View Javadoc
1   /*
2    * Copyright (C) 2009-2010, Google Inc. and others
3    *
4    * This program and the accompanying materials are made available under the
5    * terms of the Eclipse Distribution License v. 1.0 which is available at
6    * https://www.eclipse.org/org/documents/edl-v10.php.
7    *
8    * SPDX-License-Identifier: BSD-3-Clause
9    */
10  
11  package org.eclipse.jgit.http.server.resolver;
12  
13  import javax.servlet.http.HttpServletRequest;
14  
15  import org.eclipse.jgit.lib.Config;
16  import org.eclipse.jgit.lib.Repository;
17  import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
18  import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
19  
20  /**
21   * Controls access to bare files in a repository.
22   * <p>
23   * Older HTTP clients which do not speak the smart HTTP variant of the Git
24   * protocol fetch from a repository by directly getting its objects and pack
25   * files. This class, along with the {@code http.getanyfile} per-repository
26   * configuration setting, can be used by
27   * {@link org.eclipse.jgit.http.server.GitServlet} to control whether or not
28   * these older clients are permitted to read these direct files.
29   */
30  public class AsIsFileService {
31  	/** Always throws {@link ServiceNotEnabledException}. */
32  	public static final AsIsFileServicelver/AsIsFileService.html#AsIsFileService">AsIsFileService DISABLED = new AsIsFileService() {
33  		@Override
34  		public void access(HttpServletRequest req, Repository db)
35  				throws ServiceNotEnabledException {
36  			throw new ServiceNotEnabledException();
37  		}
38  	};
39  
40  	private static class ServiceConfig {
41  		final boolean enabled;
42  
43  		ServiceConfig(Config cfg) {
44  			enabled = cfg.getBoolean("http", "getanyfile", true);
45  		}
46  	}
47  
48  	/**
49  	 * Determine if {@code http.getanyfile} is enabled in the configuration.
50  	 *
51  	 * @param db
52  	 *            the repository to check.
53  	 * @return {@code false} if {@code http.getanyfile} was explicitly set to
54  	 *         {@code false} in the repository's configuration file; otherwise
55  	 *         {@code true}.
56  	 */
57  	protected static boolean isEnabled(Repository db) {
58  		return db.getConfig().get(ServiceConfig::new).enabled;
59  	}
60  
61  	/**
62  	 * Determine if access to any bare file of the repository is allowed.
63  	 * <p>
64  	 * This method silently succeeds if the request is allowed, or fails by
65  	 * throwing a checked exception if access should be denied.
66  	 * <p>
67  	 * The default implementation of this method checks {@code http.getanyfile},
68  	 * throwing
69  	 * {@link org.eclipse.jgit.transport.resolver.ServiceNotEnabledException} if
70  	 * it was explicitly set to {@code false}, and otherwise succeeding
71  	 * silently.
72  	 *
73  	 * @param req
74  	 *            current HTTP request, in case information from the request may
75  	 *            help determine the access request.
76  	 * @param db
77  	 *            the repository the request would obtain a bare file from.
78  	 * @throws ServiceNotEnabledException
79  	 *             bare file access is not allowed on the target repository, by
80  	 *             any user, for any reason.
81  	 * @throws ServiceNotAuthorizedException
82  	 *             bare file access is not allowed for this HTTP request and
83  	 *             repository, such as due to a permission error.
84  	 */
85  	public void access(HttpServletRequest req, Repository db)
86  			throws ServiceNotEnabledException, ServiceNotAuthorizedException {
87  		if (!isEnabled(db))
88  			throw new ServiceNotEnabledException();
89  	}
90  }