
> +import com.google.gerrit.server.account.DefaultRealm;
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +public class BecomeAnyAccountRealmExtension implements RealmExtension {
> +
> + @Override
> + public String getName() {
> + return "DEVELOPMENT_BECOME_ANY_ACCOUNT";
> + }
> +
> + @Override
> + public Class<? extends Realm> getRealm() {
> + return DefaultRealm.class;
> + }
> +
> + @Override
> + public RealmCacheModule getCacheModule() {
> + return RealmExtension.EMPTY_SERVER_MODULE;
> + }
> +
> + @Override
> + public ServletModule getWebModule() {
> + return new ServletModule() {
> + @Override
> + protected void configureServlets() {
> + serve("/become").with(BecomeAnyAccountLoginServlet.class);
> + }
> + };
> + }
> +}
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java
> index 348ecbb..53749fe 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java
> @@ -17,7 +17,6 @@
> import com.google.gerrit.common.auth.userpass.LoginResult;
> import com.google.gerrit.common.auth.userpass.UserPassAuthService;
> import com.google.gerrit.httpd.WebSession;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.server.account.AccountException;
> import com.google.gerrit.server.account.AccountManager;
> import com.google.gerrit.server.account.AccountUserNameException;
> @@ -36,7 +35,7 @@
> class UserPassAuthServiceImpl implements UserPassAuthService {
> private final Provider<WebSession> webSession;
> private final AccountManager accountManager;
> - private final AuthType authType;
> + private final String authType;
>
> private static final Logger log = LoggerFactory
> .getLogger(UserPassAuthServiceImpl.class);
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
> index b62a10b..b2334aa 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
> @@ -30,7 +30,6 @@
> import com.google.gerrit.reviewdb.client.AccountGroupMember;
> import com.google.gerrit.reviewdb.client.AccountGroupMemberAudit;
> import com.google.gerrit.reviewdb.client.AccountSshKey;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.client.ContactInformation;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.gerrit.server.CurrentUser;
> @@ -311,7 +310,7 @@
>
> public void registerEmail(final String address,
> final AsyncCallback<Account> cb) {
> - if (authConfig.getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
> + if (authConfig.getAuthType().equalsIgnoreCase("DEVELOPMENT_BECOME_ANY_ACCOUNT")) {
> try {
> accountManager.link(user.get().getAccountId(),
> AuthRequest.forEmail(address));
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java
> index aca2e05..ba8dc2b 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java
> @@ -31,7 +31,6 @@
> import com.google.gerrit.reviewdb.client.AccountGroupIncludeAudit;
> import com.google.gerrit.reviewdb.client.AccountGroupMember;
> import com.google.gerrit.reviewdb.client.AccountGroupMemberAudit;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.gerrit.server.IdentifiedUser;
> import com.google.gerrit.server.account.AccountCache;
> @@ -60,7 +59,7 @@
> private final AccountCache accountCache;
> private final AccountResolver accountResolver;
> private final AccountManager accountManager;
> - private final AuthType authType;
> + private final String authType;
> private final GroupCache groupCache;
> private final GroupBackend groupBackend;
> private final GroupIncludeCache groupIncludeCache;
> @@ -379,13 +378,8 @@
> Failure {
> Account r = accountResolver.find(nameOrEmail);
> if (r == null) {
> - switch (authType) {
> - case HTTP_LDAP:
> - case CLIENT_SSL_CERT_LDAP:
> - case LDAP:
> + if (authType.contains("ldap") || authType.contains("LDAP")) {
> r = createAccountByLdap(nameOrEmail);
> - break;
> - default:
> }
> if (r == null) {
> throw new Failure(new NoSuchAccountException(nameOrEmail));
> diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealm.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealm.java
> new file mode 100644
> index 0000000..529ab7d
> --- /dev/null
> +++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealm.java
> @@ -0,0 +1,39 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.openid;
> +
> +import com.google.gerrit.common.data.GerritConfig;
> +import com.google.gerrit.server.account.AccountByEmailCache;
> +import com.google.gerrit.server.account.DefaultRealm;
> +import com.google.gerrit.server.account.EmailExpander;
> +import com.google.gerrit.server.config.AuthConfig;
> +import com.google.inject.Inject;
> +
> +public class OpenIdRealm extends DefaultRealm {
> +
> + private AuthConfig authConfig;
> +
> + @Inject
> + OpenIdRealm(final AuthConfig authConfig, final EmailExpander emailExpander,
> + final AccountByEmailCache byEmail) {
> + super(emailExpander, byEmail);
> + this.authConfig = authConfig;
> + }
> +
> + @Override
> + public void setAdditionalConfiguraction(GerritConfig config) {
> + config.setAllowedOpenIDs(authConfig.getAllowedOpenIDs());
> + }
> +}
> diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealmExtension.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealmExtension.java
> new file mode 100644
> index 0000000..e4bfc09
> --- /dev/null
> +++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealmExtension.java
> @@ -0,0 +1,48 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.openid;
> +
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.annotation.Nonnull;
> +
> +public class OpenIdRealmExtension implements RealmExtension {
> +
> + @Override
> + @Nonnull
> + public String getName() {
> + return "OPENID";
> + }
> +
> + @Override
> + @Nonnull
> + public Class<? extends Realm> getRealm() {
> + return OpenIdRealm.class;
> + }
> +
> + @Override
> + public RealmCacheModule getCacheModule() {
> + return RealmExtension.EMPTY_SERVER_MODULE;
> + }
> +
> + @Override
> + public ServletModule getWebModule() {
> + return new OpenIdModule();
> + }
> +
> +}
> diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealm.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealm.java
> new file mode 100644
> index 0000000..65f4fb8
> --- /dev/null
> +++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealm.java
> @@ -0,0 +1,39 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.openid;
> +
> +import com.google.gerrit.common.data.GerritConfig;
> +import com.google.gerrit.server.account.AccountByEmailCache;
> +import com.google.gerrit.server.account.DefaultRealm;
> +import com.google.gerrit.server.account.EmailExpander;
> +import com.google.gerrit.server.config.AuthConfig;
> +import com.google.inject.Inject;
> +
> +public class OpenIdSsoRealm extends DefaultRealm {
> +
> + private AuthConfig authConfig;
> +
> + @Inject
> + OpenIdSsoRealm(final AuthConfig authConfig,
> + final EmailExpander emailExpander, final AccountByEmailCache byEmail) {
> + super(emailExpander, byEmail);
> + this.authConfig = authConfig;
> + }
> +
> + @Override
> + public void setAdditionalConfiguraction(GerritConfig config) {
> + config.setOpenIdSsoUrl(authConfig.getOpenIdSsoUrl());
> + }
> +}
> diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealmExtension.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealmExtension.java
> new file mode 100644
> index 0000000..292d760
> --- /dev/null
> +++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealmExtension.java
> @@ -0,0 +1,48 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.openid;
> +
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.annotation.Nonnull;
> +
> +public class OpenIdSsoRealmExtension implements RealmExtension {
> +
> + @Override
> + @Nonnull
> + public String getName() {
> + return "OPENID";
> + }
> +
> + @Override
> + @Nonnull
> + public Class<? extends Realm> getRealm() {
> + return OpenIdSsoRealm.class;
> + }
> +
> + @Override
> + public RealmCacheModule getCacheModule() {
> + return RealmExtension.EMPTY_SERVER_MODULE;
> + }
> +
> + @Override
> + public ServletModule getWebModule() {
> + return new OpenIdModule();
> + }
> +
> +}
> diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
> index c164d48..48f2fa3 100644
> --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
> +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
> @@ -25,7 +25,6 @@
> import com.google.gerrit.httpd.SignedTokenRestTokenVerifier;
> import com.google.gerrit.httpd.WebModule;
> import com.google.gerrit.httpd.WebSshGlueModule;
> -import com.google.gerrit.httpd.auth.openid.OpenIdModule;
> import com.google.gerrit.httpd.plugins.HttpPluginModule;
> import com.google.gerrit.lifecycle.LifecycleManager;
> import com.google.gerrit.pgm.http.jetty.GetUserFilter;
> @@ -36,10 +35,8 @@
> import com.google.gerrit.pgm.util.LogFileCompressor;
> import com.google.gerrit.pgm.util.RuntimeShutdown;
> import com.google.gerrit.pgm.util.SiteProgram;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.gerrit.server.cache.h2.DefaultCacheFactory;
> -import com.google.gerrit.server.config.AuthConfig;
> import com.google.gerrit.server.config.AuthConfigModule;
> import com.google.gerrit.server.config.CanonicalWebUrlModule;
> import com.google.gerrit.server.config.CanonicalWebUrlProvider;
> @@ -370,11 +367,6 @@
> modules.add(new NoSshModule());
> }
>
> - AuthConfig authConfig = cfgInjector.getInstance(AuthConfig.class);
> - if (authConfig.getAuthType() == AuthType.OPENID ||
> - authConfig.getAuthType() == AuthType.OPENID_SSO) {
> - modules.add(new OpenIdModule());
> - }
> modules.add(sysInjector.getInstance(GetUserFilter.Module.class));
>
> return sysInjector.createChildInjector(modules);
> diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
> index 5823940..6112988 100644
> --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
> +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
> @@ -19,7 +19,6 @@
>
> import com.google.gerrit.extensions.events.LifecycleListener;
> import com.google.gerrit.launcher.GerritLauncher;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.server.config.ConfigUtil;
> import com.google.gerrit.server.config.GerritServerConfig;
> import com.google.gerrit.server.config.SitePaths;
> @@ -141,7 +140,7 @@
> final URI[] listenUrls = listenURLs(cfg);
> final boolean reuseAddress = cfg.getBoolean("httpd", "reuseaddress", true);
> final int acceptors = cfg.getInt("httpd", "acceptorThreads", 2);
> - final AuthType authType = ConfigUtil.getEnum(cfg, "auth", null, "type", AuthType.OPENID);
> + final String authType = cfg.getString("auth", null, "type");
>
> reverseProxy = isReverseProxied(listenUrls);
> final Connector[] connectors = new Connector[listenUrls.length];
> @@ -150,11 +149,10 @@
> final int defaultPort;
> final SelectChannelConnector c;
>
> - if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType) && ! "https".equals(u.getScheme())) {
> + if (authType.equalsIgnoreCase("CLIENT_SSL_CERT_LDAP") && ! "https".equals(u.getScheme())) {
> throw new IllegalArgumentException("Protocol '" + u.getScheme()
> + "' " + " not supported in httpd.listenurl '" + u
> - + "' when auth.type = '" + AuthType.CLIENT_SSL_CERT_LDAP.name()
> - + "'; only 'https' is supported");
> + + "' when auth.type = 'CLIENT_SSL_CERT_LDAP'; only 'https' is supported");
> }
>
> if ("http".equals(u.getScheme())) {
> @@ -172,7 +170,7 @@
> ssl.setKeyPassword(password);
> ssl.setTrustPassword(password);
>
> - if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType)) {
> + if (authType.equalsIgnoreCase("CLIENT_SSL_CERT_LDAP")) {
> ssl.setNeedClientAuth(true);
> }
>
> diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
> index fa4dc14..00129d6 100644
> --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
> +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
> @@ -14,10 +14,7 @@
>
> package com.google.gerrit.pgm.init;
>
> -import static com.google.gerrit.pgm.init.InitUtil.dnOf;
> -
> import com.google.gerrit.pgm.util.ConsoleUI;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gwtjsonrpc.server.SignedToken;
> import com.google.inject.Inject;
> import com.google.inject.Singleton;
> @@ -38,8 +35,8 @@
>
> public void run() {
> ui.header("User Authentication");
> -
> - final AuthType auth_type =
> +// move to Realm.init() metehod
> +/* final AuthType auth_type =
> auth.select("Authentication method", "type", AuthType.OPENID);
>
> switch (auth_type) {
> @@ -80,7 +77,7 @@
> ldap.string("Group BaseDN", "groupBase", aBase);
> break;
> }
> - }
> + } */
>
> if (auth.getSecure("registerEmailPrivateKey") == null) {
> auth.setSecure("registerEmailPrivateKey", SignedToken.generateRandomKey());
> diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java
> index 98d2e47..8a40fbb 100644
> --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java
> +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java
> @@ -21,8 +21,6 @@
> import static com.google.gerrit.pgm.init.InitUtil.toURI;
>
> import com.google.gerrit.pgm.util.ConsoleUI;
> -import com.google.gerrit.reviewdb.client.AuthType;
> -import com.google.gerrit.server.config.ConfigUtil;
> import com.google.gerrit.server.config.SitePaths;
> import com.google.gwtjsonrpc.server.SignedToken;
> import com.google.inject.Inject;
> @@ -123,7 +121,7 @@
> }
> if (gerrit.get("canonicalWebUrl") != null //
> || (!proxy && ssl) //
> - || getAuthType() == AuthType.OPENID) {
> + || getAuthType().equalsIgnoreCase("OPENID")) {
> gerrit.string("Canonical URL", "canonicalWebUrl", uri.toString());
> }
>
> @@ -197,7 +195,7 @@
> }
> }
>
> - private AuthType getAuthType() {
> - return ConfigUtil.getEnum(flags.cfg, "auth", null, "type", AuthType.OPENID);
> + private String getAuthType() {
> + return flags.cfg.getString("auth", null, "type");
> }
> }
> diff --git a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AuthType.java b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AuthType.java
> deleted file mode 100644
> index b615fc5..0000000
> --- a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AuthType.java
> +++ /dev/null
> @@ -1,84 +0,0 @@
> -// Copyright (C) 2009 The Android Open Source Project
> -//
> -// Licensed under the Apache License, Version 2.0 (the "License");
> -// you may not use this file except in compliance with the License.
> -// You may obtain a copy of the License at
> -//
> -// http://www.apache.org/licenses/LICENSE-2.0
> -//
> -// Unless required by applicable law or agreed to in writing, software
> -// distributed under the License is distributed on an "AS IS" BASIS,
> -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> -// See the License for the specific language governing permissions and
> -// limitations under the License.
> -
> -package com.google.gerrit.reviewdb.client;
> -
> -public enum AuthType {
> - /** Login relies upon the OpenID standard: {@link "http://openid.net/"} */
> - OPENID,
> -
> - /** Login relies upon the OpenID standard: {@link "http://openid.net/"} in Single Sign On mode */
> - OPENID_SSO,
> -
> - /**
> - * Login relies upon the container/web server security.
> - * <p>
> - * The container or web server must populate an HTTP header with a unique name
> - * for the current user. Gerrit will implicitly trust the value of this header
> - * to supply the unique identity.
> - */
> - HTTP,
> -
> - /**
> - * Login relies upon the container/web server security, but also uses LDAP.
