1 /* 2 * Copyright (C) 2009-2010, Google Inc. 3 * and other copyright owners as documented in the project's IP log. 4 * 5 * This program and the accompanying materials are made available 6 * under the terms of the Eclipse Distribution License v1.0 which 7 * accompanies this distribution, is reproduced below, and is 8 * available at http://www.eclipse.org/org/documents/edl-v10.php 9 * 10 * All rights reserved. 11 * 12 * Redistribution and use in source and binary forms, with or 13 * without modification, are permitted provided that the following 14 * conditions are met: 15 * 16 * - Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 19 * - Redistributions in binary form must reproduce the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer in the documentation and/or other materials provided 22 * with the distribution. 23 * 24 * - Neither the name of the Eclipse Foundation, Inc. nor the 25 * names of its contributors may be used to endorse or promote 26 * products derived from this software without specific prior 27 * written permission. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 30 * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 31 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 32 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 34 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 35 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 36 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 37 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 38 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 41 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 42 */ 43 44 package org.eclipse.jgit.http.server.resolver; 45 46 import javax.servlet.http.HttpServletRequest; 47 48 import org.eclipse.jgit.lib.Config; 49 import org.eclipse.jgit.lib.Repository; 50 import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException; 51 import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException; 52 53 /** 54 * Controls access to bare files in a repository. 55 * <p> 56 * Older HTTP clients which do not speak the smart HTTP variant of the Git 57 * protocol fetch from a repository by directly getting its objects and pack 58 * files. This class, along with the {@code http.getanyfile} per-repository 59 * configuration setting, can be used by 60 * {@link org.eclipse.jgit.http.server.GitServlet} to control whether or not 61 * these older clients are permitted to read these direct files. 62 */ 63 public class AsIsFileService { 64 /** Always throws {@link ServiceNotEnabledException}. */ 65 public static final AsIsFileService DISABLED = new AsIsFileService() { 66 @Override 67 public void access(HttpServletRequest req, Repository db) 68 throws ServiceNotEnabledException { 69 throw new ServiceNotEnabledException(); 70 } 71 }; 72 73 private static class ServiceConfig { 74 final boolean enabled; 75 76 ServiceConfig(Config cfg) { 77 enabled = cfg.getBoolean("http", "getanyfile", true); 78 } 79 } 80 81 /** 82 * Determine if {@code http.getanyfile} is enabled in the configuration. 83 * 84 * @param db 85 * the repository to check. 86 * @return {@code false} if {@code http.getanyfile} was explicitly set to 87 * {@code false} in the repository's configuration file; otherwise 88 * {@code true}. 89 */ 90 protected static boolean isEnabled(Repository db) { 91 return db.getConfig().get(ServiceConfig::new).enabled; 92 } 93 94 /** 95 * Determine if access to any bare file of the repository is allowed. 96 * <p> 97 * This method silently succeeds if the request is allowed, or fails by 98 * throwing a checked exception if access should be denied. 99 * <p> 100 * The default implementation of this method checks {@code http.getanyfile}, 101 * throwing 102 * {@link org.eclipse.jgit.transport.resolver.ServiceNotEnabledException} if 103 * it was explicitly set to {@code false}, and otherwise succeeding 104 * silently. 105 * 106 * @param req 107 * current HTTP request, in case information from the request may 108 * help determine the access request. 109 * @param db 110 * the repository the request would obtain a bare file from. 111 * @throws ServiceNotEnabledException 112 * bare file access is not allowed on the target repository, by 113 * any user, for any reason. 114 * @throws ServiceNotAuthorizedException 115 * bare file access is not allowed for this HTTP request and 116 * repository, such as due to a permission error. 117 */ 118 public void access(HttpServletRequest req, Repository db) 119 throws ServiceNotEnabledException, ServiceNotAuthorizedException { 120 if (!isEnabled(db)) 121 throw new ServiceNotEnabledException(); 122 } 123 }