View Javadoc
1   /*
2    * Copyright (C) 2009-2010, Google Inc.
3    * and other copyright owners as documented in the project's IP log.
4    *
5    * This program and the accompanying materials are made available
6    * under the terms of the Eclipse Distribution License v1.0 which
7    * accompanies this distribution, is reproduced below, and is
8    * available at http://www.eclipse.org/org/documents/edl-v10.php
9    *
10   * All rights reserved.
11   *
12   * Redistribution and use in source and binary forms, with or
13   * without modification, are permitted provided that the following
14   * conditions are met:
15   *
16   * - Redistributions of source code must retain the above copyright
17   *   notice, this list of conditions and the following disclaimer.
18   *
19   * - Redistributions in binary form must reproduce the above
20   *   copyright notice, this list of conditions and the following
21   *   disclaimer in the documentation and/or other materials provided
22   *   with the distribution.
23   *
24   * - Neither the name of the Eclipse Foundation, Inc. nor the
25   *   names of its contributors may be used to endorse or promote
26   *   products derived from this software without specific prior
27   *   written permission.
28   *
29   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
30   * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
31   * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
34   * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
35   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
36   * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
37   * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
38   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
41   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42   */
43  
44  package org.eclipse.jgit.http.server.resolver;
45  
46  import javax.servlet.http.HttpServletRequest;
47  
48  import org.eclipse.jgit.http.server.GitServlet;
49  import org.eclipse.jgit.lib.Config;
50  import org.eclipse.jgit.lib.Config.SectionParser;
51  import org.eclipse.jgit.lib.Repository;
52  import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
53  import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
54  
55  /**
56   * Controls access to bare files in a repository.
57   * <p>
58   * Older HTTP clients which do not speak the smart HTTP variant of the Git
59   * protocol fetch from a repository by directly getting its objects and pack
60   * files. This class, along with the {@code http.getanyfile} per-repository
61   * configuration setting, can be used by {@link GitServlet} to control whether
62   * or not these older clients are permitted to read these direct files.
63   */
64  public class AsIsFileService {
65  	/** Always throws {@link ServiceNotEnabledException}. */
66  	public static final AsIsFileService DISABLED = new AsIsFileService() {
67  		@Override
68  		public void access(HttpServletRequest req, Repository db)
69  				throws ServiceNotEnabledException {
70  			throw new ServiceNotEnabledException();
71  		}
72  	};
73  
74  	private static final SectionParser<ServiceConfig> CONFIG = new SectionParser<ServiceConfig>() {
75  		@Override
76  		public ServiceConfig parse(final Config cfg) {
77  			return new ServiceConfig(cfg);
78  		}
79  	};
80  
81  	private static class ServiceConfig {
82  		final boolean enabled;
83  
84  		ServiceConfig(final Config cfg) {
85  			enabled = cfg.getBoolean("http", "getanyfile", true);
86  		}
87  	}
88  
89  	/**
90  	 * Determine if {@code http.getanyfile} is enabled in the configuration.
91  	 *
92  	 * @param db
93  	 *            the repository to check.
94  	 * @return {@code false} if {@code http.getanyfile} was explicitly set to
95  	 *         {@code false} in the repository's configuration file; otherwise
96  	 *         {@code true}.
97  	 */
98  	protected static boolean isEnabled(Repository db) {
99  		return db.getConfig().get(CONFIG).enabled;
100 	}
101 
102 	/**
103 	 * Determine if access to any bare file of the repository is allowed.
104 	 * <p>
105 	 * This method silently succeeds if the request is allowed, or fails by
106 	 * throwing a checked exception if access should be denied.
107 	 * <p>
108 	 * The default implementation of this method checks {@code http.getanyfile},
109 	 * throwing {@link ServiceNotEnabledException} if it was explicitly set to
110 	 * {@code false}, and otherwise succeeding silently.
111 	 *
112 	 * @param req
113 	 *            current HTTP request, in case information from the request may
114 	 *            help determine the access request.
115 	 * @param db
116 	 *            the repository the request would obtain a bare file from.
117 	 * @throws ServiceNotEnabledException
118 	 *             bare file access is not allowed on the target repository, by
119 	 *             any user, for any reason.
120 	 * @throws ServiceNotAuthorizedException
121 	 *             bare file access is not allowed for this HTTP request and
122 	 *             repository, such as due to a permission error.
123 	 */
124 	public void access(HttpServletRequest req, Repository db)
125 			throws ServiceNotEnabledException, ServiceNotAuthorizedException {
126 		if (!isEnabled(db))
127 			throw new ServiceNotEnabledException();
128 	}
129 }