> - * <p>
> - * Like {@link #HTTP}, the container or web server must populate an HTTP
> - * header with a unique name for the current user. Gerrit will implicitly
> - * trust the value of this header to supply the unique identity.
> - * <p>
> - * In addition to trusting the HTTP headers, Gerrit will obtain basic user
> - * registration (name and email) from LDAP, and some group memberships.
> - */
> - HTTP_LDAP,
> -
> - /**
> - * Login via client SSL certificate.
> - * <p>
> - * This authentication type is actually kind of SSO. Gerrit will configure
> - * Jetty's SSL channel to request client's SSL certificate. For this
> - * authentication to work a Gerrit administrator has to import the root
> - * certificate of the trust chain used to issue the client's certificate
> - * into the <review-site>/etc/keystore.
> - * <p>
> - * After the authentication is done Gerrit will obtain basic user
> - * registration (name and email) from LDAP, and some group memberships.
> - * Therefore, the "_LDAP" suffix in the name of this authentication type.
> - */
> - CLIENT_SSL_CERT_LDAP,
> -
> - /**
> - * Login collects username and password through a web form, and binds to LDAP.
> - * <p>
> - * Unlike {@link #HTTP_LDAP}, Gerrit presents a sign-in dialog to the user and
> - * makes the connection to the LDAP server on their behalf.
> - */
> - LDAP,
> -
> - /**
> - * Login collects username and password through a web form, and binds to LDAP.
> - * <p>
> - * Unlike {@link #HTTP_LDAP}, Gerrit presents a sign-in dialog to the user and
> - * makes the connection to the LDAP server on their behalf.
> - * <p>
> - * Unlike the more generic {@link #LDAP} mode, Gerrit can only query the
> - * directory via an actual authenticated user account.
> - */
> - LDAP_BIND,
> -
> - /** Login is managed by additional, unspecified code. */
> - CUSTOM_EXTENSION,
> -
> - /** Development mode to enable becoming anyone you want. */
> - DEVELOPMENT_BECOME_ANY_ACCOUNT;
> -}
> diff --git a/gerrit-server/pom.xml b/gerrit-server/pom.xml
> index af18173..ecf8280 100644
> --- a/gerrit-server/pom.xml
> +++ b/gerrit-server/pom.xml
> @@ -180,6 +180,11 @@
> <groupId>org.pegdown</groupId>
> <artifactId>pegdown</artifactId>
> </dependency>
> +
> + <dependency>
> + <groupId>org.reflections</groupId>
> + <artifactId>reflections</artifactId>
> + </dependency>
> </dependencies>
>
> <build>
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java b/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
> index 89cbac1..a019a14 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
> @@ -68,7 +68,6 @@
> private final AuthConfig authConfig;
> private final String anonymousCowardName;
> private final Provider<String> canonicalUrl;
> - private final Realm realm;
> private final AccountCache accountCache;
> private final GroupBackend groupBackend;
>
> @@ -78,13 +77,12 @@
> final AuthConfig authConfig,
> final @AnonymousCowardName String anonymousCowardName,
> final @CanonicalWebUrl Provider<String> canonicalUrl,
> - final Realm realm, final AccountCache accountCache,
> + final AccountCache accountCache,
> final GroupBackend groupBackend) {
> this.capabilityControlFactory = capabilityControlFactory;
> this.authConfig = authConfig;
> this.anonymousCowardName = anonymousCowardName;
> this.canonicalUrl = canonicalUrl;
> - this.realm = realm;
> this.accountCache = accountCache;
> this.groupBackend = groupBackend;
> }
> @@ -95,14 +93,14 @@
>
> public IdentifiedUser create(Provider<ReviewDb> db, Account.Id id) {
> return new IdentifiedUser(capabilityControlFactory, AccessPath.UNKNOWN,
> - authConfig, anonymousCowardName, canonicalUrl, realm, accountCache,
> + authConfig, anonymousCowardName, canonicalUrl, accountCache,
> groupBackend, null, db, id);
> }
>
> public IdentifiedUser create(AccessPath accessPath,
> Provider<SocketAddress> remotePeerProvider, Account.Id id) {
> return new IdentifiedUser(capabilityControlFactory, accessPath,
> - authConfig, anonymousCowardName, canonicalUrl, realm, accountCache,
> + authConfig, anonymousCowardName, canonicalUrl, accountCache,
> groupBackend, remotePeerProvider, null, id);
> }
> }
> @@ -119,7 +117,7 @@
> private final AuthConfig authConfig;
> private final String anonymousCowardName;
> private final Provider<String> canonicalUrl;
> - private final Realm realm;
> + private final Provider<Realm> realm;
> private final AccountCache accountCache;
> private final GroupBackend groupBackend;
>
> @@ -132,7 +130,7 @@
> final AuthConfig authConfig,
> final @AnonymousCowardName String anonymousCowardName,
> final @CanonicalWebUrl Provider<String> canonicalUrl,
> - final Realm realm, final AccountCache accountCache,
> + final Provider<Realm> realm, final AccountCache accountCache,
> final GroupBackend groupBackend,
>
> final @RemotePeer Provider<SocketAddress> remotePeerProvider,
> @@ -152,7 +150,7 @@
> public IdentifiedUser create(final AccessPath accessPath,
> final Account.Id id) {
> return new IdentifiedUser(capabilityControlFactory, accessPath,
> - authConfig, anonymousCowardName, canonicalUrl, realm, accountCache,
> + authConfig, anonymousCowardName, canonicalUrl, accountCache,
> groupBackend, remotePeerProvider, dbProvider, id);
> }
> }
> @@ -191,7 +189,7 @@
> final AuthConfig authConfig,
> final String anonymousCowardName,
> final Provider<String> canonicalUrl,
> - final Realm realm, final AccountCache accountCache,
> + final AccountCache accountCache,
> final GroupBackend groupBackend,
> @Nullable final Provider<SocketAddress> remotePeerProvider,
> @Nullable final Provider<ReviewDb> dbProvider, final Account.Id id) {
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
> index e469c34..5c5bb35 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
> @@ -42,6 +42,8 @@
> import java.util.List;
> import java.util.concurrent.atomic.AtomicBoolean;
>
> +import javax.inject.Provider;
> +
> /** Tracks authentication related details for user accounts. */
> @Singleton
> public class AccountManager {
> @@ -52,7 +54,7 @@
> private final AccountCache byIdCache;
> private final AccountByEmailCache byEmailCache;
> private final AuthConfig authConfig;
> - private final Realm realm;
> + private final Provider<Realm> realmProvider;
> private final IdentifiedUser.GenericFactory userFactory;
> private final ChangeUserName.Factory changeUserNameFactory;
> private final ProjectCache projectCache;
> @@ -61,7 +63,7 @@
> @Inject
> AccountManager(final SchemaFactory<ReviewDb> schema,
> final AccountCache byIdCache, final AccountByEmailCache byEmailCache,
> - final AuthConfig authConfig, final Realm accountMapper,
> + final AuthConfig authConfig, final Provider<Realm> accountMapper,
> final IdentifiedUser.GenericFactory userFactory,
> final ChangeUserName.Factory changeUserNameFactory,
> final ProjectCache projectCache) throws OrmException {
> @@ -69,7 +71,7 @@
> this.byIdCache = byIdCache;
> this.byEmailCache = byEmailCache;
> this.authConfig = authConfig;
> - this.realm = accountMapper;
> + this.realmProvider = accountMapper;
> this.userFactory = userFactory;
> this.changeUserNameFactory = changeUserNameFactory;
> this.projectCache = projectCache;
> @@ -110,7 +112,7 @@
> * or exists, but cannot be located, or is inactive.
> */
> public AuthResult authenticate(AuthRequest who) throws AccountException {
> - who = realm.authenticate(who);
> + who = realmProvider.get().authenticate(who);
> try {
> final ReviewDb db = schema.open();
> try {
> @@ -162,6 +164,7 @@
> db.accountExternalIds().update(Collections.singleton(extId));
> }
>
> + Realm realm = realmProvider.get();
> if (!realm.allowsEdit(Account.FieldName.FULL_NAME)
> && !eq(user.getAccount().getFullName(), who.getDisplayName())) {
> toUpdate = load(toUpdate, user.getAccountId(), db);
> @@ -320,7 +323,7 @@
> }
>
> byEmailCache.evict(account.getPreferredEmail());
> - realm.onCreateAccount(who, account);
> + realmProvider.get().onCreateAccount(who, account);
> return new AuthResult(newId, extId.getKey(), true);
> }
>
> @@ -352,7 +355,7 @@
> } else {
> log.error(errorMessage);
> }
> - if (!realm.allowsEdit(Account.FieldName.USER_NAME)) {
> + if (!realmProvider.get().allowsEdit(Account.FieldName.USER_NAME)) {
> // setting the given user name has failed, but the realm does not
> // allow the user to manually set a user name,
> // this means we would end with an account without user name
> @@ -387,7 +390,7 @@
> try {
> final ReviewDb db = schema.open();
> try {
> - who = realm.link(db, to, who);
> + who = realmProvider.get().link(db, to, who);
>
> final AccountExternalId.Key key = id(who);
> AccountExternalId extId = db.accountExternalIds().get(key);
> @@ -440,7 +443,7 @@
> try {
> final ReviewDb db = schema.open();
> try {
> - who = realm.unlink(db, from, who);
> + who = realmProvider.get().unlink(db, from, who);
>
> final AccountExternalId.Key key = id(who);
> AccountExternalId extId = db.accountExternalIds().get(key);
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
> index c90f3e9..8e47a59 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
> @@ -14,6 +14,7 @@
>
> package com.google.gerrit.server.account;
>
> +import com.google.gerrit.common.data.GerritConfig;
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.inject.Inject;
> @@ -25,7 +26,7 @@
> private final AccountByEmailCache byEmail;
>
> @Inject
> - DefaultRealm(final EmailExpander emailExpander,
> + public DefaultRealm(final EmailExpander emailExpander,
> final AccountByEmailCache byEmail) {
> this.emailExpander = emailExpander;
> this.byEmail = byEmail;
> @@ -69,4 +70,8 @@
> }
> return null;
> }
> +
> + @Override
> + public void setAdditionalConfiguraction(GerritConfig config) {
> + }
> }
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
> index e44d46e..e70c0ca 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
> @@ -14,6 +14,7 @@
>
> package com.google.gerrit.server.account;
>
> +import com.google.gerrit.common.data.GerritConfig;
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.server.ReviewDb;
>
> @@ -40,4 +41,6 @@
> * user by that email address.
> */
> public Account.Id lookup(String accountName);
> +
> + public void setAdditionalConfiguraction(GerritConfig config);
> }
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/RealmExtension.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/RealmExtension.java
> new file mode 100644
> index 0000000..cd83b69
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/RealmExtension.java
> @@ -0,0 +1,42 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.account;
> +
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.annotation.Nonnull;
> +
> +public interface RealmExtension {
> +
> + public static final ServletModule EMPTY_WEB_MODULE = new ServletModule();
> +
> + public static final RealmCacheModule EMPTY_SERVER_MODULE = new RealmCacheModule() {
> + @Override
> + protected void configure() {}
> + };
> +
> + @Nonnull
> + String getName();
> +
> + @Nonnull
> + Class<? extends Realm> getRealm();
> +
> + @Nonnull
> + RealmCacheModule getCacheModule();
> +
> + @Nonnull
> + ServletModule getWebModule();
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java b/gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java
> index 8e71b88..8061875 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java
> @@ -15,7 +15,6 @@
> package com.google.gerrit.server.args4j;
>
> import com.google.gerrit.reviewdb.client.Account;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.server.account.AccountException;
> import com.google.gerrit.server.account.AccountManager;
> import com.google.gerrit.server.account.AccountResolver;
> @@ -35,7 +34,7 @@
> public class AccountIdHandler extends OptionHandler<Account.Id> {
> private final AccountResolver accountResolver;
> private final AccountManager accountManager;
> - private final AuthType authType;
> + private final String authType;
>
> @Inject
> public AccountIdHandler(final AccountResolver accountResolver,
> @@ -59,14 +58,10 @@
> if (a != null) {
> accountId = a.getId();
> } else {
> - switch (authType) {
> - case HTTP_LDAP:
> - case CLIENT_SSL_CERT_LDAP:
> - case LDAP:
> - accountId = createAccountByLdap(token);
> - break;
> - default:
> - throw new CmdLineException(owner, "user \"" + token + "\" not found");
> + if (authType.contains("ldap") || authType.contains("LDAP")) {
> + accountId = createAccountByLdap(token);
> + } else {
> + throw new CmdLineException(owner, "user \"" + token + "\" not found");
> }
> }
> } catch (OrmException e) {
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
> index 29533b9..7f5bcb2 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
> @@ -22,13 +22,13 @@
> import com.google.gerrit.reviewdb.client.AccountGroup;
> import com.google.gerrit.server.account.GroupBackend;
> import com.google.gerrit.server.account.Realm;
> -import com.google.gerrit.server.cache.CacheModule;
> +import com.google.gerrit.server.config.RealmCacheModule;
> import com.google.inject.Scopes;
> import com.google.inject.TypeLiteral;
>
> import java.util.Set;
>
> -public class LdapModule extends CacheModule {
> +public class LdapModule extends RealmCacheModule {
> static final String USERNAME_CACHE = "ldap_usernames";
> static final String GROUP_CACHE = "ldap_groups";
> static final String GROUP_EXIST_CACHE = "ldap_group_existence";
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
> index 72eb7ec..d3b5f7b 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
> @@ -20,11 +20,11 @@
> import com.google.common.base.Strings;
> import com.google.common.cache.CacheLoader;
> import com.google.common.cache.LoadingCache;
> +import com.google.gerrit.common.data.GerritConfig;
> import com.google.gerrit.common.data.ParameterizedString;
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.client.AccountExternalId;
> import com.google.gerrit.reviewdb.client.AccountGroup;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.gerrit.server.account.AccountException;
> import com.google.gerrit.server.account.AuthRequest;
> @@ -71,15 +71,18 @@
> private final Config config;
>
> private final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache;
> + private Config cfg;
>
> @Inject
> LdapRealm(
> final Helper helper,
> final AuthConfig authConfig,
> final EmailExpander emailExpander,
> + @GerritServerConfig final Config gsc,
> @Named(LdapModule.GROUP_CACHE) final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache,
> @Named(LdapModule.USERNAME_CACHE) final LoadingCache<String, Optional<Account.Id>> usernameCache,
> @GerritServerConfig final Config config) {
> + this.cfg = gsc;
> this.helper = helper;
> this.authConfig = authConfig;
> this.emailExpander = emailExpander;
> @@ -192,7 +195,7 @@
> final String username = who.getLocalUser();
> try {
> final DirContext ctx;
> - if (authConfig.getAuthType() == AuthType.LDAP_BIND) {
> + if (authConfig.getAuthType().equalsIgnoreCase("LDAP_BIND")) {
> ctx = helper.authenticate(username, who.getPassword());
> } else {
> ctx = helper.open();
> @@ -201,7 +204,7 @@
> final Helper.LdapSchema schema = helper.getSchema(ctx);
> final LdapQuery.Result m = helper.findAccount(schema, ctx, username);
>
> - if (authConfig.getAuthType() == AuthType.LDAP && !who.isSkipAuthentication()) {
> + if (authConfig.getAuthType().equalsIgnoreCase("LDAP") && !who.isSkipAuthentication()) {
> // We found the user account, but we need to verify
> // the password matches it before we can continue.
