RBC
diff --git a/‎README.md‎
Lines changed: 6 additions & 4 deletions b/‎README.md‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎jgit-proxy-jetty/CONFIGURATION.md‎
Lines changed: 130 additions & 0 deletions b/‎jgit-proxy-jetty/CONFIGURATION.md‎
Lines changed: 130 additions & 0 deletions
diff --git a/‎jgit-proxy-jetty/build.gradle‎
Lines changed: 3 additions & 0 deletions b/‎jgit-proxy-jetty/build.gradle‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎jgit-proxy-jetty/src/main/java/org/finos/gitproxy/jetty/GitProxyJettyApplication.java‎
Lines changed: 29 additions & 35 deletions b/‎jgit-proxy-jetty/src/main/java/org/finos/gitproxy/jetty/GitProxyJettyApplication.java‎
Lines changed: 29 additions & 35 deletions
@@ -66,10 +66,12 @@ The core module provides pluggable configuration through:
 - Default in-memory implementations
 
 ### Jetty Module
-Configuration is done programmatically in the `GitProxyJettyApplication` class. You can:
-- Add/remove providers
-- Configure filters
-- Set up whitelists
+The Jetty module uses YAML-based configuration loaded from `git-proxy.yml` and `git-proxy-local.yml`:
+- **Providers**: Configure GitHub, GitLab, Bitbucket, and custom providers
+- **Filters**: Configure whitelist filters for repository access control
+- **Environment overrides**: Use `GITPROXY_` prefixed environment variables
+
+See [`jgit-proxy-jetty/CONFIGURATION.md`](jgit-proxy-jetty/CONFIGURATION.md) for detailed configuration options.
 
 ### Spring Module
 Configuration is done through:
 
@@ -0,0 +1,130 @@
+# Jetty Module Configuration
+
+The Jetty server implementation uses YAML-based configuration to dynamically configure providers, filters, and server settings. This is separate from the Spring Boot configuration (`application.yml`).
+
+## Configuration Files
+
+| File | Purpose |
+|------|---------|
+| `git-proxy.yml` | Base configuration shipped with the jar |
+| `git-proxy-local.yml` | Local overrides for development (optional) |
+
+Files are loaded from the classpath in order, with `git-proxy-local.yml` values taking priority.
+
+## Environment Variable Overrides
+
+Configuration values can be overridden using environment variables with the `GITPROXY_` prefix:
+
+| Environment Variable | Configuration Key | Example |
+|---|---|---|
+| `GITPROXY_SERVER_PORT` | `server.port` | `9090` |
+| `GITPROXY_GITPROXY_BASEPATH` | `git-proxy.base-path` | `/git` |
+| `GITPROXY_PROVIDERS_<NAME>_ENABLED` | `git-proxy.providers.<name>.enabled` | `true` |
+
+> **Note:** Whitelist filter configuration is not supported via environment variables due to its complex nested structure. Use YAML files instead.
+
+## Server Settings
+
+```yaml
+server:
+  port: 8080
+```
+
+## Provider Configuration
+
+Providers define the upstream Git hosting services to proxy. Built-in providers (github, gitlab, bitbucket) use well-known URIs. Custom providers require an explicit URI.
+
+```yaml
+git-proxy:
+  providers:
+    # Built-in providers (use well-known URIs)
+    github:
+      enabled: true
+    gitlab:
+      enabled: true
+    bitbucket:
+      enabled: true
+
+    # Custom provider with explicit URI
+    internal-gitlab:
+      enabled: true
+      servlet-path: /enterprise
+      uri: https://gitlab.internal.example.com
+
+    # Another custom provider
+    debian-gitlab:
+      enabled: true
+      servlet-path: /debian
+      uri: https://salsa.debian.org/
+```
+
+### Provider Properties
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `enabled` | boolean | `true` | Whether the provider is active |
+| `servlet-path` | string | `""` | Additional path prefix for the provider |
+| `uri` | string | _(built-in default)_ | Base URI for the upstream Git server |
+
+## Filter Configuration
+
+### Whitelist Filters
+
+Whitelist filters control which repositories are allowed to be accessed through the proxy. Multiple whitelists can be defined, each scoped to specific providers and operations.
+
+```yaml
+git-proxy:
+  filters:
+    whitelists:
+      # Allow specific repos by slug (owner/name)
+      - enabled: true
+        order: 1100
+        operations:
+          - FETCH
+          - PUSH
+        providers:
+          - github
+        slugs:
+          - finos/git-proxy
+          - coopernetes/test-repo
+
+      # Allow all repos from an owner
+      - enabled: true
+        order: 1200
+        operations:
+          - FETCH
+        providers:
+          - github
+        owners:
+          - finos
+
+      # Allow repos by name across all providers
+      - enabled: true
+        order: 1300
+        operations:
+          - FETCH
+        names:
+          - hello-world
+```
+
+### Whitelist Properties
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `enabled` | boolean | `true` | Whether this whitelist is active |
+| `order` | int | `1100` | Filter execution order (1000-1999 range) |
+| `operations` | list | _none_ | Git operations to match: `FETCH`, `PUSH` |
+| `providers` | list | _all_ | Provider names this whitelist applies to |
+| `slugs` | list | _none_ | Repository slugs (e.g., `owner/repo`) |
+| `owners` | list | _none_ | Repository owners/orgs |
+| `names` | list | _none_ | Repository names |
+
+## Running
+
+```shell
+# Default configuration
+./gradlew :jgit-proxy-jetty:run
+
+# Override port via environment variable
+GITPROXY_SERVER_PORT=9090 ./gradlew :jgit-proxy-jetty:run
+```
@@ -27,6 +27,9 @@ dependencies {
     // Core module
     implementation project(':jgit-proxy-core')
 
