public class WebModule extends ServletModule {
final static String ALL = "/*";
- private boolean isGO;
-
- public WebModule(boolean isGO) {
- this.isGO=isGO;
- }
@Override
protected void configureServlets() {
serve(Constants.PT_PATH).with(PtServlet.class);
serve("/robots.txt").with(RobotsTxtServlet.class);
serve("/logo.png").with(LogoServlet.class);
- if(isGO)
- {
- /* Prevent accidental access to 'resources' such as GitBlit java classes
- *
- * In the GO setup the JAR containing the application and the WAR injected
- * into Jetty are the same file. However Jetty expects to serve the entire WAR
- * contents, except the WEB-INF folder. Thus, all java binary classes in the
- * JAR are served by default as is they were legitimate resources.
- *
- * The below servlet mappings prevent that behavior
- */
- serve(fuzzy("/com/")).with(AccessDeniedServlet.class);
- serve(fuzzy("/org/")).with(AccessDeniedServlet.class);
- }
+
+ /* Prevent accidental access to 'resources' such as GitBlit java classes
+ *
+ * In the GO setup the JAR containing the application and the WAR injected
+ * into Jetty are the same file. However Jetty expects to serve the entire WAR
+ * contents, except the WEB-INF folder. Thus, all java binary classes in the
+ * JAR are served by default as is they were legitimate resources.
+ *
+ * The below servlet mappings prevent that behavior
+ */
+ serve(fuzzy("/com/")).with(AccessDeniedServlet.class);
+
// global filters
filter(ALL).through(ProxyFilter.class);
filter(ALL).through(EnforceAuthenticationFilter.class);
projects / gitblit.git / commitdiff