> //
> @@ -272,6 +275,14 @@
> }
> }
>
> + @Override
> + public void setAdditionalConfiguraction(GerritConfig gerritConfig) {
> +// case LDAP:
> +// case LDAP_BIND:
> + gerritConfig.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
> + gerritConfig.setEditFullNameUrl(cfg.getString("auth", null, "editFullNameUrl"));
> + }
> +
> static class UserLoader extends CacheLoader<String, Optional<Account.Id>> {
> private final SchemaFactory<ReviewDb> schema;
>
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRelmExtension.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRelmExtension.java
> new file mode 100644
> index 0000000..6088653
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRelmExtension.java
> @@ -0,0 +1,54 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.auth.ldap;
> +
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.annotation.Nonnull;
> +
> +public class LdapRelmExtension implements RealmExtension {
> +
> + @Override
> + @Nonnull
> + public String getName() {
> + return "LDAP";
> + }
> +
> + @Override
> + @Nonnull
> + public Class<? extends Realm> getRealm() {
> + return LdapRealm.class;
> + }
> +
> + @Override
> + @Nonnull
> + public RealmCacheModule getCacheModule() {
> + return new LdapModule();
> + }
> +
> + @Override
> + @Nonnull
> + public ServletModule getWebModule() {
> + // for now we return empty module,
> + // because LdapAuthModule is out of
> + // scope, maybe all LDAP connected
> + // stuff should be moved to separate project/maven-module
> + return RealmExtension.EMPTY_WEB_MODULE;
> + }
> +
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
> index 9916257..58556a4 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
> @@ -16,7 +16,6 @@
>
> import com.google.gerrit.common.auth.openid.OpenIdProviderPattern;
> import com.google.gerrit.reviewdb.client.AccountExternalId;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gwtjsonrpc.server.SignedToken;
> import com.google.gwtjsonrpc.server.XsrfException;
> import com.google.inject.Inject;
> @@ -33,7 +32,7 @@
> /** Authentication related settings from {@code gerrit.config}. */
> @Singleton
> public class AuthConfig {
> - private final AuthType authType;
> + private final String authType;
> private final String httpHeader;
> private final boolean trustContainerAuth;
> private final boolean userNameToLowerCase;
> @@ -52,7 +51,7 @@
> @Inject
> AuthConfig(@GerritServerConfig final Config cfg)
> throws XsrfException {
> - authType = toType(cfg);
> + authType = cfg.getString("auth", null, "type");
> httpHeader = cfg.getString("auth", null, "httpheader");
> logoutUrl = cfg.getString("auth", null, "logouturl");
> openIdSsoUrl = cfg.getString("auth", null, "openidssourl");
> @@ -85,7 +84,7 @@
> restToken = null;
> }
>
> - if (authType == AuthType.OPENID) {
> + if (authType.equalsIgnoreCase("OpenId")) {
> allowGoogleAccountUpgrade =
> cfg.getBoolean("auth", "allowgoogleaccountupgrade", false);
> } else {
> @@ -106,12 +105,8 @@
> return Collections.unmodifiableList(r);
> }
>
> - private static AuthType toType(final Config cfg) {
> - return ConfigUtil.getEnum(cfg, "auth", null, "type", AuthType.OPENID);
> - }
> -
> /** Type of user authentication used by this Gerrit server. */
> - public AuthType getAuthType() {
> + public String getAuthType() {
> return authType;
> }
>
> @@ -168,7 +163,8 @@
> }
>
> public boolean isIdentityTrustable(final Collection<AccountExternalId> ids) {
> - switch (getAuthType()) {
> + return true;
> +/* switch (getAuthType()) {
> case DEVELOPMENT_BECOME_ANY_ACCOUNT:
> case HTTP:
> case HTTP_LDAP:
> @@ -199,7 +195,7 @@
> // Assume not, we don't understand the login format.
> //
> return false;
> - }
> + }*/
> }
>
> private boolean isTrusted(final AccountExternalId id) {
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
> index 2a66706..f175583 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
> @@ -23,7 +23,6 @@
> import com.google.gerrit.extensions.events.NewProjectCreatedListener;
> import com.google.gerrit.extensions.registration.DynamicMap;
> import com.google.gerrit.extensions.registration.DynamicSet;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.rules.PrologModule;
> import com.google.gerrit.rules.RulesCache;
> import com.google.gerrit.server.AnonymousUser;
> @@ -37,7 +36,6 @@
> import com.google.gerrit.server.account.AccountVisibility;
> import com.google.gerrit.server.account.AccountVisibilityProvider;
> import com.google.gerrit.server.account.CapabilityControl;
> -import com.google.gerrit.server.account.DefaultRealm;
> import com.google.gerrit.server.account.EmailExpander;
> import com.google.gerrit.server.account.GroupBackend;
> import com.google.gerrit.server.account.GroupCacheImpl;
> @@ -46,9 +44,7 @@
> import com.google.gerrit.server.account.GroupInfoCacheFactory;
> import com.google.gerrit.server.account.IncludingGroupMembership;
> import com.google.gerrit.server.account.InternalGroupBackend;
> -import com.google.gerrit.server.account.Realm;
> import com.google.gerrit.server.account.UniversalGroupBackend;
> -import com.google.gerrit.server.auth.ldap.LdapModule;
> import com.google.gerrit.server.cache.CacheRemovalListener;
> import com.google.gerrit.server.events.EventFactory;
> import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
> @@ -75,41 +71,17 @@
> import com.google.gerrit.server.util.IdGenerator;
> import com.google.gerrit.server.util.ThreadLocalRequestContext;
> import com.google.gerrit.server.workflow.FunctionState;
> -import com.google.inject.Inject;
> import com.google.inject.TypeLiteral;
>
> import org.apache.velocity.runtime.RuntimeInstance;
> -import org.eclipse.jgit.lib.Config;
>
>
> /** Starts global state with standard dependencies. */
> public class GerritGlobalModule extends FactoryModule {
> - private final AuthType loginType;
> -
> - @Inject
> - GerritGlobalModule(final AuthConfig authConfig,
> - @GerritServerConfig final Config config) {
> - loginType = authConfig.getAuthType();
> - }
>
> @Override
> protected void configure() {
> - switch (loginType) {
> - case HTTP_LDAP:
> - case LDAP:
> - case LDAP_BIND:
> - case CLIENT_SSL_CERT_LDAP:
> - install(new LdapModule());
> - break;
> -
> - case CUSTOM_EXTENSION:
> - break;
> -
> - default:
> - bind(Realm.class).to(DefaultRealm.class);
> - break;
> - }
> -
> + install(new RealmExtensionsModule());
> bind(ApprovalTypes.class).toProvider(ApprovalTypesProvider.class).in(
> SINGLETON);
> bind(EmailExpander.class).toProvider(EmailExpanderProvider.class).in(
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModule.java
> new file mode 100644
> index 0000000..a271cca
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModule.java
> @@ -0,0 +1,20 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.gerrit.server.cache.CacheModule;
> +
> +public abstract class RealmCacheModule extends CacheModule {
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModuleProvider.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModuleProvider.java
> new file mode 100644
> index 0000000..e1a5840
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModuleProvider.java
> @@ -0,0 +1,37 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.Provider;
> +
> +import javax.inject.Inject;
> +import javax.inject.Singleton;
> +
> +@Singleton
> +class RealmCacheModuleProvider implements Provider<RealmCacheModule> {
> + private final Provider<RealmExtension> rep;
> +
> + @Inject
> + RealmCacheModuleProvider(Provider<RealmExtension> realmExtensionProvider) {
> + rep = realmExtensionProvider;
> + }
> +
> + @Override
> + public RealmCacheModule get() {
> + return rep.get().getCacheModule();
> + }
> +
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionProvider.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionProvider.java
> new file mode 100644
> index 0000000..181b889
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionProvider.java
> @@ -0,0 +1,53 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.common.base.Optional;
> +import com.google.common.base.Predicate;
> +import com.google.common.collect.Iterables;
> +import com.google.gerrit.extensions.registration.DynamicSet;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.Provider;
> +
> +import javax.inject.Inject;
> +import javax.inject.Singleton;
> +
> +@Singleton
> +class RealmExtensionProvider implements Provider<RealmExtension> {
> +
> + private final String authType;
> + private final DynamicSet<RealmExtension> realms;
> +
> + @Inject
> + RealmExtensionProvider(DynamicSet<RealmExtension> realms, AuthConfig authConfig) {
> + this.realms = realms;
> + authType = authConfig.getAuthType();
> + }
> +
> + @Override
> + public RealmExtension get() {
> + Optional<RealmExtension> extension = Iterables.tryFind(realms, new Predicate<RealmExtension>() {
> + public boolean apply(RealmExtension input) {
> + return authType.equalsIgnoreCase(input.getName());
> + };
> + });
> + if (!extension.isPresent()) {
> + // throw exception
> + throw new RuntimeException(String.format("Cannot find Realm provider for name: %s", authType));
> + }
> + return extension.get();
> + }
> +
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionsModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionsModule.java
> new file mode 100644
> index 0000000..e2de856
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionsModule.java
> @@ -0,0 +1,79 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.common.base.Predicate;
> +import com.google.common.collect.Iterables;
> +import com.google.gerrit.extensions.registration.DynamicSet;
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.AbstractModule;
> +import com.google.inject.Injector;
> +import com.google.inject.name.Names;
> +import com.google.inject.servlet.ServletModule;
> +
> +import org.reflections.Reflections;
> +import org.reflections.util.ClasspathHelper;
> +import org.reflections.util.ConfigurationBuilder;
> +
> +import java.net.URL;
> +import java.util.Set;
> +
> +import javax.annotation.Nullable;
> +import javax.inject.Inject;
> +
> +class RealmExtensionsModule extends AbstractModule {
> +
> + @Inject
> + private Injector injector;
> +
> + @Override
> + protected void configure() {
> + DynamicSet.setOf(binder(), RealmExtension.class);
> +
> + Set<Class<? extends RealmExtension>> modules = findAllRealmExtensions();
> + bindRealmExtensions(modules);
> +
> + bind(Realm.class).toProvider(RealmProvider.class);
> + bind(RealmExtension.class).toProvider(RealmExtensionProvider.class);
> + bind(RealmCacheModule.class).toProvider(RealmCacheModuleProvider.class);
> + bind(ServletModule.class).annotatedWith(RealmWebModule.class).toProvider(
> + RealmWebModuleProvider.class);
> + }
> +
> + private Set<Class<? extends RealmExtension>> findAllRealmExtensions() {
> + Set<URL> classPath = ClasspathHelper.forJavaClassPath();
> + // TODO we should some how limit list of scanned url's, for now we just scan
> + // those that contains 'gerrit'
> + Iterables.removeIf(classPath, new Predicate<URL>() {
> + @Override
> + public boolean apply(@Nullable URL input) {
> + return input == null || !input.getPath().contains("gerrit");
> + }
> + });
> + ConfigurationBuilder config = new ConfigurationBuilder().setUrls(classPath);
> + Reflections reflections = new Reflections(config);
> + Set<Class<? extends RealmExtension>> modules =
> + reflections.getSubTypesOf(RealmExtension.class);
> + return modules;
> + }
> +
> + private void bindRealmExtensions(Set<Class<? extends RealmExtension>> modules) {
> + for (Class<? extends RealmExtension> module : modules) {
> + bind(RealmExtension.class).annotatedWith(Names.named(module.getName()))
> + .to(module);
> + }
> + }
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmProvider.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmProvider.java
> new file mode 100644
> index 0000000..fe8a804
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmProvider.java
> @@ -0,0 +1,41 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.Injector;
> +
> +import javax.inject.Inject;
> +import javax.inject.Provider;
> +import javax.inject.Singleton;
> +
> +@Singleton
> +class RealmProvider implements Provider<Realm> {
> + private final Injector injector;
> + private final Provider<RealmExtension> rep;
> +
> + @Inject
> + RealmProvider(Provider<RealmExtension> realmExtensionProvider, Injector injector) {
> + rep = realmExtensionProvider;
> + this.injector = injector;
> + }
> +
> + @Override
> + public Realm get() {
> + return injector.getInstance(rep.get().getRealm());
> + }
> +
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModule.java
> new file mode 100644
> index 0000000..9a2697e
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModule.java
> @@ -0,0 +1,26 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import static java.lang.annotation.RetentionPolicy.RUNTIME;
> +
> +import com.google.inject.BindingAnnotation;
> +
> +import java.lang.annotation.Retention;
> +
> +@Retention(RUNTIME)
> +@BindingAnnotation
> +public @interface RealmWebModule {
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModuleProvider.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModuleProvider.java
> new file mode 100644
> index 0000000..f8ec12b
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModuleProvider.java
> @@ -0,0 +1,39 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.Provider;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.inject.Inject;
> +import javax.inject.Singleton;
> +
> +@Singleton
> +@RealmWebModule
> +class RealmWebModuleProvider implements Provider<ServletModule> {
> + private Provider<RealmExtension> rep;
> +
> + @Inject
> + RealmWebModuleProvider(Provider<RealmExtension> realmExtensionProvider) {
> + rep = realmExtensionProvider;
> + }
> +
> + @Override
> + public ServletModule get() {
> + return rep.get().getWebModule();
> + }
> +
> +}
> diff --git a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
> index 1a556c2..f377f71 100644
> --- a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
> +++ b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
> @@ -18,13 +18,10 @@
> import static com.google.inject.Stage.PRODUCTION;
>
> import com.google.gerrit.common.ChangeHookRunner;
> -import com.google.gerrit.httpd.auth.openid.OpenIdModule;
> import com.google.gerrit.httpd.plugins.HttpPluginModule;
> import com.google.gerrit.lifecycle.LifecycleManager;
> import com.google.gerrit.lifecycle.LifecycleModule;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.server.cache.h2.DefaultCacheFactory;
> -import com.google.gerrit.server.config.AuthConfig;
> import com.google.gerrit.server.config.AuthConfigModule;
> import com.google.gerrit.server.config.CanonicalWebUrlModule;
> import com.google.gerrit.server.config.GerritGlobalModule;
> @@ -232,11 +229,6 @@
> modules.add(CacheBasedWebSession.module());
> modules.add(HttpContactStoreConnection.module());
> modules.add(new HttpPluginModule());
> -
> - AuthConfig authConfig = cfgInjector.getInstance(AuthConfig.class);
> - if (authConfig.getAuthType() == AuthType.OPENID) {
> - modules.add(new OpenIdModule());
> - }
>
> return sysInjector.createChildInjector(modules);
> }
> diff --git a/pom.xml b/pom.xml
> index d7b5988..59e1fe7 100644
> --- a/pom.xml
> +++ b/pom.xml
> @@ -843,6 +843,12 @@
> <artifactId>pegdown</artifactId>
> <version>1.1.0</version>
> </dependency>
> +
> + <dependency>
> + <groupId>org.reflections</groupId>
> + <artifactId>reflections</artifactId>
> + <version>0.9.8</version>
> + </dependency>
> </dependencies>
> </dependencyManagement>
>
>
> --
> To view, visit https://gerrit-review.googlesource.com/38560
> To unsubscribe, visit https://gerrit-review.googlesource.com/settings
>
> Gerrit-MessageType: newchange
> Gerrit-Change-Id: I724d7999c2f8d85d9added2fcc6b52a69da2b50e
> Gerrit-PatchSet: 1
> Gerrit-Project: gerrit
> Gerrit-Branch: stable-2.5
> Gerrit-Owner: Dariusz Łuksza <dariusz...@gmail.com>
Looking forward to it: can you add as topic for the next hackathon ?
