From 55b279cc3da989d850aa6f8b63a4a3905dbca6da Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Tue, 22 Oct 2013 20:33:33 +1100 Subject: [PATCH] 420048 - DefaultServlet alias checks configured resourceBase Conflicts: jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java --- .../jetty/server/handler/ContextHandler.java | 49 +++++++++++-------- .../eclipse/jetty/servlet/DefaultServlet.java | 6 +++ .../jetty/servlet/DefaultServletTest.java | 36 ++++++++++++++ 3 files changed, 70 insertions(+), 21 deletions(-) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java index 0b1786b93df..baed72bbfb1 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java @@ -1606,27 +1606,9 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu path = URIUtil.canonicalPath(path); Resource resource = _baseResource.addPath(path); - // Is the resource aliased? - if (resource.getAlias() != null) - { - if (LOG.isDebugEnabled()) - LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias()); - - // alias checks - for (Iterator i=_aliasChecks.iterator();i.hasNext();) - { - AliasCheck check = i.next(); - if (check.check(path,resource)) - { - if (LOG.isDebugEnabled()) - LOG.debug("Aliased resource: " + resource + " approved by " + check); - return resource; - } - } - return null; - } - - return resource; + if (checkAlias(path,resource)) + return resource; + return null; } catch (Exception e) { @@ -1636,6 +1618,31 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu return null; } + /* ------------------------------------------------------------ */ + public boolean checkAlias(String path, Resource resource) + { + // Is the resource aliased? + if (resource.getAlias() != null) + { + if (LOG.isDebugEnabled()) + LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias()); + + // alias checks + for (Iterator i=_aliasChecks.iterator();i.hasNext();) + { + AliasCheck check = i.next(); + if (check.check(path,resource)) + { + if (LOG.isDebugEnabled()) + LOG.debug("Aliased resource: " + resource + " approved by " + check); + return true; + } + } + return false; + } + return true; + } + /* ------------------------------------------------------------ */ /** * Convert URL to Resource wrapper for {@link Resource#newResource(URL)} enables extensions to provide alternate resource implementations. diff --git a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java index 8743cd79485..62d0c99dc7b 100644 --- a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java +++ b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java @@ -354,6 +354,12 @@ public class DefaultServlet extends HttpServlet implements ResourceFactory if (_resourceBase!=null) { r = _resourceBase.addPath(pathInContext); + if (!_contextHandler.checkAlias(pathInContext,r)) + r=null; + } + else if (_servletContext instanceof ContextHandler.Context) + { + r = _contextHandler.getResource(pathInContext); } else { diff --git a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java index 4a84ad96cea..fae82c6c6b0 100644 --- a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java +++ b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java @@ -23,6 +23,7 @@ import static org.junit.Assert.assertTrue; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; +import java.nio.file.Files; import java.util.EnumSet; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -39,6 +40,7 @@ import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.LocalConnector; import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.toolchain.test.FS; import org.eclipse.jetty.toolchain.test.MavenTestingUtils; import org.eclipse.jetty.toolchain.test.OS; @@ -414,6 +416,40 @@ public class DefaultServletTest } } + @Test + public void testResourceBase() throws Exception + { + testdir.ensureEmpty(); + File resBase = testdir.getFile("docroot"); + FS.ensureDirExists(resBase); + File foobar = new File(resBase, "foobar.txt"); + File link = new File(resBase, "link.txt"); + createFile(foobar, "Foo Bar"); + + String resBasePath = resBase.getAbsolutePath(); + + ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); + defholder.setInitParameter("resourceBase", resBasePath); + defholder.setInitParameter("gzip", "false"); + + String response; + + response = connector.getResponses("GET /context/foobar.txt HTTP/1.0\r\n\r\n"); + assertResponseContains("Foo Bar", response); + + if (!OS.IS_WINDOWS) + { + Files.createSymbolicLink(link.toPath(),foobar.toPath()); + response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n"); + assertResponseContains("404", response); + + context.addAliasCheck(new ContextHandler.ApproveAliases()); + + response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n"); + assertResponseContains("Foo Bar", response); + } + } + @Test public void testWelcomeExactServlet() throws Exception {