+    // YAML configuration
+    implementation 'org.yaml:snakeyaml:2.2'
+    
     // Lombok
     compileOnly 'org.projectlombok:lombok:1.18.34'
     annotationProcessor 'org.projectlombok:lombok:1.18.34'
 
@@ -1,7 +1,6 @@
 package org.finos.gitproxy.jetty;
 
 import jakarta.servlet.DispatcherType;
-import java.util.ArrayList;
 import java.util.EnumSet;
 import java.util.List;
 import lombok.extern.slf4j.Slf4j;
@@ -13,41 +12,47 @@
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.finos.gitproxy.config.InMemoryProviderConfigurationSource;
 import org.finos.gitproxy.git.LocalRepositoryCache;
-import org.finos.gitproxy.provider.BitbucketProvider;
-import org.finos.gitproxy.provider.GitHubProvider;
-import org.finos.gitproxy.provider.GitLabProvider;
+import org.finos.gitproxy.jetty.config.JettyConfigurationBuilder;
+import org.finos.gitproxy.jetty.config.JettyConfigurationLoader;
 import org.finos.gitproxy.provider.GitProxyProvider;
 import org.finos.gitproxy.servlet.GitProxyServlet;
 import org.finos.gitproxy.servlet.filter.*;
 
 /**
- * Standalone Jetty server application for the JGit proxy. This application uses the core module's reusable servlet and
- * filter code to create a standalone proxy server without Spring dependencies.
+ * Standalone Jetty server application for the JGit proxy. This application uses YAML-based configuration loaded from
+ * {@code git-proxy.yml} and {@code git-proxy-local.yml} to dynamically configure providers and filters.
+ *
+ * <p>Configuration can be overridden using environment variables with the {@code GITPROXY_} prefix. See
+ * {@link JettyConfigurationLoader} for details.
  */
 @Slf4j
 public class GitProxyJettyApplication {
 
     public static void main(String[] args) throws Exception {
         log.info("Starting JGit Proxy Jetty Application...");
 
+        // Load configuration from YAML files and environment variables
+        var configLoader = new JettyConfigurationLoader();
+        var configBuilder = new JettyConfigurationBuilder(configLoader);
+
         // Create thread pool for the server
         var threadPool = new QueuedThreadPool();
         threadPool.setName("jgit-proxy-server");
 
         // Create the Jetty server
         var server = new Server(threadPool);
 