Luca.
On 19 Oct 2012, at 14:03, "Dariusz Łuksza" <noreply-gerritcoderevie...@google.com> wrote:
> Dariusz Łuksza has uploaded a new change for review.
>
> https://gerrit-review.googlesource.com/38560
>
>
> Change subject: DRAFT: Support for Realm plugins
> ......................................................................
>
> DRAFT: Support for Realm plugins
>
> This is a snapshot of my current work on enabling third party realm
> mechanism's in Gerrit.
>
> The approach is to discover all implementations of RealmExtension during
> Gerrit start up process. For this job we use reflections project to
> scan classpath for available implementations (because of performance
> issues currenlty I remove all path's that don't contains 'gerrit').
> Then we bind all implementations in Guice to be able to use DynamicSet
> in providers.
>
> Currenlty only "DEVELOPMENT_BECOME_ANY_ACCOUNT" and "OPENID" authType
> are working. I would provide implementations for rest in subsequent
> patches.
>
> Creating initial configuration during 'init' process is not in place
> mainly because of circular dependency on pgm and server modules. Maybe
> we should add separate module for realm plugin and have also separate
> modules for each realm implementation.
>
> Also realm names are hardcoded in client side module, this can be
> removed when also Web UI plugins will be in place.
>
> Apart from that, we don't bind realm cache module currently. I need to
> figure out where this should be done.
>
> In current solution adding new realm is really simple, just implement
> RealmExtension interface and your specific realm mechanism, pack it
> into jar and put it on Gerrit's class path. Change authType in
> gerrit.config, then restart service. And you done ;)
>
> Change-Id: I724d7999c2f8d85d9added2fcc6b52a69da2b50e
> Signed-off-by: Dariusz Luksza <dar...@luksza.org>
> ---
> M gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java
> M gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java
> M gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
> A gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountRealmExtension.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
> M gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java
> A gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealm.java
> A gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealmExtension.java
> A gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealm.java
> A gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealmExtension.java
> M gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
> M gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
> M gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
> M gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java
> D gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AuthType.java
> M gerrit-server/pom.xml
> M gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
> M gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
> M gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
> M gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
> A gerrit-server/src/main/java/com/google/gerrit/server/account/RealmExtension.java
> M gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java
> M gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
> M gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
> A gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRelmExtension.java
> M gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
> M gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModule.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModuleProvider.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionProvider.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionsModule.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmProvider.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModule.java
> A gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModuleProvider.java
> M gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
> M pom.xml
> 46 files changed, 803 insertions(+), 395 deletions(-)
>
>
>
> diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java b/gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java
> index e89cdd2..d40f0af 100644
> --- a/gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java
> +++ b/gerrit-common/src/main/java/com/google/gerrit/common/auth/userpass/LoginResult.java
> @@ -14,23 +14,22 @@
>
> package com.google.gerrit.common.auth.userpass;
>
> -import com.google.gerrit.reviewdb.client.AuthType;
>
> public class LoginResult {
> public boolean success;
> public boolean isNew;
>
> - protected AuthType authType;
> + protected String authType;
> protected Error error;
>
> protected LoginResult() {
> }
>
> - public LoginResult(final AuthType authType) {
> + public LoginResult(final String authType) {
> this.authType = authType;
> }
>
> - public AuthType getAuthType() {
> + public String getAuthType() {
> return authType;
> }
>
> diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java b/gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
> index 7c16129..43dc722 100644
> --- a/gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
> +++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/GerritConfig.java
> @@ -19,7 +19,6 @@
> import com.google.gerrit.reviewdb.client.Account.FieldName;
> import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadCommand;
> import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.client.Project;
> import com.google.gwtexpui.safehtml.client.RegexFindReplace;
>
> @@ -37,7 +36,7 @@
> protected boolean useContributorAgreements;
> protected boolean useContactInfo;
> protected boolean allowRegisterNewEmail;
> - protected AuthType authType;
> + protected String authType;
> protected Set<DownloadScheme> downloadSchemes;
> protected Set<DownloadCommand> downloadCommands;
> protected String gitDaemonUrl;
> @@ -100,11 +99,11 @@
> allowedOpenIDs = l;
> }
>
> - public AuthType getAuthType() {
> + public String getAuthType() {
> return authType;
> }
>
> - public void setAuthType(final AuthType t) {
> + public void setAuthType(final String t) {
> authType = t;
> }
>
> @@ -239,7 +238,7 @@
> }
>
> public boolean siteHasUsernames() {
> - if (getAuthType() == AuthType.CUSTOM_EXTENSION
> + if ("CUSTOM_EXTENSION".equalsIgnoreCase(getAuthType())
> && getHttpPasswordUrl() != null
> && !canEdit(FieldName.USER_NAME)) {
> return false;
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
> index aefad27..3e05b00 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
> @@ -577,16 +577,14 @@
> final SignInMode mode = SignInMode.valueOf(args[0]);
> final String msg = KeyUtil.decode(args[1]);
> final String to = MINE;
> - switch (Gerrit.getConfig().getAuthType()) {
> - case OPENID:
> - new OpenIdSignInDialog(mode, to, msg).center();
> - break;
> - case LDAP:
> - case LDAP_BIND:
> - new UserPassSignInDialog(to, msg).center();
> - break;
> - default:
> - return null;
> + final String authType = Gerrit.getConfig().getAuthType();
> + if ("OPENID".equalsIgnoreCase(authType)) {
> + new OpenIdSignInDialog(mode, to, msg).center();
> + } else if ("LDAP".equalsIgnoreCase(authType)
> + || "LDAP_BIND".equalsIgnoreCase(authType)) {
> + new UserPassSignInDialog(to, msg).center();
> + } else {
> + return null;
> }
> switch (mode) {
> case SIGN_IN:
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
> index 8fe658b..4d88989 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
> @@ -15,8 +15,8 @@
> package com.google.gerrit.client;
>
> import static com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
> -import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT;
> import static com.google.gerrit.common.data.GlobalCapability.CREATE_GROUP;
> +import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT;
>
> import com.google.gerrit.client.account.AccountCapabilities;
> import com.google.gerrit.client.auth.openid.OpenIdSignInDialog;
> @@ -41,7 +41,6 @@
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.client.AccountDiffPreference;
> import com.google.gerrit.reviewdb.client.AccountGeneralPreferences;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gwt.core.client.EntryPoint;
> import com.google.gwt.core.client.GWT;
> import com.google.gwt.core.client.JavaScriptObject;
> @@ -249,34 +248,33 @@
>
> /** Sign the user into the application. */
> public static void doSignIn(String token) {
> - switch (myConfig.getAuthType()) {
> - case HTTP:
> - case HTTP_LDAP:
> - case CLIENT_SSL_CERT_LDAP:
> - case CUSTOM_EXTENSION:
> - Location.assign(loginRedirect(token));
> - break;
> + Window.alert("1: " + myConfig.getAuthType());
> + String authType = myConfig.getAuthType();
> + Window.alert("2: " + authType);
> + if ("HTTP".equalsIgnoreCase(authType) ||
> + "HTTP_LDAP".equalsIgnoreCase(authType) ||
> + "CLIENT_SSL_CERT_LDAP".equalsIgnoreCase(authType) ||
> + "CUSTOM_EXTENSION".equalsIgnoreCase(authType)) {
>
> - case DEVELOPMENT_BECOME_ANY_ACCOUNT:
> - Location.assign(selfRedirect("/become"));
> - break;
> + Location.assign(loginRedirect(token));
> + } else if ("DEVELOPMENT_BECOME_ANY_ACCOUNT".equalsIgnoreCase(authType)) {
>
> - case OPENID_SSO:
> - final RootPanel gBody = RootPanel.get("gerrit_body");
> - OpenIdSsoPanel singleSignOnPanel = new OpenIdSsoPanel();
> - gBody.add(singleSignOnPanel);
> - singleSignOnPanel.authenticate(SignInMode.SIGN_IN, token);
> - break;
> + Location.assign(selfRedirect("/become"));
> + } else if ("OPENID_SSO".equalsIgnoreCase(authType)) {
>
> - case OPENID:
> - new OpenIdSignInDialog(SignInMode.SIGN_IN, token, null).center();
> - break;
> + final RootPanel gBody = RootPanel.get("gerrit_body");
> + OpenIdSsoPanel singleSignOnPanel = new OpenIdSsoPanel();
> + gBody.add(singleSignOnPanel);
> + singleSignOnPanel.authenticate(SignInMode.SIGN_IN, token);
> + } else if ("OPENID".equalsIgnoreCase(authType)) {
>
> - case LDAP:
> - case LDAP_BIND:
> - new UserPassSignInDialog(token, null).center();
> - break;
> + new OpenIdSignInDialog(SignInMode.SIGN_IN, token, null).center();
> + } else if ("LDAP".equalsIgnoreCase(authType) ||
> + "LDAP_BIND".equalsIgnoreCase(authType)) {
> +
> + new UserPassSignInDialog(token, null).center();
> }
> +
> }
>
> public static String loginRedirect(String token) {
> @@ -645,57 +643,45 @@
> menuLeft.add(m, C.menuDocumentation());
> }
>
> + final String authType = cfg.getAuthType();
> if (signedIn) {
> whoAmI();
> addLink(menuRight, C.menuSettings(), PageLinks.SETTINGS);
> - if (cfg.getAuthType() != AuthType.CLIENT_SSL_CERT_LDAP) {
> + if (!authType.equalsIgnoreCase("CLIENT_SSL_CERT_LDAP")) {
> menuRight.add(anchor(C.menuSignOut(), selfRedirect("/logout")));
> }
> } else {
> - switch (cfg.getAuthType()) {
> - case HTTP:
> - case HTTP_LDAP:
> - case CLIENT_SSL_CERT_LDAP:
> - break;
> -
> - case OPENID:
> - menuRight.addItem(C.menuRegister(), new Command() {
> - public void execute() {
> - final String to = History.getToken();
> - new OpenIdSignInDialog(SignInMode.REGISTER, to, null).center();
> - }
> - });
> - menuRight.addItem(C.menuSignIn(), new Command() {
> - public void execute() {
> - doSignIn(History.getToken());
> - }
> - });
> - break;
> -
> - case OPENID_SSO:
> - menuRight.addItem(C.menuSignIn(), new Command() {
> - public void execute() {
> - doSignIn(History.getToken());
> - }
> - });
> - break;
> -
> - case LDAP:
> - case LDAP_BIND:
> - case CUSTOM_EXTENSION:
> - if (cfg.getRegisterUrl() != null) {
> - menuRight.add(anchor(C.menuRegister(), cfg.getRegisterUrl()));
> + if ("OPENID".equalsIgnoreCase(authType)) {
> + menuRight.addItem(C.menuRegister(), new Command() {
> + public void execute() {
> + final String to = History.getToken();
> + new OpenIdSignInDialog(SignInMode.REGISTER, to, null).center();
> }
> - menuRight.addItem(C.menuSignIn(), new Command() {
> - public void execute() {
> - doSignIn(History.getToken());
