123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 |
- /*
- * Copyright (C) 2009-2010, Google Inc.
- * and other copyright owners as documented in the project's IP log.
- *
- * This program and the accompanying materials are made available
- * under the terms of the Eclipse Distribution License v1.0 which
- * accompanies this distribution, is reproduced below, and is
- * available at http://www.eclipse.org/org/documents/edl-v10.php
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or
- * without modification, are permitted provided that the following
- * conditions are met:
- *
- * - Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * - Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * - Neither the name of the Eclipse Foundation, Inc. nor the
- * names of its contributors may be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
- package org.eclipse.jgit.http.server.resolver;
-
- import javax.servlet.http.HttpServletRequest;
-
- import org.eclipse.jgit.lib.Config;
- import org.eclipse.jgit.lib.Repository;
- import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
- import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
-
- /**
- * Controls access to bare files in a repository.
- * <p>
- * Older HTTP clients which do not speak the smart HTTP variant of the Git
- * protocol fetch from a repository by directly getting its objects and pack
- * files. This class, along with the {@code http.getanyfile} per-repository
- * configuration setting, can be used by
- * {@link org.eclipse.jgit.http.server.GitServlet} to control whether or not
- * these older clients are permitted to read these direct files.
- */
- public class AsIsFileService {
- /** Always throws {@link ServiceNotEnabledException}. */
- public static final AsIsFileService DISABLED = new AsIsFileService() {
- @Override
- public void access(HttpServletRequest req, Repository db)
- throws ServiceNotEnabledException {
- throw new ServiceNotEnabledException();
- }
- };
-
- private static class ServiceConfig {
- final boolean enabled;
-
- ServiceConfig(Config cfg) {
- enabled = cfg.getBoolean("http", "getanyfile", true);
- }
- }
-
- /**
- * Determine if {@code http.getanyfile} is enabled in the configuration.
- *
- * @param db
- * the repository to check.
- * @return {@code false} if {@code http.getanyfile} was explicitly set to
- * {@code false} in the repository's configuration file; otherwise
- * {@code true}.
- */
- protected static boolean isEnabled(Repository db) {
- return db.getConfig().get(ServiceConfig::new).enabled;
- }
-
- /**
- * Determine if access to any bare file of the repository is allowed.
- * <p>
- * This method silently succeeds if the request is allowed, or fails by
- * throwing a checked exception if access should be denied.
- * <p>
- * The default implementation of this method checks {@code http.getanyfile},
- * throwing
- * {@link org.eclipse.jgit.transport.resolver.ServiceNotEnabledException} if
- * it was explicitly set to {@code false}, and otherwise succeeding
- * silently.
- *
- * @param req
- * current HTTP request, in case information from the request may
- * help determine the access request.
- * @param db
- * the repository the request would obtain a bare file from.
- * @throws ServiceNotEnabledException
- * bare file access is not allowed on the target repository, by
- * any user, for any reason.
- * @throws ServiceNotAuthorizedException
- * bare file access is not allowed for this HTTP request and
- * repository, such as due to a permission error.
- */
- public void access(HttpServletRequest req, Repository db)
- throws ServiceNotEnabledException, ServiceNotAuthorizedException {
- if (!isEnabled(db))
- throw new ServiceNotEnabledException();
- }
- }
|