420048 - DefaultServlet alias checks configured resourceBase

Conflicts:
	jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java

jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java

@@ -1606,27 +1606,9 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
             path = URIUtil.canonicalPath(path);
             Resource resource = _baseResource.addPath(path);
             
-            // Is the resource aliased?
+            if (checkAlias(path,resource))
-            if (resource.getAlias() != null)
+                return resource;
-            {
+            return null;
-                if (LOG.isDebugEnabled())
-                    LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias());
-
-                // alias checks
-                for (Iterator<AliasCheck> i=_aliasChecks.iterator();i.hasNext();)
-                {
-                    AliasCheck check = i.next();
-                    if (check.check(path,resource))
-                    {
-                        if (LOG.isDebugEnabled())
-                            LOG.debug("Aliased resource: " + resource + " approved by " + check);
-                        return resource;
-                    }
-                }
-                return null;
-            }
-
-            return resource;
         }
         catch (Exception e)
         {
@@ -1636,6 +1618,31 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
         return null;
     }
 
+    /* ------------------------------------------------------------ */
+    public boolean checkAlias(String path, Resource resource)
+    {
+        // Is the resource aliased?
+            if (resource.getAlias() != null)
+        {
+            if (LOG.isDebugEnabled())
+                LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias());
+
+            // alias checks
+            for (Iterator<AliasCheck> i=_aliasChecks.iterator();i.hasNext();)
+            {
+                AliasCheck check = i.next();
+                if (check.check(path,resource))
+                {
+                    if (LOG.isDebugEnabled())
+                        LOG.debug("Aliased resource: " + resource + " approved by " + check);
+                    return true;
+                }
+            }
+            return false;
+        }
+        return true;
+    }
+    
     /* ------------------------------------------------------------ */
     /**
      * Convert URL to Resource wrapper for {@link Resource#newResource(URL)} enables extensions to provide alternate resource implementations.

jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java

@@ -354,6 +354,12 @@ public class DefaultServlet extends HttpServlet implements ResourceFactory
             if (_resourceBase!=null)
             {
                 r = _resourceBase.addPath(pathInContext);
+                if (!_contextHandler.checkAlias(pathInContext,r))
+                    r=null;
+            }
+            else if (_servletContext instanceof ContextHandler.Context)
+            {
+                r = _contextHandler.getResource(pathInContext);
             }
             else
             {

jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java

@@ -23,6 +23,7 @@ import static org.junit.Assert.assertTrue;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.util.EnumSet;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -39,6 +40,7 @@ import org.eclipse.jetty.http.HttpFields;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.LocalConnector;
 import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.toolchain.test.FS;
 import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
 import org.eclipse.jetty.toolchain.test.OS;
@@ -414,6 +416,40 @@ public class DefaultServletTest
         }
     }
 
+    @Test
+    public void testResourceBase() throws Exception
+    {
+        testdir.ensureEmpty();
+        File resBase = testdir.getFile("docroot");
+        FS.ensureDirExists(resBase);
+        File foobar = new File(resBase, "foobar.txt");
+        File link = new File(resBase, "link.txt");
+        createFile(foobar, "Foo Bar");
+
+        String resBasePath = resBase.getAbsolutePath();
+
+        ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
+        defholder.setInitParameter("resourceBase", resBasePath);
+        defholder.setInitParameter("gzip", "false");
+
+        String response;
+
+        response = connector.getResponses("GET /context/foobar.txt HTTP/1.0\r\n\r\n");
+        assertResponseContains("Foo Bar", response);
+
+        if (!OS.IS_WINDOWS)
+        {
+            Files.createSymbolicLink(link.toPath(),foobar.toPath());
+            response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n");
+            assertResponseContains("404", response);
+            
+            context.addAliasCheck(new ContextHandler.ApproveAliases());
+            
+            response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n");
+            assertResponseContains("Foo Bar", response);
+        }
+    }
+
     @Test
     public void testWelcomeExactServlet() throws Exception
     {