> - }
> - });
> - break;
> -
> - case DEVELOPMENT_BECOME_ANY_ACCOUNT:
> - menuRight.add(anchor("Become", selfRedirect("/become")));
> - break;
> + });
> + menuRight.addItem(C.menuSignIn(), new Command() {
> + public void execute() {
> + doSignIn(History.getToken());
> + }
> + });
> + } else if ("OPENID_SSO".equalsIgnoreCase(authType)) {
> + menuRight.addItem(C.menuSignIn(), new Command() {
> + public void execute() {
> + doSignIn(History.getToken());
> + }
> + });
> + } else if ("LDAP".equalsIgnoreCase(authType)
> + || "LDAP_BIND".equalsIgnoreCase(authType)
> + || "CUSTOM_EXTENSION".equalsIgnoreCase(authType)) {
> + if (cfg.getRegisterUrl() != null) {
> + menuRight.add(anchor(C.menuRegister(), cfg.getRegisterUrl()));
> + }
> + menuRight.addItem(C.menuSignIn(), new Command() {
> + public void execute() {
> + doSignIn(History.getToken());
> + }
> + });
> + } else if ("DEVELOPMENT_BECOME_ANY_ACCOUNT".equalsIgnoreCase(authType)) {
> + menuRight.add(anchor("Become", selfRedirect("/become")));
> }
> }
> }
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java
> index f354496..5862997 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/NotSignedInDialog.java
> @@ -20,6 +20,7 @@
> import com.google.gwt.event.logical.shared.CloseHandler;
> import com.google.gwt.user.client.DOM;
> import com.google.gwt.user.client.History;
> +import com.google.gwt.user.client.Window;
> import com.google.gwt.user.client.ui.Button;
> import com.google.gwt.user.client.ui.FlowPanel;
> import com.google.gwt.user.client.ui.HTML;
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
> index 4fbe7a0..d4c27c6 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/ContactPanelShort.java
> @@ -22,7 +22,6 @@
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.client.Account.FieldName;
> import com.google.gerrit.reviewdb.client.AccountExternalId;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.client.ContactInformation;
> import com.google.gwt.event.dom.client.ChangeEvent;
> import com.google.gwt.event.dom.client.ChangeHandler;
> @@ -285,7 +284,7 @@
> Util.ACCOUNT_SEC.registerEmail(addr, new GerritCallback<Account>() {
> public void onSuccess(Account currentUser) {
> box.hide();
> - if (Gerrit.getConfig().getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
> + if ("DEVELOPMENT_BECOME_ANY_ACCOUNT".equalsIgnoreCase(Gerrit.getConfig().getAuthType())) {
> currentEmail = addr;
> if (emailPick.getItemCount() == 0) {
> onSaveSuccess(currentUser);
> @@ -325,7 +324,7 @@
> buttons.add(register);
> buttons.add(cancel);
>
> - if (Gerrit.getConfig().getAuthType() != AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
> + if ("DEVELOPMENT_BECOME_ANY_ACCOUNT".equalsIgnoreCase(Gerrit.getConfig().getAuthType())) {
> body.add(new HTML(Util.C.descRegisterNewEmail()));
> }
> body.add(inEmail);
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java
> index 899aa03..3eed5d2 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/MyIdentitiesScreen.java
> @@ -59,20 +59,17 @@
> });
> add(deleteIdentity);
>
> - switch (Gerrit.getConfig().getAuthType()) {
> - case OPENID: {
> - final Button linkIdentity = new Button(Util.C.buttonLinkIdentity());
> - linkIdentity.addClickHandler(new ClickHandler() {
> - @Override
> - public void onClick(final ClickEvent event) {
> - final String to = History.getToken();
> - new OpenIdSignInDialog(SignInMode.LINK_IDENTIY, to, null).center();
> - }
> - });
> - add(linkIdentity);
> - break;
> - }
> - }
> + if ("OPENID".equalsIgnoreCase(Gerrit.getConfig().getAuthType())) {
> + final Button linkIdentity = new Button(Util.C.buttonLinkIdentity());
> + linkIdentity.addClickHandler(new ClickHandler() {
> + @Override
> + public void onClick(final ClickEvent event) {
> + final String to = History.getToken();
> + new OpenIdSignInDialog(SignInMode.LINK_IDENTIY, to, null).center();
> + }
> + });
> + add(linkIdentity);
> + }
> }
>
> @Override
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
> index ea7c04b..9218302 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
> @@ -240,23 +240,18 @@
> }
> });
>
> - switch (Gerrit.getConfig().getAuthType()) {
> - case HTTP_LDAP:
> - case LDAP:
> - case LDAP_BIND:
> - case CLIENT_SSL_CERT_LDAP:
> - break;
> - default:
> - return;
> + String authType = Gerrit.getConfig().getAuthType();
> + if ("HTTP_LDAP".equals(authType) || "LDAP".equalsIgnoreCase(authType)
> + || "LDAP_BIND".equalsIgnoreCase(authType)
> + || "CLIENT_SSL_CERT_LDAP".equalsIgnoreCase(authType)) {
> + final VerticalPanel fp = new VerticalPanel();
> + fp.setStyleName(Gerrit.RESOURCES.css().groupTypePanel());
> + fp.add(new SmallHeading(Util.C.headingGroupType()));
> + fp.add(typeSystem);
> + fp.add(typeSelect);
> + fp.add(saveType);
> + add(fp);
> }
> -
> - final VerticalPanel fp = new VerticalPanel();
> - fp.setStyleName(Gerrit.RESOURCES.css().groupTypePanel());
> - fp.add(new SmallHeading(Util.C.headingGroupType()));
> - fp.add(typeSystem);
> - fp.add(typeSelect);
> - fp.add(saveType);
> - add(fp);
> }
>
> private void setType(final AccountGroup.Type newType) {
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java
> index ccdd1ec..28c9372 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/auth/userpass/UserPassMessages.java
> @@ -14,10 +14,9 @@
>
> package com.google.gerrit.client.auth.userpass;
>
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gwt.i18n.client.Messages;
>
> public interface UserPassMessages extends Messages {
> String signInAt(String hostname);
> - String authenticationUnavailable(AuthType authType);
> + String authenticationUnavailable(String authType);
> }
> diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java
> index 7e314cc..285952a 100644
> --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java
> +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/changes/PatchSetComplexDisclosurePanel.java
> @@ -29,7 +29,8 @@
> import com.google.gerrit.common.data.PatchSetDetail;
> import com.google.gerrit.reviewdb.client.AccountDiffPreference;
> import com.google.gerrit.reviewdb.client.AccountGeneralPreferences;
> -import com.google.gerrit.reviewdb.client.AuthType;
> +import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadCommand;
> +import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
> import com.google.gerrit.reviewdb.client.Change;
> import com.google.gerrit.reviewdb.client.ChangeMessage;
> import com.google.gerrit.reviewdb.client.Patch;
> @@ -37,8 +38,6 @@
> import com.google.gerrit.reviewdb.client.PatchSetInfo;
> import com.google.gerrit.reviewdb.client.Project;
> import com.google.gerrit.reviewdb.client.UserIdentity;
> -import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadCommand;
> -import com.google.gerrit.reviewdb.client.AccountGeneralPreferences.DownloadScheme;
> import com.google.gwt.core.client.GWT;
> import com.google.gwt.event.dom.client.ClickEvent;
> import com.google.gwt.event.dom.client.ClickHandler;
> @@ -400,7 +399,7 @@
>
> private static boolean siteReliesOnHttp() {
> return Gerrit.getConfig().getGitHttpUrl() != null
> - && Gerrit.getConfig().getAuthType() == AuthType.CUSTOM_EXTENSION
> + && "CUSTOM_EXTENSION".equalsIgnoreCase(Gerrit.getConfig().getAuthType())
> && !Gerrit.getConfig().siteHasUsernames();
> }
>
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
> index c1f3ae4..65fb5c2 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/GerritConfigProvider.java
> @@ -85,27 +85,7 @@
>
> private GerritConfig create() throws MalformedURLException {
> final GerritConfig config = new GerritConfig();
> - switch (authConfig.getAuthType()) {
> - case OPENID:
> - config.setAllowedOpenIDs(authConfig.getAllowedOpenIDs());
> - break;
> -
> - case OPENID_SSO:
> - config.setOpenIdSsoUrl(authConfig.getOpenIdSsoUrl());
> - break;
> -
> - case LDAP:
> - case LDAP_BIND:
> - config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
> - config.setEditFullNameUrl(cfg.getString("auth", null, "editFullNameUrl"));
> - break;
> -
> - case CUSTOM_EXTENSION:
> - config.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
> - config.setEditFullNameUrl(cfg.getString("auth", null, "editFullNameUrl"));
> - config.setHttpPasswordUrl(cfg.getString("auth", null, "httpPasswordUrl"));
> - break;
> - }
> + realm.setAdditionalConfiguraction(config);
> config.setUseContributorAgreements(cfg.getBoolean("auth",
> "contributoragreements", false));
> config.setGitDaemonUrl(cfg.getString("gerrit", null, "canonicalgiturl"));
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
> index 1a48bb5..7e97897 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/WebModule.java
> @@ -14,14 +14,10 @@
>
> package com.google.gerrit.httpd;
>
> -import static com.google.inject.Scopes.SINGLETON;
> import static com.google.gerrit.extensions.registration.PrivateInternals_DynamicTypes.registerInParentInjectors;
> +import static com.google.inject.Scopes.SINGLETON;
>
> import com.google.gerrit.common.data.GerritConfig;
> -import com.google.gerrit.httpd.auth.become.BecomeAnyAccountLoginServlet;
> -import com.google.gerrit.httpd.auth.container.HttpAuthModule;
> -import com.google.gerrit.httpd.auth.container.HttpsClientSslCertModule;
> -import com.google.gerrit.httpd.auth.ldap.LdapAuthModule;
> import com.google.gerrit.httpd.gitweb.GitWebModule;
> import com.google.gerrit.httpd.rpc.UiRpcModule;
> import com.google.gerrit.lifecycle.LifecycleModule;
> @@ -31,10 +27,10 @@
> import com.google.gerrit.server.account.ChangeUserName;
> import com.google.gerrit.server.account.ClearPassword;
> import com.google.gerrit.server.account.GeneratePassword;
> -import com.google.gerrit.server.config.AuthConfig;
> import com.google.gerrit.server.config.CanonicalWebUrl;
> import com.google.gerrit.server.config.FactoryModule;
> import com.google.gerrit.server.config.GerritRequestModule;
> +import com.google.gerrit.server.config.RealmWebModule;
> import com.google.gerrit.server.contact.ContactStore;
> import com.google.gerrit.server.contact.ContactStoreProvider;
> import com.google.gerrit.server.util.GuiceRequestScopePropagator;
> @@ -42,7 +38,6 @@
> import com.google.inject.AbstractModule;
> import com.google.inject.Inject;
> import com.google.inject.Injector;
> -import com.google.inject.ProvisionException;
> import com.google.inject.servlet.RequestScoped;
> import com.google.inject.servlet.ServletModule;
>
> @@ -51,18 +46,18 @@
> import javax.annotation.Nullable;
>
> public class WebModule extends FactoryModule {
> - private final AuthConfig authConfig;
> private final UrlModule.UrlConfig urlConfig;
> private final boolean wantSSL;
> private final GitWebConfig gitWebConfig;
> + private final ServletModule realmWebModule;
>
> @Inject
> - WebModule(final AuthConfig authConfig,
> - final UrlModule.UrlConfig urlConfig,
> + WebModule(final UrlModule.UrlConfig urlConfig,
> @CanonicalWebUrl @Nullable final String canonicalUrl,
> - final Injector creatingInjector) {
> - this.authConfig = authConfig;
> + final Injector creatingInjector,
> + @RealmWebModule ServletModule realmWebModule) {
> this.urlConfig = urlConfig;
> + this.realmWebModule = realmWebModule;
> this.wantSSL = canonicalUrl != null && canonicalUrl.startsWith("https:");
>
> this.gitWebConfig =
> @@ -82,39 +77,7 @@
> if (wantSSL) {
> install(new RequireSslFilter.Module());
> }
> -
> - switch (authConfig.getAuthType()) {
> - case HTTP:
> - case HTTP_LDAP:
> - install(new HttpAuthModule());
> - break;
> -
> - case CLIENT_SSL_CERT_LDAP:
> - install(new HttpsClientSslCertModule());
> - break;
> -
> - case LDAP:
> - case LDAP_BIND:
> - install(new LdapAuthModule());
> - break;
> -
> - case DEVELOPMENT_BECOME_ANY_ACCOUNT:
> - install(new ServletModule() {
> - @Override
> - protected void configureServlets() {
> - serve("/become").with(BecomeAnyAccountLoginServlet.class);
> - }
> - });
> - break;
> -
> - case OPENID:
> - case OPENID_SSO:
> - // OpenID support is bound in WebAppInitializer and Daemon.