-        // Configure connector
+        // Configure connector using configured port
         var connector = new ServerConnector(server);
-        connector.setPort(getPort());
+        connector.setPort(configBuilder.getServerPort());
         server.addConnector(connector);
 
         // Initialize the local repository cache
         var repositoryCache = new LocalRepositoryCache();
         log.info("Initialized LocalRepositoryCache");
 
-        // Configure providers
-        List<GitProxyProvider> providers = createProviders();
+        // Configure providers from YAML configuration
+        List<GitProxyProvider> providers = configBuilder.buildProviders();
         var providerConfig = new InMemoryProviderConfigurationSource(providers);
 
         // Create servlet context
@@ -57,7 +62,7 @@ public static void main(String[] args) throws Exception {
         for (GitProxyProvider provider : providerConfig.getProviders()) {
             log.info("Registering proxy for provider: {}", provider.getName());
             registerProxyServlet(context, provider);
-            registerFilters(context, provider, repositoryCache);
+            registerFilters(context, provider, repositoryCache, configBuilder);
         }
 
         server.setHandler(context);
@@ -72,22 +77,6 @@ public static void main(String[] args) throws Exception {
         server.join();
     }
 
-    private static int getPort() {
-        String portStr = System.getProperty("port", System.getenv().getOrDefault("PORT", "8080"));
-        return Integer.parseInt(portStr);
-    }
-
-    private static List<GitProxyProvider> createProviders() {
-        List<GitProxyProvider> providers = new ArrayList<>();
-
-        // Add default providers
-        providers.add(new GitHubProvider(""));
-        providers.add(new GitLabProvider(""));
-        providers.add(new BitbucketProvider(""));
-
-        return providers;
-    }
-
     private static void registerProxyServlet(ServletContextHandler context, GitProxyProvider provider) {
         var proxyServlet = new GitProxyServlet();
         var proxyServletHolder = new ServletHolder(proxyServlet);
@@ -99,7 +88,10 @@ private static void registerProxyServlet(ServletContextHandler context, GitProxy
     }
 
     private static void registerFilters(
-            ServletContextHandler context, GitProxyProvider provider, LocalRepositoryCache repositoryCache) {
+            ServletContextHandler context,
+            GitProxyProvider provider,
+            LocalRepositoryCache repositoryCache,
+            JettyConfigurationBuilder configBuilder) {
         String urlPattern = provider.servletMapping();
 
         // Force Git client filter (must be first)
@@ -120,13 +112,15 @@ private static void registerFilters(
         enrichCommitsFilterHolder.setAsyncSupported(true);
         context.addFilter(enrichCommitsFilterHolder, urlPattern, EnumSet.of(DispatcherType.REQUEST));
 
-        // Example whitelist filter (can be configured based on requirements)
-        var whitelistFilters = List.of(new WhitelistByUrlFilter(
-                1100, provider, List.of("finos/git-proxy", "coopernetes/test-repo"), RepositoryUrlFilter.Target.SLUG));
-        var whitelistAggregateFilter = new WhitelistAggregateFilter(1000, provider, whitelistFilters);
-        var whitelistAggFilterHolder = new FilterHolder(whitelistAggregateFilter);
-        whitelistAggFilterHolder.setAsyncSupported(true);
-        context.addFilter(whitelistAggFilterHolder, urlPattern, EnumSet.of(DispatcherType.REQUEST));
+        // Whitelist filters from configuration
+        List<WhitelistByUrlFilter> whitelistFilters = configBuilder.buildWhitelistFilters(provider);
+        if (!whitelistFilters.isEmpty()) {
+            var whitelistAggregateFilter = new WhitelistAggregateFilter(1000, provider, whitelistFilters);
+            var whitelistAggFilterHolder = new FilterHolder(whitelistAggregateFilter);
+            whitelistAggFilterHolder.setAsyncSupported(true);
+            context.addFilter(whitelistAggFilterHolder, urlPattern, EnumSet.of(DispatcherType.REQUEST));
+            log.info("Registered {} whitelist filter(s) for provider {}", whitelistFilters.size(), provider.getName());
+        }
 
         // Audit filter (should be last)
         var auditFilter = new AuditLogFilter();