Fixed

Bug

Status Update

No update yet.

Description

lu...@gmail.com

created issue #1

Jan 10, 2025 10:21AM

*** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!! *** Do not submit bugs for chrome/android and issues with your company's *** Gerrit setup here. Those issues belong in different issue trackers.

What steps will reproduce the problem?

Start Gerrit with any plugin loaded that uses the HTTP injector
Trigger the reload of the plugin using the reload plugin REST-API

What is the expected output?

The plugin is reloaded and no errors are thrown in the error_log.

What do you see instead?

The plugin is reloaded, however the error log contains the following error:

1) [Guice/ErrorInCustomProvider]: OutOfScopeException: Cannot access scoped [WebSession]. Either we are not currently inside an HTTP Servlet request, or you may have forgotten to apply GuiceFilter as a servlet filter for this request.
  at DynamicItem.bind(DynamicItem.java:111)
  while locating WebSession

Learn more:
  https://github.com/google/guice/wiki/ERROR_IN_CUSTOM_PROVIDER

1 error

======================
Full classname legend:
======================
DynamicItem:         "com.google.gerrit.extensions.registration.DynamicItem"
GuiceFilter:         "com.google.inject.servlet.GuiceFilter"
OutOfScopeException: "com.google.inject.OutOfScopeException"
WebSession:          "com.google.gerrit.httpd.WebSession"

Please provide any additional information below.

This seems to be caused by the invocation of the REST-API outside a proper scope with a WebSession, due to the HTTP audit record requesting the session-id.

See the relevant code below in RestApiServlet.java

        globals.auditService.dispatch(
            new ExtendedHttpAuditEvent(
                globals.webSession.get().getSessionId(),
                globals.currentUser.get(),
                req,
                auditStartTs,
                qp != null ? qp.params() : ImmutableListMultimap.of(),
                inputRequestBody,
                statusCode,
                response,
                rsrc,
                viewData == null ? null : viewData.view));
      }

Comments

ap...@google.com <ap...@google.com> #2Jan 10, 2025 07:11PM

Project: gerrit
Branch: stable-3.10
Author: Luca Milanesio <luca.milanesio@gmail.com>
Link: https://gerrit-review.googlesource.com/447503

Audit: fetch current user and sessionId at the beginning of the REST API

Expand for full commit details

Audit: fetch current user and sessionId at the beginning of the REST API 
 
Before this change, the current user and sessionId for the audit 
trail of the REST API were fetched at the end of the execution. 
 
For regular REST API execution, there are no specific issues in fetching 
user and sessionId at any time; however, when running the plugin-reload 
API, the Guice injections can be amended and influenced by the plugin 
loader, therefore the request to fetch the sessionId and user at the 
end of the API may fail, assuming that the plugin has impacted 
the HTTP-related injections. 
 
An example of the failure to reload the pull-replicaton plugin is: 
 
1) [Guice/ErrorInCustomProvider]: OutOfScopeException: 
   Cannot access scoped [WebSession]. Either we are not currently inside 
   an HTTP Servlet request, or you may have forgotten to apply 
   GuiceFilter as a servlet filter for this request. 
 
   at DynamicItem.bind(DynamicItem.java:111) while locating WebSession 
 
Learn more: 
  https://github.com/google/guice/wiki/ERROR_IN_CUSTOM_PROVIDER 
 
Retrieve the user and sessionId at the beginning of the REST-API 
servlet service method, making sure that the values are the same 
across the whole API invocation. 
 
Bug: Issue 388863156 
Release-Notes: Fix OutOfScopeException when reloading plugins via REST-API 
Change-Id: I8e61044e969bbad0267ddb63a5615936f64094cd

Files:

M java/com/google/gerrit/httpd/restapi/RestApiServlet.java

Hash: 8e5c1c6e454d02b1a4bb61b700647ae6cc4ed94e
Date: Fri Jan 10 14:07:43 2025

sy...@gmail.com <sy...@gmail.com> Jan 13, 2025 04:03PM

Marked as fixed, reassigned to sy...@gmail.com.

Issue 388863156