> - case CUSTOM_EXTENSION:
> - break;
> - default:
> - throw new ProvisionException("Unsupported loginType: " + authConfig.getAuthType());
> - }
> + install(realmWebModule);
>
> install(new UrlModule(urlConfig));
> install(new UiRpcModule());
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountRealmExtension.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountRealmExtension.java
> new file mode 100644
> index 0000000..57792d6
> --- /dev/null
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/become/BecomeAnyAccountRealmExtension.java
> @@ -0,0 +1,49 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.become;
> +
> +import com.google.gerrit.server.account.DefaultRealm;
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +public class BecomeAnyAccountRealmExtension implements RealmExtension {
> +
> + @Override
> + public String getName() {
> + return "DEVELOPMENT_BECOME_ANY_ACCOUNT";
> + }
> +
> + @Override
> + public Class<? extends Realm> getRealm() {
> + return DefaultRealm.class;
> + }
> +
> + @Override
> + public RealmCacheModule getCacheModule() {
> + return RealmExtension.EMPTY_SERVER_MODULE;
> + }
> +
> + @Override
> + public ServletModule getWebModule() {
> + return new ServletModule() {
> + @Override
> + protected void configureServlets() {
> + serve("/become").with(BecomeAnyAccountLoginServlet.class);
> + }
> + };
> + }
> +}
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java
> index 348ecbb..53749fe 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/auth/ldap/UserPassAuthServiceImpl.java
> @@ -17,7 +17,6 @@
> import com.google.gerrit.common.auth.userpass.LoginResult;
> import com.google.gerrit.common.auth.userpass.UserPassAuthService;
> import com.google.gerrit.httpd.WebSession;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.server.account.AccountException;
> import com.google.gerrit.server.account.AccountManager;
> import com.google.gerrit.server.account.AccountUserNameException;
> @@ -36,7 +35,7 @@
> class UserPassAuthServiceImpl implements UserPassAuthService {
> private final Provider<WebSession> webSession;
> private final AccountManager accountManager;
> - private final AuthType authType;
> + private final String authType;
>
> private static final Logger log = LoggerFactory
> .getLogger(UserPassAuthServiceImpl.class);
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
> index b62a10b..b2334aa 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
> @@ -30,7 +30,6 @@
> import com.google.gerrit.reviewdb.client.AccountGroupMember;
> import com.google.gerrit.reviewdb.client.AccountGroupMemberAudit;
> import com.google.gerrit.reviewdb.client.AccountSshKey;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.client.ContactInformation;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.gerrit.server.CurrentUser;
> @@ -311,7 +310,7 @@
>
> public void registerEmail(final String address,
> final AsyncCallback<Account> cb) {
> - if (authConfig.getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
> + if (authConfig.getAuthType().equalsIgnoreCase("DEVELOPMENT_BECOME_ANY_ACCOUNT")) {
> try {
> accountManager.link(user.get().getAccountId(),
> AuthRequest.forEmail(address));
> diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java
> index aca2e05..ba8dc2b 100644
> --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java
> +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/GroupAdminServiceImpl.java
> @@ -31,7 +31,6 @@
> import com.google.gerrit.reviewdb.client.AccountGroupIncludeAudit;
> import com.google.gerrit.reviewdb.client.AccountGroupMember;
> import com.google.gerrit.reviewdb.client.AccountGroupMemberAudit;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.gerrit.server.IdentifiedUser;
> import com.google.gerrit.server.account.AccountCache;
> @@ -60,7 +59,7 @@
> private final AccountCache accountCache;
> private final AccountResolver accountResolver;
> private final AccountManager accountManager;
> - private final AuthType authType;
> + private final String authType;
> private final GroupCache groupCache;
> private final GroupBackend groupBackend;
> private final GroupIncludeCache groupIncludeCache;
> @@ -379,13 +378,8 @@
> Failure {
> Account r = accountResolver.find(nameOrEmail);
> if (r == null) {
> - switch (authType) {
> - case HTTP_LDAP:
> - case CLIENT_SSL_CERT_LDAP:
> - case LDAP:
> + if (authType.contains("ldap") || authType.contains("LDAP")) {
> r = createAccountByLdap(nameOrEmail);
> - break;
> - default:
> }
> if (r == null) {
> throw new Failure(new NoSuchAccountException(nameOrEmail));
> diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealm.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealm.java
> new file mode 100644
> index 0000000..529ab7d
> --- /dev/null
> +++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealm.java
> @@ -0,0 +1,39 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.openid;
> +
> +import com.google.gerrit.common.data.GerritConfig;
> +import com.google.gerrit.server.account.AccountByEmailCache;
> +import com.google.gerrit.server.account.DefaultRealm;
> +import com.google.gerrit.server.account.EmailExpander;
> +import com.google.gerrit.server.config.AuthConfig;
> +import com.google.inject.Inject;
> +
> +public class OpenIdRealm extends DefaultRealm {
> +
> + private AuthConfig authConfig;
> +
> + @Inject
> + OpenIdRealm(final AuthConfig authConfig, final EmailExpander emailExpander,
> + final AccountByEmailCache byEmail) {
> + super(emailExpander, byEmail);
> + this.authConfig = authConfig;
> + }
> +
> + @Override
> + public void setAdditionalConfiguraction(GerritConfig config) {
> + config.setAllowedOpenIDs(authConfig.getAllowedOpenIDs());
> + }
> +}
> diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealmExtension.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealmExtension.java
> new file mode 100644
> index 0000000..e4bfc09
> --- /dev/null
> +++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdRealmExtension.java
> @@ -0,0 +1,48 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.openid;
> +
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.annotation.Nonnull;
> +
> +public class OpenIdRealmExtension implements RealmExtension {
> +
> + @Override
> + @Nonnull
> + public String getName() {
> + return "OPENID";
> + }
> +
> + @Override
> + @Nonnull
> + public Class<? extends Realm> getRealm() {
> + return OpenIdRealm.class;
> + }
> +
> + @Override
> + public RealmCacheModule getCacheModule() {
> + return RealmExtension.EMPTY_SERVER_MODULE;
> + }
> +
> + @Override
> + public ServletModule getWebModule() {
> + return new OpenIdModule();
> + }
> +
> +}
> diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealm.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealm.java
> new file mode 100644
> index 0000000..65f4fb8
> --- /dev/null
> +++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealm.java
> @@ -0,0 +1,39 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.openid;
> +
> +import com.google.gerrit.common.data.GerritConfig;
> +import com.google.gerrit.server.account.AccountByEmailCache;
> +import com.google.gerrit.server.account.DefaultRealm;
> +import com.google.gerrit.server.account.EmailExpander;
> +import com.google.gerrit.server.config.AuthConfig;
> +import com.google.inject.Inject;
> +
> +public class OpenIdSsoRealm extends DefaultRealm {
> +
> + private AuthConfig authConfig;
> +
> + @Inject
> + OpenIdSsoRealm(final AuthConfig authConfig,
> + final EmailExpander emailExpander, final AccountByEmailCache byEmail) {
> + super(emailExpander, byEmail);
> + this.authConfig = authConfig;
> + }
> +
> + @Override
> + public void setAdditionalConfiguraction(GerritConfig config) {
> + config.setOpenIdSsoUrl(authConfig.getOpenIdSsoUrl());
> + }
> +}
> diff --git a/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealmExtension.java b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealmExtension.java
> new file mode 100644
> index 0000000..292d760
> --- /dev/null
> +++ b/gerrit-openid/src/main/java/com/google/gerrit/httpd/auth/openid/OpenIdSsoRealmExtension.java
> @@ -0,0 +1,48 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.httpd.auth.openid;
> +
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.annotation.Nonnull;
> +
> +public class OpenIdSsoRealmExtension implements RealmExtension {
> +
> + @Override
> + @Nonnull
> + public String getName() {
> + return "OPENID";
> + }
> +
> + @Override
> + @Nonnull
> + public Class<? extends Realm> getRealm() {
> + return OpenIdSsoRealm.class;
> + }
> +
> + @Override
> + public RealmCacheModule getCacheModule() {
> + return RealmExtension.EMPTY_SERVER_MODULE;
> + }
> +
> + @Override
> + public ServletModule getWebModule() {
> + return new OpenIdModule();
> + }
> +
> +}
> diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
> index c164d48..48f2fa3 100644
> --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
> +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/Daemon.java
> @@ -25,7 +25,6 @@
> import com.google.gerrit.httpd.SignedTokenRestTokenVerifier;
> import com.google.gerrit.httpd.WebModule;
> import com.google.gerrit.httpd.WebSshGlueModule;
> -import com.google.gerrit.httpd.auth.openid.OpenIdModule;
> import com.google.gerrit.httpd.plugins.HttpPluginModule;
> import com.google.gerrit.lifecycle.LifecycleManager;
> import com.google.gerrit.pgm.http.jetty.GetUserFilter;
> @@ -36,10 +35,8 @@
> import com.google.gerrit.pgm.util.LogFileCompressor;
> import com.google.gerrit.pgm.util.RuntimeShutdown;
> import com.google.gerrit.pgm.util.SiteProgram;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.gerrit.server.cache.h2.DefaultCacheFactory;
> -import com.google.gerrit.server.config.AuthConfig;
> import com.google.gerrit.server.config.AuthConfigModule;
> import com.google.gerrit.server.config.CanonicalWebUrlModule;
> import com.google.gerrit.server.config.CanonicalWebUrlProvider;
> @@ -370,11 +367,6 @@
> modules.add(new NoSshModule());
> }
>
> - AuthConfig authConfig = cfgInjector.getInstance(AuthConfig.class);
> - if (authConfig.getAuthType() == AuthType.OPENID ||
> - authConfig.getAuthType() == AuthType.OPENID_SSO) {
> - modules.add(new OpenIdModule());
> - }
> modules.add(sysInjector.getInstance(GetUserFilter.Module.class));
>
> return sysInjector.createChildInjector(modules);
> diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
> index 5823940..6112988 100644
> --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
> +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/JettyServer.java
> @@ -19,7 +19,6 @@
>
> import com.google.gerrit.extensions.events.LifecycleListener;
> import com.google.gerrit.launcher.GerritLauncher;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.server.config.ConfigUtil;
> import com.google.gerrit.server.config.GerritServerConfig;
> import com.google.gerrit.server.config.SitePaths;
> @@ -141,7 +140,7 @@
> final URI[] listenUrls = listenURLs(cfg);
> final boolean reuseAddress = cfg.getBoolean("httpd", "reuseaddress", true);
> final int acceptors = cfg.getInt("httpd", "acceptorThreads", 2);
> - final AuthType authType = ConfigUtil.getEnum(cfg, "auth", null, "type", AuthType.OPENID);
> + final String authType = cfg.getString("auth", null, "type");
>
> reverseProxy = isReverseProxied(listenUrls);
> final Connector[] connectors = new Connector[listenUrls.length];
> @@ -150,11 +149,10 @@
> final int defaultPort;
> final SelectChannelConnector c;
>
> - if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType) && ! "https".equals(u.getScheme())) {
> + if (authType.equalsIgnoreCase("CLIENT_SSL_CERT_LDAP") && ! "https".equals(u.getScheme())) {
> throw new IllegalArgumentException("Protocol '" + u.getScheme()
> + "' " + " not supported in httpd.listenurl '" + u
> - + "' when auth.type = '" + AuthType.CLIENT_SSL_CERT_LDAP.name()
> - + "'; only 'https' is supported");
> + + "' when auth.type = 'CLIENT_SSL_CERT_LDAP'; only 'https' is supported");
> }
>
> if ("http".equals(u.getScheme())) {
> @@ -172,7 +170,7 @@
> ssl.setKeyPassword(password);
> ssl.setTrustPassword(password);
>
> - if (AuthType.CLIENT_SSL_CERT_LDAP.equals(authType)) {
> + if (authType.equalsIgnoreCase("CLIENT_SSL_CERT_LDAP")) {
> ssl.setNeedClientAuth(true);
> }
>
> diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
> index fa4dc14..00129d6 100644
> --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
> +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
> @@ -14,10 +14,7 @@
>
> package com.google.gerrit.pgm.init;
>
> -import static com.google.gerrit.pgm.init.InitUtil.dnOf;
> -
> import com.google.gerrit.pgm.util.ConsoleUI;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gwtjsonrpc.server.SignedToken;
> import com.google.inject.Inject;
> import com.google.inject.Singleton;
> @@ -38,8 +35,8 @@
>
> public void run() {
> ui.header("User Authentication");
> -
> - final AuthType auth_type =
> +// move to Realm.init() metehod
> +/* final AuthType auth_type =
> auth.select("Authentication method", "type", AuthType.OPENID);
>
> switch (auth_type) {
> @@ -80,7 +77,7 @@
> ldap.string("Group BaseDN", "groupBase", aBase);
> break;
> }
> - }
> + } */
>
> if (auth.getSecure("registerEmailPrivateKey") == null) {
> auth.setSecure("registerEmailPrivateKey", SignedToken.generateRandomKey());
> diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java
> index 98d2e47..8a40fbb 100644
> --- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java
> +++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitHttpd.java
> @@ -21,8 +21,6 @@
> import static com.google.gerrit.pgm.init.InitUtil.toURI;
>
> import com.google.gerrit.pgm.util.ConsoleUI;
> -import com.google.gerrit.reviewdb.client.AuthType;
> -import com.google.gerrit.server.config.ConfigUtil;
> import com.google.gerrit.server.config.SitePaths;
> import com.google.gwtjsonrpc.server.SignedToken;
> import com.google.inject.Inject;
> @@ -123,7 +121,7 @@
> }
> if (gerrit.get("canonicalWebUrl") != null //
> || (!proxy && ssl) //
> - || getAuthType() == AuthType.OPENID) {
> + || getAuthType().equalsIgnoreCase("OPENID")) {
> gerrit.string("Canonical URL", "canonicalWebUrl", uri.toString());
> }
>
> @@ -197,7 +195,7 @@
> }
> }
>
> - private AuthType getAuthType() {
> - return ConfigUtil.getEnum(flags.cfg, "auth", null, "type", AuthType.OPENID);
> + private String getAuthType() {
> + return flags.cfg.getString("auth", null, "type");
> }
> }
> diff --git a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AuthType.java b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AuthType.java
> deleted file mode 100644
> index b615fc5..0000000
> --- a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AuthType.java
> +++ /dev/null
> @@ -1,84 +0,0 @@
> -// Copyright (C) 2009 The Android Open Source Project
> -//
> -// Licensed under the Apache License, Version 2.0 (the "License");
> -// you may not use this file except in compliance with the License.
> -// You may obtain a copy of the License at
> -//
> -// http://www.apache.org/licenses/LICENSE-2.0
> -//
> -// Unless required by applicable law or agreed to in writing, software
> -// distributed under the License is distributed on an "AS IS" BASIS,
> -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> -// See the License for the specific language governing permissions and
> -// limitations under the License.
> -
> -package com.google.gerrit.reviewdb.client;
> -
> -public enum AuthType {
> - /** Login relies upon the OpenID standard: {@link "http://openid.net/"} */
> - OPENID,
> -
> - /** Login relies upon the OpenID standard: {@link "http://openid.net/"} in Single Sign On mode */
> - OPENID_SSO,
> -
> - /**
> - * Login relies upon the container/web server security.
> - * <p>
> - * The container or web server must populate an HTTP header with a unique name
> - * for the current user. Gerrit will implicitly trust the value of this header
> - * to supply the unique identity.
> - */
> - HTTP,
> -
> - /**
> - * Login relies upon the container/web server security, but also uses LDAP.
> - * <p>
> - * Like {@link #HTTP}, the container or web server must populate an HTTP
> - * header with a unique name for the current user. Gerrit will implicitly
> - * trust the value of this header to supply the unique identity.
> - * <p>
> - * In addition to trusting the HTTP headers, Gerrit will obtain basic user
> - * registration (name and email) from LDAP, and some group memberships.
> - */
> - HTTP_LDAP,
> -
> - /**
> - * Login via client SSL certificate.
> - * <p>
> - * This authentication type is actually kind of SSO. Gerrit will configure
> - * Jetty's SSL channel to request client's SSL certificate. For this
> - * authentication to work a Gerrit administrator has to import the root
> - * certificate of the trust chain used to issue the client's certificate
> - * into the <review-site>/etc/keystore.
> - * <p>
> - * After the authentication is done Gerrit will obtain basic user
> - * registration (name and email) from LDAP, and some group memberships.
> - * Therefore, the "_LDAP" suffix in the name of this authentication type.
> - */
> - CLIENT_SSL_CERT_LDAP,
> -
> - /**
> - * Login collects username and password through a web form, and binds to LDAP.
> - * <p>
> - * Unlike {@link #HTTP_LDAP}, Gerrit presents a sign-in dialog to the user and
> - * makes the connection to the LDAP server on their behalf.
> - */
> - LDAP,
> -
> - /**
> - * Login collects username and password through a web form, and binds to LDAP.
> - * <p>
> - * Unlike {@link #HTTP_LDAP}, Gerrit presents a sign-in dialog to the user and
> - * makes the connection to the LDAP server on their behalf.
> - * <p>
> - * Unlike the more generic {@link #LDAP} mode, Gerrit can only query the
> - * directory via an actual authenticated user account.
