Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

438434 ResourceHandler checks aliases

This commit is contained in:
Greg Wilkins 2014-06-27 21:46:59 +02:00
parent a8964979b9
commit 0751256559
3 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
jetty-security/src/test/java/org/eclipse/jetty/security/AliasedConstraintTest.java
View File

@ -31,6 +31,7 @@ import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.LocalConnector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.AllowSymLinkAliasChecker;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.ResourceHandler;
import org.eclipse.jetty.server.session.SessionHandler;
@ -76,16 +77,16 @@ public class AliasedConstraintTest
loginService.putUser("user3",new Password("password"),new String[] { "foo" });
context.setContextPath("/ctx");
context.setResourceBase(MavenTestingUtils.getTestResourceDir("docroot").getAbsolutePath());
server.setHandler(context);
context.setHandler(session);
// context.addAliasCheck(new AllowSymLinkAliasChecker());
server.addBean(loginService);
security = new ConstraintSecurityHandler();
session.setHandler(security);
ResourceHandler handler = new ResourceHandler();
String resourceBase = MavenTestingUtils.getTestResourceDir("docroot").getAbsolutePath();
handler.setResourceBase(resourceBase);
security.setHandler(handler);
List<ConstraintMapping> constraints = new ArrayList<>();

7
jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
View File

@ -1648,10 +1648,15 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
}
/* ------------------------------------------------------------ */
/**
* @param path
* @param resource
* @return True if the alias is OK
*/
public boolean checkAlias(String path, Resource resource)
{
// Is the resource aliased?
if (resource.getAlias() != null)
if (resource.getAlias() != null)
{
if (LOG.isDebugEnabled())
LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias());

9
jetty-server/src/main/java/org/eclipse/jetty/server/handler/ResourceHandler.java
View File

@ -308,15 +308,16 @@ public class ResourceHandler extends HandlerWrapper
{
if (_context==null)
return null;
base=_context.getBaseResource();
if (base==null)
return null;
return _context.getResource(path);
}
try
{
path=URIUtil.canonicalPath(path);
return base.addPath(path);
Resource r = base.addPath(path);
if (r!=null && r.getAlias()!=null && !_context.checkAlias(path, r))
return null;
return r;
}
catch(Exception e)
{