From 4569263c04acd5c444c7e9596efdd3e9758d04d9 Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Wed, 1 Sep 2021 12:45:56 -0500 Subject: [PATCH] ARTEMIS-3454 prevent directory listing for deployed web apps --- .../apache/activemq/artemis/component/WebServerComponent.java | 1 + 1 file changed, 1 insertion(+) diff --git a/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java b/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java index e21191cb34..c03a3fe354 100644 --- a/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java +++ b/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java @@ -147,6 +147,7 @@ public class WebServerComponent implements ExternalComponent { dirToUse = instanceWarDir; } WebAppContext webContext = deployWar(app.url, app.war, dirToUse); + webContext.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false"); webContexts.add(webContext); if (app.war.startsWith("console")) { consoleUrl = webServerConfig.bind + "/" + app.url;