420048 - DefaultServlet alias checks configured resourceBase

Conflicts: jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
2013-10-22 20:33:33 +11:00 · 2013-10-22 20:33:33 +11:00 · 55b279cc3d
parent 1ce2ec0007
commit 55b279cc3d
3 changed files with 70 additions and 21 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
@ -1606,27 +1606,9 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
            path = URIUtil.canonicalPath(path);
            Resource resource = _baseResource.addPath(path);
            
-            // Is the resource aliased?
-            if (resource.getAlias() != null)
-            {
-                if (LOG.isDebugEnabled())
-                    LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias());
-
-                // alias checks
-                for (Iterator<AliasCheck> i=_aliasChecks.iterator();i.hasNext();)
-                {
-                    AliasCheck check = i.next();
-                    if (check.check(path,resource))
-                    {
-                        if (LOG.isDebugEnabled())
-                            LOG.debug("Aliased resource: " + resource + " approved by " + check);
-                        return resource;
-                    }
-                }
-                return null;
-            }
-
-            return resource;
+            if (checkAlias(path,resource))
+                return resource;
+            return null;
        }
        catch (Exception e)
        {
@ -1636,6 +1618,31 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
        return null;
    }

+    /* ------------------------------------------------------------ */
+    public boolean checkAlias(String path, Resource resource)
+    {
+        // Is the resource aliased?
+            if (resource.getAlias() != null)
+        {
+            if (LOG.isDebugEnabled())
+                LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias());
+
+            // alias checks
+            for (Iterator<AliasCheck> i=_aliasChecks.iterator();i.hasNext();)
+            {
+                AliasCheck check = i.next();
+                if (check.check(path,resource))
+                {
+                    if (LOG.isDebugEnabled())
+                        LOG.debug("Aliased resource: " + resource + " approved by " + check);
+                    return true;
+                }
+            }
+            return false;
+        }
+        return true;
+    }
+    
    /* ------------------------------------------------------------ */
    /**
     * Convert URL to Resource wrapper for {@link Resource#newResource(URL)} enables extensions to provide alternate resource implementations.
--- a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java
+++ b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java
@ -354,6 +354,12 @@ public class DefaultServlet extends HttpServlet implements ResourceFactory
            if (_resourceBase!=null)
            {
                r = _resourceBase.addPath(pathInContext);
+                if (!_contextHandler.checkAlias(pathInContext,r))
+                    r=null;
+            }
+            else if (_servletContext instanceof ContextHandler.Context)
+            {
+                r = _contextHandler.getResource(pathInContext);
            }
            else
            {
--- a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java
+++ b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java
@ -23,6 +23,7 @@ import static org.junit.Assert.assertTrue;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.util.EnumSet;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@ -39,6 +40,7 @@ import org.eclipse.jetty.http.HttpFields;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.LocalConnector;
 import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.toolchain.test.FS;
 import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
 import org.eclipse.jetty.toolchain.test.OS;
@ -414,6 +416,40 @@ public class DefaultServletTest
        }
    }

+    @Test
+    public void testResourceBase() throws Exception
+    {
+        testdir.ensureEmpty();
+        File resBase = testdir.getFile("docroot");
+        FS.ensureDirExists(resBase);
+        File foobar = new File(resBase, "foobar.txt");
+        File link = new File(resBase, "link.txt");
+        createFile(foobar, "Foo Bar");
+
+        String resBasePath = resBase.getAbsolutePath();
+
+        ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
+        defholder.setInitParameter("resourceBase", resBasePath);
+        defholder.setInitParameter("gzip", "false");
+
+        String response;
+
+        response = connector.getResponses("GET /context/foobar.txt HTTP/1.0\r\n\r\n");
+        assertResponseContains("Foo Bar", response);
+
+        if (!OS.IS_WINDOWS)
+        {
+            Files.createSymbolicLink(link.toPath(),foobar.toPath());
+            response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n");
+            assertResponseContains("404", response);
+            
+            context.addAliasCheck(new ContextHandler.ApproveAliases());
+            
+            response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n");
+            assertResponseContains("Foo Bar", response);
+        }
+    }
+
    @Test
    public void testWelcomeExactServlet() throws Exception
    {