> - */
> - LDAP_BIND,
> -
> - /** Login is managed by additional, unspecified code. */
> - CUSTOM_EXTENSION,
> -
> - /** Development mode to enable becoming anyone you want. */
> - DEVELOPMENT_BECOME_ANY_ACCOUNT;
> -}
> diff --git a/gerrit-server/pom.xml b/gerrit-server/pom.xml
> index af18173..ecf8280 100644
> --- a/gerrit-server/pom.xml
> +++ b/gerrit-server/pom.xml
> @@ -180,6 +180,11 @@
> <groupId>org.pegdown</groupId>
> <artifactId>pegdown</artifactId>
> </dependency>
> +
> + <dependency>
> + <groupId>org.reflections</groupId>
> + <artifactId>reflections</artifactId>
> + </dependency>
> </dependencies>
>
> <build>
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java b/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
> index 89cbac1..a019a14 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
> @@ -68,7 +68,6 @@
> private final AuthConfig authConfig;
> private final String anonymousCowardName;
> private final Provider<String> canonicalUrl;
> - private final Realm realm;
> private final AccountCache accountCache;
> private final GroupBackend groupBackend;
>
> @@ -78,13 +77,12 @@
> final AuthConfig authConfig,
> final @AnonymousCowardName String anonymousCowardName,
> final @CanonicalWebUrl Provider<String> canonicalUrl,
> - final Realm realm, final AccountCache accountCache,
> + final AccountCache accountCache,
> final GroupBackend groupBackend) {
> this.capabilityControlFactory = capabilityControlFactory;
> this.authConfig = authConfig;
> this.anonymousCowardName = anonymousCowardName;
> this.canonicalUrl = canonicalUrl;
> - this.realm = realm;
> this.accountCache = accountCache;
> this.groupBackend = groupBackend;
> }
> @@ -95,14 +93,14 @@
>
> public IdentifiedUser create(Provider<ReviewDb> db, Account.Id id) {
> return new IdentifiedUser(capabilityControlFactory, AccessPath.UNKNOWN,
> - authConfig, anonymousCowardName, canonicalUrl, realm, accountCache,
> + authConfig, anonymousCowardName, canonicalUrl, accountCache,
> groupBackend, null, db, id);
> }
>
> public IdentifiedUser create(AccessPath accessPath,
> Provider<SocketAddress> remotePeerProvider, Account.Id id) {
> return new IdentifiedUser(capabilityControlFactory, accessPath,
> - authConfig, anonymousCowardName, canonicalUrl, realm, accountCache,
> + authConfig, anonymousCowardName, canonicalUrl, accountCache,
> groupBackend, remotePeerProvider, null, id);
> }
> }
> @@ -119,7 +117,7 @@
> private final AuthConfig authConfig;
> private final String anonymousCowardName;
> private final Provider<String> canonicalUrl;
> - private final Realm realm;
> + private final Provider<Realm> realm;
> private final AccountCache accountCache;
> private final GroupBackend groupBackend;
>
> @@ -132,7 +130,7 @@
> final AuthConfig authConfig,
> final @AnonymousCowardName String anonymousCowardName,
> final @CanonicalWebUrl Provider<String> canonicalUrl,
> - final Realm realm, final AccountCache accountCache,
> + final Provider<Realm> realm, final AccountCache accountCache,
> final GroupBackend groupBackend,
>
> final @RemotePeer Provider<SocketAddress> remotePeerProvider,
> @@ -152,7 +150,7 @@
> public IdentifiedUser create(final AccessPath accessPath,
> final Account.Id id) {
> return new IdentifiedUser(capabilityControlFactory, accessPath,
> - authConfig, anonymousCowardName, canonicalUrl, realm, accountCache,
> + authConfig, anonymousCowardName, canonicalUrl, accountCache,
> groupBackend, remotePeerProvider, dbProvider, id);
> }
> }
> @@ -191,7 +189,7 @@
> final AuthConfig authConfig,
> final String anonymousCowardName,
> final Provider<String> canonicalUrl,
> - final Realm realm, final AccountCache accountCache,
> + final AccountCache accountCache,
> final GroupBackend groupBackend,
> @Nullable final Provider<SocketAddress> remotePeerProvider,
> @Nullable final Provider<ReviewDb> dbProvider, final Account.Id id) {
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
> index e469c34..5c5bb35 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
> @@ -42,6 +42,8 @@
> import java.util.List;
> import java.util.concurrent.atomic.AtomicBoolean;
>
> +import javax.inject.Provider;
> +
> /** Tracks authentication related details for user accounts. */
> @Singleton
> public class AccountManager {
> @@ -52,7 +54,7 @@
> private final AccountCache byIdCache;
> private final AccountByEmailCache byEmailCache;
> private final AuthConfig authConfig;
> - private final Realm realm;
> + private final Provider<Realm> realmProvider;
> private final IdentifiedUser.GenericFactory userFactory;
> private final ChangeUserName.Factory changeUserNameFactory;
> private final ProjectCache projectCache;
> @@ -61,7 +63,7 @@
> @Inject
> AccountManager(final SchemaFactory<ReviewDb> schema,
> final AccountCache byIdCache, final AccountByEmailCache byEmailCache,
> - final AuthConfig authConfig, final Realm accountMapper,
> + final AuthConfig authConfig, final Provider<Realm> accountMapper,
> final IdentifiedUser.GenericFactory userFactory,
> final ChangeUserName.Factory changeUserNameFactory,
> final ProjectCache projectCache) throws OrmException {
> @@ -69,7 +71,7 @@
> this.byIdCache = byIdCache;
> this.byEmailCache = byEmailCache;
> this.authConfig = authConfig;
> - this.realm = accountMapper;
> + this.realmProvider = accountMapper;
> this.userFactory = userFactory;
> this.changeUserNameFactory = changeUserNameFactory;
> this.projectCache = projectCache;
> @@ -110,7 +112,7 @@
> * or exists, but cannot be located, or is inactive.
> */
> public AuthResult authenticate(AuthRequest who) throws AccountException {
> - who = realm.authenticate(who);
> + who = realmProvider.get().authenticate(who);
> try {
> final ReviewDb db = schema.open();
> try {
> @@ -162,6 +164,7 @@
> db.accountExternalIds().update(Collections.singleton(extId));
> }
>
> + Realm realm = realmProvider.get();
> if (!realm.allowsEdit(Account.FieldName.FULL_NAME)
> && !eq(user.getAccount().getFullName(), who.getDisplayName())) {
> toUpdate = load(toUpdate, user.getAccountId(), db);
> @@ -320,7 +323,7 @@
> }
>
> byEmailCache.evict(account.getPreferredEmail());
> - realm.onCreateAccount(who, account);
> + realmProvider.get().onCreateAccount(who, account);
> return new AuthResult(newId, extId.getKey(), true);
> }
>
> @@ -352,7 +355,7 @@
> } else {
> log.error(errorMessage);
> }
> - if (!realm.allowsEdit(Account.FieldName.USER_NAME)) {
> + if (!realmProvider.get().allowsEdit(Account.FieldName.USER_NAME)) {
> // setting the given user name has failed, but the realm does not
> // allow the user to manually set a user name,
> // this means we would end with an account without user name
> @@ -387,7 +390,7 @@
> try {
> final ReviewDb db = schema.open();
> try {
> - who = realm.link(db, to, who);
> + who = realmProvider.get().link(db, to, who);
>
> final AccountExternalId.Key key = id(who);
> AccountExternalId extId = db.accountExternalIds().get(key);
> @@ -440,7 +443,7 @@
> try {
> final ReviewDb db = schema.open();
> try {
> - who = realm.unlink(db, from, who);
> + who = realmProvider.get().unlink(db, from, who);
>
> final AccountExternalId.Key key = id(who);
> AccountExternalId extId = db.accountExternalIds().get(key);
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
> index c90f3e9..8e47a59 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java
> @@ -14,6 +14,7 @@
>
> package com.google.gerrit.server.account;
>
> +import com.google.gerrit.common.data.GerritConfig;
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.inject.Inject;
> @@ -25,7 +26,7 @@
> private final AccountByEmailCache byEmail;
>
> @Inject
> - DefaultRealm(final EmailExpander emailExpander,
> + public DefaultRealm(final EmailExpander emailExpander,
> final AccountByEmailCache byEmail) {
> this.emailExpander = emailExpander;
> this.byEmail = byEmail;
> @@ -69,4 +70,8 @@
> }
> return null;
> }
> +
> + @Override
> + public void setAdditionalConfiguraction(GerritConfig config) {
> + }
> }
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
> index e44d46e..e70c0ca 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java
> @@ -14,6 +14,7 @@
>
> package com.google.gerrit.server.account;
>
> +import com.google.gerrit.common.data.GerritConfig;
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.server.ReviewDb;
>
> @@ -40,4 +41,6 @@
> * user by that email address.
> */
> public Account.Id lookup(String accountName);
> +
> + public void setAdditionalConfiguraction(GerritConfig config);
> }
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/RealmExtension.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/RealmExtension.java
> new file mode 100644
> index 0000000..cd83b69
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/RealmExtension.java
> @@ -0,0 +1,42 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.account;
> +
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.annotation.Nonnull;
> +
> +public interface RealmExtension {
> +
> + public static final ServletModule EMPTY_WEB_MODULE = new ServletModule();
> +
> + public static final RealmCacheModule EMPTY_SERVER_MODULE = new RealmCacheModule() {
> + @Override
> + protected void configure() {}
> + };
> +
> + @Nonnull
> + String getName();
> +
> + @Nonnull
> + Class<? extends Realm> getRealm();
> +
> + @Nonnull
> + RealmCacheModule getCacheModule();
> +
> + @Nonnull
> + ServletModule getWebModule();
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java b/gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java
> index 8e71b88..8061875 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/args4j/AccountIdHandler.java
> @@ -15,7 +15,6 @@
> package com.google.gerrit.server.args4j;
>
> import com.google.gerrit.reviewdb.client.Account;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.server.account.AccountException;
> import com.google.gerrit.server.account.AccountManager;
> import com.google.gerrit.server.account.AccountResolver;
> @@ -35,7 +34,7 @@
> public class AccountIdHandler extends OptionHandler<Account.Id> {
> private final AccountResolver accountResolver;
> private final AccountManager accountManager;
> - private final AuthType authType;
> + private final String authType;
>
> @Inject
> public AccountIdHandler(final AccountResolver accountResolver,
> @@ -59,14 +58,10 @@
> if (a != null) {
> accountId = a.getId();
> } else {
> - switch (authType) {
> - case HTTP_LDAP:
> - case CLIENT_SSL_CERT_LDAP:
> - case LDAP:
> - accountId = createAccountByLdap(token);
> - break;
> - default:
> - throw new CmdLineException(owner, "user \"" + token + "\" not found");
> + if (authType.contains("ldap") || authType.contains("LDAP")) {
> + accountId = createAccountByLdap(token);
> + } else {
> + throw new CmdLineException(owner, "user \"" + token + "\" not found");
> }
> }
> } catch (OrmException e) {
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
> index 29533b9..7f5bcb2 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
> @@ -22,13 +22,13 @@
> import com.google.gerrit.reviewdb.client.AccountGroup;
> import com.google.gerrit.server.account.GroupBackend;
> import com.google.gerrit.server.account.Realm;
> -import com.google.gerrit.server.cache.CacheModule;
> +import com.google.gerrit.server.config.RealmCacheModule;
> import com.google.inject.Scopes;
> import com.google.inject.TypeLiteral;
>
> import java.util.Set;
>
> -public class LdapModule extends CacheModule {
> +public class LdapModule extends RealmCacheModule {
> static final String USERNAME_CACHE = "ldap_usernames";
> static final String GROUP_CACHE = "ldap_groups";
> static final String GROUP_EXIST_CACHE = "ldap_group_existence";
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
> index 72eb7ec..d3b5f7b 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
> @@ -20,11 +20,11 @@
> import com.google.common.base.Strings;
> import com.google.common.cache.CacheLoader;
> import com.google.common.cache.LoadingCache;
> +import com.google.gerrit.common.data.GerritConfig;
> import com.google.gerrit.common.data.ParameterizedString;
> import com.google.gerrit.reviewdb.client.Account;
> import com.google.gerrit.reviewdb.client.AccountExternalId;
> import com.google.gerrit.reviewdb.client.AccountGroup;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.reviewdb.server.ReviewDb;
> import com.google.gerrit.server.account.AccountException;
> import com.google.gerrit.server.account.AuthRequest;
> @@ -71,15 +71,18 @@
> private final Config config;
>
> private final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache;
> + private Config cfg;
>
> @Inject
> LdapRealm(
> final Helper helper,
> final AuthConfig authConfig,
> final EmailExpander emailExpander,
> + @GerritServerConfig final Config gsc,
> @Named(LdapModule.GROUP_CACHE) final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache,
> @Named(LdapModule.USERNAME_CACHE) final LoadingCache<String, Optional<Account.Id>> usernameCache,
> @GerritServerConfig final Config config) {
> + this.cfg = gsc;
> this.helper = helper;
> this.authConfig = authConfig;
> this.emailExpander = emailExpander;
> @@ -192,7 +195,7 @@
> final String username = who.getLocalUser();
> try {
> final DirContext ctx;
> - if (authConfig.getAuthType() == AuthType.LDAP_BIND) {
> + if (authConfig.getAuthType().equalsIgnoreCase("LDAP_BIND")) {
> ctx = helper.authenticate(username, who.getPassword());
> } else {
> ctx = helper.open();
> @@ -201,7 +204,7 @@
> final Helper.LdapSchema schema = helper.getSchema(ctx);
> final LdapQuery.Result m = helper.findAccount(schema, ctx, username);
>
> - if (authConfig.getAuthType() == AuthType.LDAP && !who.isSkipAuthentication()) {
> + if (authConfig.getAuthType().equalsIgnoreCase("LDAP") && !who.isSkipAuthentication()) {
> // We found the user account, but we need to verify
> // the password matches it before we can continue.
> //
> @@ -272,6 +275,14 @@
> }
> }
>
> + @Override
> + public void setAdditionalConfiguraction(GerritConfig gerritConfig) {
> +// case LDAP:
> +// case LDAP_BIND:
> + gerritConfig.setRegisterUrl(cfg.getString("auth", null, "registerurl"));
> + gerritConfig.setEditFullNameUrl(cfg.getString("auth", null, "editFullNameUrl"));
> + }
> +
> static class UserLoader extends CacheLoader<String, Optional<Account.Id>> {
> private final SchemaFactory<ReviewDb> schema;
>
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRelmExtension.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRelmExtension.java
> new file mode 100644
> index 0000000..6088653
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRelmExtension.java
> @@ -0,0 +1,54 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.auth.ldap;
> +
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.gerrit.server.config.RealmCacheModule;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.annotation.Nonnull;
> +
> +public class LdapRelmExtension implements RealmExtension {
> +
> + @Override
> + @Nonnull
> + public String getName() {
> + return "LDAP";
> + }
> +
> + @Override
> + @Nonnull
> + public Class<? extends Realm> getRealm() {
> + return LdapRealm.class;
> + }
> +
> + @Override
> + @Nonnull
> + public RealmCacheModule getCacheModule() {
> + return new LdapModule();
> + }
> +
> + @Override
> + @Nonnull
> + public ServletModule getWebModule() {
> + // for now we return empty module,
> + // because LdapAuthModule is out of
> + // scope, maybe all LDAP connected
> + // stuff should be moved to separate project/maven-module
> + return RealmExtension.EMPTY_WEB_MODULE;
> + }
> +
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
> index 9916257..58556a4 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
> @@ -16,7 +16,6 @@
>
> import com.google.gerrit.common.auth.openid.OpenIdProviderPattern;
> import com.google.gerrit.reviewdb.client.AccountExternalId;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gwtjsonrpc.server.SignedToken;
> import com.google.gwtjsonrpc.server.XsrfException;
> import com.google.inject.Inject;
> @@ -33,7 +32,7 @@
> /** Authentication related settings from {@code gerrit.config}. */
> @Singleton
> public class AuthConfig {
> - private final AuthType authType;
> + private final String authType;
> private final String httpHeader;
> private final boolean trustContainerAuth;
> private final boolean userNameToLowerCase;
> @@ -52,7 +51,7 @@
> @Inject
> AuthConfig(@GerritServerConfig final Config cfg)
> throws XsrfException {
> - authType = toType(cfg);
> + authType = cfg.getString("auth", null, "type");
> httpHeader = cfg.getString("auth", null, "httpheader");
> logoutUrl = cfg.getString("auth", null, "logouturl");
> openIdSsoUrl = cfg.getString("auth", null, "openidssourl");
> @@ -85,7 +84,7 @@
> restToken = null;
> }
>
> - if (authType == AuthType.OPENID) {
> + if (authType.equalsIgnoreCase("OpenId")) {
> allowGoogleAccountUpgrade =
> cfg.getBoolean("auth", "allowgoogleaccountupgrade", false);
> } else {
> @@ -106,12 +105,8 @@
> return Collections.unmodifiableList(r);
> }
>
> - private static AuthType toType(final Config cfg) {
> - return ConfigUtil.getEnum(cfg, "auth", null, "type", AuthType.OPENID);
> - }
> -
> /** Type of user authentication used by this Gerrit server. */
> - public AuthType getAuthType() {
> + public String getAuthType() {
> return authType;
> }
>
> @@ -168,7 +163,8 @@
> }
>
> public boolean isIdentityTrustable(final Collection<AccountExternalId> ids) {
> - switch (getAuthType()) {
> + return true;
> +/* switch (getAuthType()) {
> case DEVELOPMENT_BECOME_ANY_ACCOUNT:
> case HTTP:
> case HTTP_LDAP:
> @@ -199,7 +195,7 @@
> // Assume not, we don't understand the login format.
