Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [egit-dev] Cloning with EGit from Gerrit via http now ask for the PW 
Thanks for the discussion. Possible solutions sound like they would
cause too much effort.  While this makes the entry for new
contributors a little bit higher, I think it is not worth the effort.

On Mon, Jul 3, 2017 at 8:29 AM, Thomas Wolf <thomas.wolf@xxxxxxxxxx> wrote:
>
> On Jun 30, 2017, at 00:32 , Matthias Sohn wrote:
>
> https://git.eclipse.org/r allows read access by anonymous users, see
> permissions settings in [1].
> URL suffix /a enforces (digest or basic) authentication and is typically
> used for access to the REST API [2] where
> a logon screen is not suitable since the REST API is usually accessed
> programmatically.
> If a user logs on to the WebUI via logon screen a session cookie is
> representing the security session.
>
> [1] https://git.eclipse.org/r/#/admin/projects/All-Projects,access
> [2] https://git.eclipse.org/r/Documentation/rest-api.html#authentication
>
>
> Right, REST authentication was the reason.
>
> I took a look at the Gerrit code in GitOverHttpModule and related classes.
> If we wanted
> /a to not request authentication for fetching (& cloning), I think there's
> two options only:
>
> 1. Change the filter setup there such that GET & POST requests to the
> git-upload-pack
>    endpoint are not routed through Gerrit's authentication filter, or
> 2. rewrite the requests in the Apache front-end (I presume there _is_
> one...) via modrewrite
>    or some such so that GET & POST requests to
> "/a/....?service=git-upload-pack" have
>    the /a stripped before they even get to Gerrit.
>
> (1) would require a change in Gerrit; (2) would require a change in the
> Eclipse Foundation's
> web setup for Gerrit.
>
> In either case more URLs might need to be excluded from requesting
> authentication. For instance,
> one probably would also want to allow a "git ls-remote" to pass without
> authentication.
>
> Caveat: I don't know how the Eclipse Gerrit is run; if it's using
> container-based authentication,
> something else might need to be done, and perhaps there are reasons why all
> this would not be
> feasible at all.
>
> _______________________________________________
> egit-dev mailing list
> egit-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/egit-dev



-- 
Eclipse Platform UI and e4 project co-lead
CEO vogella GmbH

Haindaalwisch 17a, 22395 Hamburg
Amtsgericht Hamburg: HRB 127058
Geschäftsführer: Lars Vogel, Jennifer Nerlich de Vogel
USt-IdNr.: DE284122352
Fax (040) 5247 6322, Email: lars.vogel@xxxxxxxxxxx, Web: http://www.vogella.com

Back to the top