Add a new exception type that server implementations can throw when a client attempts to make an unauthorized LFS operation, which will result in HTTP 401 Unauthorized being returned to the client. An example of this is a Gerrit server that rejects a request to perform an LFS operation on a ref that is not visible to the caller. As defined in the LFS spec [1] the request may include authentication, and per RFC 2616 [2], "401 response indicates that authorization has been refused for those credentials". [1] https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md [2] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Change-Id: I2aa22e2144df5fb7972df0e3285b77b08ecc63f2 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>tags/v4.7.0.201704051617-r
@@ -49,6 +49,7 @@ import static org.apache.http.HttpStatus.SC_INTERNAL_SERVER_ERROR; | |||
import static org.apache.http.HttpStatus.SC_NOT_FOUND; | |||
import static org.apache.http.HttpStatus.SC_OK; | |||
import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE; | |||
import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; | |||
import static org.apache.http.HttpStatus.SC_UNPROCESSABLE_ENTITY; | |||
import java.io.BufferedReader; | |||
@@ -71,6 +72,7 @@ import org.eclipse.jgit.lfs.errors.LfsInsufficientStorage; | |||
import org.eclipse.jgit.lfs.errors.LfsRateLimitExceeded; | |||
import org.eclipse.jgit.lfs.errors.LfsRepositoryNotFound; | |||
import org.eclipse.jgit.lfs.errors.LfsRepositoryReadOnly; | |||
import org.eclipse.jgit.lfs.errors.LfsUnauthorized; | |||
import org.eclipse.jgit.lfs.errors.LfsUnavailable; | |||
import org.eclipse.jgit.lfs.errors.LfsValidationError; | |||
@@ -201,6 +203,8 @@ public abstract class LfsProtocolServlet extends HttpServlet { | |||
sendError(res, w, SC_INSUFFICIENT_STORAGE, e.getMessage()); | |||
} catch (LfsUnavailable e) { | |||
sendError(res, w, SC_SERVICE_UNAVAILABLE, e.getMessage()); | |||
} catch (LfsUnauthorized e) { | |||
sendError(res, w, SC_UNAUTHORIZED, e.getMessage()); | |||
} catch (LfsException e) { | |||
sendError(res, w, SC_INTERNAL_SERVER_ERROR, e.getMessage()); | |||
} finally { |
@@ -7,3 +7,4 @@ requiredHashFunctionNotAvailable=Required hash function {0} not available. | |||
repositoryNotFound=Repository {0} not found | |||
repositoryReadOnly=Repository {0} is read-only | |||
lfsUnavailable=LFS is not available for repository {0} | |||
lfsUnathorized=Not authorized to perform operation {0} on repository {1} |
@@ -0,0 +1,68 @@ | |||
/* | |||
* Copyright (C) 2017, David Pursehouse <david.pursehouse@gmail.com> | |||
* and other copyright owners as documented in the project's IP log. | |||
* | |||
* This program and the accompanying materials are made available | |||
* under the terms of the Eclipse Distribution License v1.0 which | |||
* accompanies this distribution, is reproduced below, and is | |||
* available at http://www.eclipse.org/org/documents/edl-v10.php | |||
* | |||
* All rights reserved. | |||
* | |||
* Redistribution and use in source and binary forms, with or | |||
* without modification, are permitted provided that the following | |||
* conditions are met: | |||
* | |||
* - Redistributions of source code must retain the above copyright | |||
* notice, this list of conditions and the following disclaimer. | |||
* | |||
* - Redistributions in binary form must reproduce the above | |||
* copyright notice, this list of conditions and the following | |||
* disclaimer in the documentation and/or other materials provided | |||
* with the distribution. | |||
* | |||
* - Neither the name of the Eclipse Foundation, Inc. nor the | |||
* names of its contributors may be used to endorse or promote | |||
* products derived from this software without specific prior | |||
* written permission. | |||
* | |||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND | |||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, | |||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | |||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | |||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |||
*/ | |||
package org.eclipse.jgit.lfs.errors; | |||
import java.text.MessageFormat; | |||
import org.eclipse.jgit.lfs.internal.LfsText; | |||
/** | |||
* Thrown when authorization was refused for an LFS operation. | |||
* | |||
* @since 4.7 | |||
*/ | |||
public class LfsUnauthorized extends LfsException { | |||
private static final long serialVersionUID = 1L; | |||
/** | |||
* @param operation | |||
* the operation that was attempted. | |||
* @param name | |||
* the repository name. | |||
*/ | |||
public LfsUnauthorized(String operation, String name) { | |||
super(MessageFormat.format(LfsText.get().lfsUnathorized, operation, | |||
name)); | |||
} | |||
} |
@@ -67,4 +67,5 @@ public class LfsText extends TranslationBundle { | |||
/***/ public String repositoryNotFound; | |||
/***/ public String repositoryReadOnly; | |||
/***/ public String lfsUnavailable; | |||
/***/ public String lfsUnathorized; | |||
} |