> //
> return false;
> - }
> + }*/
> }
>
> private boolean isTrusted(final AccountExternalId id) {
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
> index 2a66706..f175583 100644
> --- a/gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
> @@ -23,7 +23,6 @@
> import com.google.gerrit.extensions.events.NewProjectCreatedListener;
> import com.google.gerrit.extensions.registration.DynamicMap;
> import com.google.gerrit.extensions.registration.DynamicSet;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.rules.PrologModule;
> import com.google.gerrit.rules.RulesCache;
> import com.google.gerrit.server.AnonymousUser;
> @@ -37,7 +36,6 @@
> import com.google.gerrit.server.account.AccountVisibility;
> import com.google.gerrit.server.account.AccountVisibilityProvider;
> import com.google.gerrit.server.account.CapabilityControl;
> -import com.google.gerrit.server.account.DefaultRealm;
> import com.google.gerrit.server.account.EmailExpander;
> import com.google.gerrit.server.account.GroupBackend;
> import com.google.gerrit.server.account.GroupCacheImpl;
> @@ -46,9 +44,7 @@
> import com.google.gerrit.server.account.GroupInfoCacheFactory;
> import com.google.gerrit.server.account.IncludingGroupMembership;
> import com.google.gerrit.server.account.InternalGroupBackend;
> -import com.google.gerrit.server.account.Realm;
> import com.google.gerrit.server.account.UniversalGroupBackend;
> -import com.google.gerrit.server.auth.ldap.LdapModule;
> import com.google.gerrit.server.cache.CacheRemovalListener;
> import com.google.gerrit.server.events.EventFactory;
> import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
> @@ -75,41 +71,17 @@
> import com.google.gerrit.server.util.IdGenerator;
> import com.google.gerrit.server.util.ThreadLocalRequestContext;
> import com.google.gerrit.server.workflow.FunctionState;
> -import com.google.inject.Inject;
> import com.google.inject.TypeLiteral;
>
> import org.apache.velocity.runtime.RuntimeInstance;
> -import org.eclipse.jgit.lib.Config;
>
>
> /** Starts global state with standard dependencies. */
> public class GerritGlobalModule extends FactoryModule {
> - private final AuthType loginType;
> -
> - @Inject
> - GerritGlobalModule(final AuthConfig authConfig,
> - @GerritServerConfig final Config config) {
> - loginType = authConfig.getAuthType();
> - }
>
> @Override
> protected void configure() {
> - switch (loginType) {
> - case HTTP_LDAP:
> - case LDAP:
> - case LDAP_BIND:
> - case CLIENT_SSL_CERT_LDAP:
> - install(new LdapModule());
> - break;
> -
> - case CUSTOM_EXTENSION:
> - break;
> -
> - default:
> - bind(Realm.class).to(DefaultRealm.class);
> - break;
> - }
> -
> + install(new RealmExtensionsModule());
> bind(ApprovalTypes.class).toProvider(ApprovalTypesProvider.class).in(
> SINGLETON);
> bind(EmailExpander.class).toProvider(EmailExpanderProvider.class).in(
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModule.java
> new file mode 100644
> index 0000000..a271cca
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModule.java
> @@ -0,0 +1,20 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.gerrit.server.cache.CacheModule;
> +
> +public abstract class RealmCacheModule extends CacheModule {
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModuleProvider.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModuleProvider.java
> new file mode 100644
> index 0000000..e1a5840
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmCacheModuleProvider.java
> @@ -0,0 +1,37 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.Provider;
> +
> +import javax.inject.Inject;
> +import javax.inject.Singleton;
> +
> +@Singleton
> +class RealmCacheModuleProvider implements Provider<RealmCacheModule> {
> + private final Provider<RealmExtension> rep;
> +
> + @Inject
> + RealmCacheModuleProvider(Provider<RealmExtension> realmExtensionProvider) {
> + rep = realmExtensionProvider;
> + }
> +
> + @Override
> + public RealmCacheModule get() {
> + return rep.get().getCacheModule();
> + }
> +
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionProvider.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionProvider.java
> new file mode 100644
> index 0000000..181b889
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionProvider.java
> @@ -0,0 +1,53 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.common.base.Optional;
> +import com.google.common.base.Predicate;
> +import com.google.common.collect.Iterables;
> +import com.google.gerrit.extensions.registration.DynamicSet;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.Provider;
> +
> +import javax.inject.Inject;
> +import javax.inject.Singleton;
> +
> +@Singleton
> +class RealmExtensionProvider implements Provider<RealmExtension> {
> +
> + private final String authType;
> + private final DynamicSet<RealmExtension> realms;
> +
> + @Inject
> + RealmExtensionProvider(DynamicSet<RealmExtension> realms, AuthConfig authConfig) {
> + this.realms = realms;
> + authType = authConfig.getAuthType();
> + }
> +
> + @Override
> + public RealmExtension get() {
> + Optional<RealmExtension> extension = Iterables.tryFind(realms, new Predicate<RealmExtension>() {
> + public boolean apply(RealmExtension input) {
> + return authType.equalsIgnoreCase(input.getName());
> + };
> + });
> + if (!extension.isPresent()) {
> + // throw exception
> + throw new RuntimeException(String.format("Cannot find Realm provider for name: %s", authType));
> + }
> + return extension.get();
> + }
> +
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionsModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionsModule.java
> new file mode 100644
> index 0000000..e2de856
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmExtensionsModule.java
> @@ -0,0 +1,79 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.common.base.Predicate;
> +import com.google.common.collect.Iterables;
> +import com.google.gerrit.extensions.registration.DynamicSet;
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.AbstractModule;
> +import com.google.inject.Injector;
> +import com.google.inject.name.Names;
> +import com.google.inject.servlet.ServletModule;
> +
> +import org.reflections.Reflections;
> +import org.reflections.util.ClasspathHelper;
> +import org.reflections.util.ConfigurationBuilder;
> +
> +import java.net.URL;
> +import java.util.Set;
> +
> +import javax.annotation.Nullable;
> +import javax.inject.Inject;
> +
> +class RealmExtensionsModule extends AbstractModule {
> +
> + @Inject
> + private Injector injector;
> +
> + @Override
> + protected void configure() {
> + DynamicSet.setOf(binder(), RealmExtension.class);
> +
> + Set<Class<? extends RealmExtension>> modules = findAllRealmExtensions();
> + bindRealmExtensions(modules);
> +
> + bind(Realm.class).toProvider(RealmProvider.class);
> + bind(RealmExtension.class).toProvider(RealmExtensionProvider.class);
> + bind(RealmCacheModule.class).toProvider(RealmCacheModuleProvider.class);
> + bind(ServletModule.class).annotatedWith(RealmWebModule.class).toProvider(
> + RealmWebModuleProvider.class);
> + }
> +
> + private Set<Class<? extends RealmExtension>> findAllRealmExtensions() {
> + Set<URL> classPath = ClasspathHelper.forJavaClassPath();
> + // TODO we should some how limit list of scanned url's, for now we just scan
> + // those that contains 'gerrit'
> + Iterables.removeIf(classPath, new Predicate<URL>() {
> + @Override
> + public boolean apply(@Nullable URL input) {
> + return input == null || !input.getPath().contains("gerrit");
> + }
> + });
> + ConfigurationBuilder config = new ConfigurationBuilder().setUrls(classPath);
> + Reflections reflections = new Reflections(config);
> + Set<Class<? extends RealmExtension>> modules =
> + reflections.getSubTypesOf(RealmExtension.class);
> + return modules;
> + }
> +
> + private void bindRealmExtensions(Set<Class<? extends RealmExtension>> modules) {
> + for (Class<? extends RealmExtension> module : modules) {
> + bind(RealmExtension.class).annotatedWith(Names.named(module.getName()))
> + .to(module);
> + }
> + }
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmProvider.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmProvider.java
> new file mode 100644
> index 0000000..fe8a804
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmProvider.java
> @@ -0,0 +1,41 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.gerrit.server.account.Realm;
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.Injector;
> +
> +import javax.inject.Inject;
> +import javax.inject.Provider;
> +import javax.inject.Singleton;
> +
> +@Singleton
> +class RealmProvider implements Provider<Realm> {
> + private final Injector injector;
> + private final Provider<RealmExtension> rep;
> +
> + @Inject
> + RealmProvider(Provider<RealmExtension> realmExtensionProvider, Injector injector) {
> + rep = realmExtensionProvider;
> + this.injector = injector;
> + }
> +
> + @Override
> + public Realm get() {
> + return injector.getInstance(rep.get().getRealm());
> + }
> +
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModule.java
> new file mode 100644
> index 0000000..9a2697e
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModule.java
> @@ -0,0 +1,26 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import static java.lang.annotation.RetentionPolicy.RUNTIME;
> +
> +import com.google.inject.BindingAnnotation;
> +
> +import java.lang.annotation.Retention;
> +
> +@Retention(RUNTIME)
> +@BindingAnnotation
> +public @interface RealmWebModule {
> +}
> diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModuleProvider.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModuleProvider.java
> new file mode 100644
> index 0000000..f8ec12b
> --- /dev/null
> +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/RealmWebModuleProvider.java
> @@ -0,0 +1,39 @@
> +// Copyright (C) 2012 The Android Open Source Project
> +//
> +// Licensed under the Apache License, Version 2.0 (the "License");
> +// you may not use this file except in compliance with the License.
> +// You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +
> +package com.google.gerrit.server.config;
> +
> +import com.google.gerrit.server.account.RealmExtension;
> +import com.google.inject.Provider;
> +import com.google.inject.servlet.ServletModule;
> +
> +import javax.inject.Inject;
> +import javax.inject.Singleton;
> +
> +@Singleton
> +@RealmWebModule
> +class RealmWebModuleProvider implements Provider<ServletModule> {
> + private Provider<RealmExtension> rep;
> +
> + @Inject
> + RealmWebModuleProvider(Provider<RealmExtension> realmExtensionProvider) {
> + rep = realmExtensionProvider;
> + }
> +
> + @Override
> + public ServletModule get() {
> + return rep.get().getWebModule();
> + }
> +
> +}
> diff --git a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
> index 1a556c2..f377f71 100644
> --- a/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
> +++ b/gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java
> @@ -18,13 +18,10 @@
> import static com.google.inject.Stage.PRODUCTION;
>
> import com.google.gerrit.common.ChangeHookRunner;
> -import com.google.gerrit.httpd.auth.openid.OpenIdModule;
> import com.google.gerrit.httpd.plugins.HttpPluginModule;
> import com.google.gerrit.lifecycle.LifecycleManager;
> import com.google.gerrit.lifecycle.LifecycleModule;
> -import com.google.gerrit.reviewdb.client.AuthType;
> import com.google.gerrit.server.cache.h2.DefaultCacheFactory;
> -import com.google.gerrit.server.config.AuthConfig;
> import com.google.gerrit.server.config.AuthConfigModule;
> import com.google.gerrit.server.config.CanonicalWebUrlModule;
> import com.google.gerrit.server.config.GerritGlobalModule;
> @@ -232,11 +229,6 @@
> modules.add(CacheBasedWebSession.module());
> modules.add(HttpContactStoreConnection.module());
> modules.add(new HttpPluginModule());
> -
> - AuthConfig authConfig = cfgInjector.getInstance(AuthConfig.class);
> - if (authConfig.getAuthType() == AuthType.OPENID) {
> - modules.add(new OpenIdModule());
> - }
>
> return sysInjector.createChildInjector(modules);
> }
> diff --git a/pom.xml b/pom.xml
> index d7b5988..59e1fe7 100644
> --- a/pom.xml
> +++ b/pom.xml
> @@ -843,6 +843,12 @@
> <artifactId>pegdown</artifactId>
> <version>1.1.0</version>
> </dependency>
> +
> + <dependency>
> + <groupId>org.reflections</groupId>
> + <artifactId>reflections</artifactId>
> + <version>0.9.8</version>
> + </dependency>
> </dependencies>
> </dependencyManagement>
>
>
> --
> To view, visit https://gerrit-review.googlesource.com/38560
> To unsubscribe, visit https://gerrit-review.googlesource.com/settings
>
> Gerrit-MessageType: newchange
> Gerrit-Change-Id: I724d7999c2f8d85d9added2fcc6b52a69da2b50e
> Gerrit-PatchSet: 1
> Gerrit-Project: gerrit
> Gerrit-Branch: stable-2.5
> Gerrit-Owner: Dariusz Łuksza <dariusz...@gmail.com>
Dariusz Luksza
Oct 19, 2012, 9:46:33 AM10/19/12
to Luca Milanesio, Dave Borowitz, Edwin Kempin, Saša Živkov, repo-discuss Discussion
On Fri, Oct 19, 2012 at 3:20 PM, Luca Milanesio
<luca.mi...@gmail.com> wrote:
> Looking forward to it: can you add as topic for the next hackathon ?
Done, also added Web UI plugins.
<luca.mi...@gmail.com> wrote:
> Looking forward to it: can you add as topic for the next hackathon ?
--
Best regards
GSM: +49 017 445 41235
Blog: http://luksza.org
LinkedIn: http://www.linkedin.com/in/dariuszluksza
Reply all
Reply to author
Forward
0 new messages