diff --git a/VERSION.txt b/VERSION.txt index be9b56ed8fe..cdf421d0f03 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -183,6 +183,11 @@ jetty-9.3.0.v20150612 - 12 June 2015 --add-to-start + 469991 Fix logging levels in websocket client UpgradeConnection +jetty-9.2.12.v20150709 - 09 July 2015 + + 469414 Proxied redirects expose upstream server name. + + 469936 Remove usages of SpinLock. + + 470184 Send the proxy-to-server request more lazily. + jetty-9.2.11.v20150529 - 29 May 2015 + 461499 ConnectionPool may leak connections. + 463579 Add support for 308 status code. diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java index 76ac313b2a9..5207f857b8b 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java @@ -19,6 +19,8 @@ package org.eclipse.jetty.servlets; import java.io.IOException; +import java.util.ArrayList; +import java.util.List; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; @@ -27,100 +29,118 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -/** - * Concatenation Servlet - *

- * This servlet may be used to concatenate multiple resources into - * a single response. It is intended to be used to load multiple +import org.eclipse.jetty.util.URIUtil; + +/** + *

This servlet may be used to concatenate multiple resources into + * a single response.

+ *

It is intended to be used to load multiple * javascript or css files, but may be used for any content of the - * same mime type that can be meaningfully concatenated. - *

- * The servlet uses {@link RequestDispatcher#include(javax.servlet.ServletRequest, javax.servlet.ServletResponse)} + * same mime type that can be meaningfully concatenated.

+ *

The servlet uses {@link RequestDispatcher#include(javax.servlet.ServletRequest, javax.servlet.ServletResponse)} * to combine the requested content, so dynamically generated content - * may be combined (Eg engine.js for DWR). - *

- * The servlet uses parameter names of the query string as resource names - * relative to the context root. So these script tags: + * may be combined (Eg engine.js for DWR).

+ *

The servlet uses parameter names of the query string as resource names + * relative to the context root. So these script tags:

* 
- *  <script type="text/javascript" src="../js/behaviour.js"></script>
- *  <script type="text/javascript" src="../js/ajax.js&/chat/chat.js"></script>
- *  <script type="text/javascript" src="../chat/chat.js"></script>
- *
can be replaced with the single tag (with the ConcatServlet mapped to /concat): - * 
- *  <script type="text/javascript" src="../concat?/js/behaviour.js&/js/ajax.js&/chat/chat.js"></script>
+ * <script type="text/javascript" src="../js/behaviour.js"></script>
+ * <script type="text/javascript" src="../js/ajax.js&/chat/chat.js"></script>
+ * <script type="text/javascript" src="../chat/chat.js"></script>
  *
- * The {@link ServletContext#getMimeType(String)} method is used to determine the - * mime type of each resource. If the types of all resources do not match, then a 415 - * UNSUPPORTED_MEDIA_TYPE error is returned. - *

- * If the init parameter "development" is set to "true" then the servlet will run in - * development mode and the content will be concatenated on every request. Otherwise - * the init time of the servlet is used as the lastModifiedTime of the combined content - * and If-Modified-Since requests are handled with 206 NOT Modified responses if + *

can be replaced with the single tag (with the {@code ConcatServlet} + * mapped to {@code /concat}):

+ * 
+ * <script type="text/javascript" src="../concat?/js/behaviour.js&/js/ajax.js&/chat/chat.js"></script>
+ *
+ *

The {@link ServletContext#getMimeType(String)} method is used to determine the + * mime type of each resource. If the types of all resources do not match, then a 415 + * UNSUPPORTED_MEDIA_TYPE error is returned.

+ *

If the init parameter {@code development} is set to {@code true} then the servlet + * will run in development mode and the content will be concatenated on every request.

+ *

Otherwise the init time of the servlet is used as the lastModifiedTime of the combined content + * and If-Modified-Since requests are handled with 304 NOT Modified responses if * appropriate. This means that when not in development mode, the servlet must be - * restarted before changed content will be served. - * - * - * + * restarted before changed content will be served.

*/ public class ConcatServlet extends HttpServlet { - boolean _development; - long _lastModified; - ServletContext _context; + private boolean _development; + private long _lastModified; - /* ------------------------------------------------------------ */ + @Override public void init() throws ServletException { - _lastModified=System.currentTimeMillis(); - _context=getServletContext(); - _development="true".equals(getInitParameter("development")); + _lastModified = System.currentTimeMillis(); + _development = Boolean.parseBoolean(getInitParameter("development")); } - /* ------------------------------------------------------------ */ /* * @return The start time of the servlet unless in development mode, in which case -1 is returned. */ + @Override protected long getLastModified(HttpServletRequest req) { - return _development?-1:_lastModified; + return _development ? -1 : _lastModified; } - /* ------------------------------------------------------------ */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String q=req.getQueryString(); - if (q==null) + String query = request.getQueryString(); + if (query == null) { - resp.sendError(HttpServletResponse.SC_NO_CONTENT); + response.sendError(HttpServletResponse.SC_NO_CONTENT); return; } - String[] parts = q.split("\\&"); - String type=null; - for (int i=0;i dispatchers = new ArrayList<>(); + String[] parts = query.split("\\&"); + String type = null; + for (String part : parts) { - String t = _context.getMimeType(parts[i]); - if (t!=null) + String path = URIUtil.canonicalPath(URIUtil.decodePath(part)); + if (path == null) { - if (type==null) - type=t; + response.sendError(HttpServletResponse.SC_NOT_FOUND); + return; + } + + // Verify that the path is not protected. + if (startsWith(path, "/WEB-INF/") || startsWith(path, "/META-INF/")) + { + response.sendError(HttpServletResponse.SC_NOT_FOUND); + return; + } + + String t = getServletContext().getMimeType(path); + if (t != null) + { + if (type == null) + { + type = t; + } else if (!type.equals(t)) { - resp.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); + response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); return; } } + + RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(path); + if (dispatcher != null) + dispatchers.add(dispatcher); } - if (type!=null) - resp.setContentType(type); + if (type != null) + response.setContentType(type); - for (int i=0;i - org.codehaus.mojo findbugs-maven-plugin