Update javadoc for the AliasCheck interface

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2022-08-15 10:46:48 +10:00 · 2022-08-15 10:46:48 +10:00 · d738f4b99f
parent 8e172f311e
commit d738f4b99f
2 changed files with 7 additions and 98 deletions
--- a/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/AliasCheck.java
+++ b/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/AliasCheck.java
@ -13,6 +13,7 @@

 package org.eclipse.jetty.server;

+import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.util.resource.Resource;

 /**
@ -21,10 +22,13 @@ import org.eclipse.jetty.util.resource.Resource;
 public interface AliasCheck
 {
    /**
-     * Check an alias
+     * Check if an alias is allowed to be served. If any {@link AliasCheck} returns
+     * true then the alias will be allowed to be served, therefore any alias checker
+     * should take things like the {@link ContextHandler#getProtectedTargets()} and
+     * Security Constraints into consideration before allowing a return a value of true.
     *
-     * @param pathInContext The path the aliased resource was created for
-     * @param resource The aliased resourced
+     * @param pathInContext The path the aliased resource was created for.
+     * @param resource The aliased resourced.
     * @return True if the resource is OK to be served.
     */
    boolean checkAlias(String pathInContext, Resource resource);
--- a/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java
+++ b/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java
@ -1,95 +0,0 @@
-//
-// ========================================================================
-// Copyright (c) 1995-2022 Mort Bay Consulting Pty Ltd and others.
-//
-// This program and the accompanying materials are made available under the
-// terms of the Eclipse Public License v. 2.0 which is available at
-// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
-// which is available at https://www.apache.org/licenses/LICENSE-2.0.
-//
-// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
-// ========================================================================
-//
-
-package org.eclipse.jetty.server.handler;
-
-import java.nio.file.Files;
-import java.nio.file.Path;
-
-import org.eclipse.jetty.server.Handler;
-import org.eclipse.jetty.util.resource.PathResource;
-import org.eclipse.jetty.util.resource.Resource;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Symbolic Link AliasChecker.
- * <p>An instance of this class can be registered with {@link Handler} subclasses
- * to check resources that are aliased to other locations.</p>
- * <p>The checker uses the Java {@link Files#readSymbolicLink(Path)} and
- * {@link Path#toRealPath(java.nio.file.LinkOption...)}
- * APIs to check if a file is aliased with symbolic links.</p>
- * @deprecated use {@link org.eclipse.jetty.server.SymlinkAllowedResourceAliasChecker} instead.
- */
-@Deprecated
-public class AllowSymLinkAliasChecker implements AliasCheck
-{
-    private static final Logger LOG = LoggerFactory.getLogger(AllowSymLinkAliasChecker.class);
-
-    public AllowSymLinkAliasChecker()
-    {
-        LOG.warn("Deprecated, use SymlinkAllowedResourceAliasChecker instead.");
-    }
-
-    @Override
-    public boolean checkAlias(String pathInContext, Resource resource)
-    {
-        // Only support PathResource alias checking
-        if (!(resource instanceof PathResource pathResource))
-            return false;
-
-        try
-        {
-            Path path = pathResource.getPath();
-            Path alias = pathResource.getAliasPath();
-
-            if (PathResource.isSameName(alias, path))
-                return false; // Unknown why this is an alias
-
-            if (hasSymbolicLink(path) && Files.isSameFile(path, alias))
-            {
-                if (LOG.isDebugEnabled())
-                    LOG.debug("Allow symlink {} --> {}", resource, pathResource.getAliasPath());
-                return true;
-            }
-        }
-        catch (Exception e)
-        {
-            LOG.trace("IGNORED", e);
-        }
-
-        return false;
-    }
-
-    private boolean hasSymbolicLink(Path path)
-    {
-        // Is file itself a symlink?
-        if (Files.isSymbolicLink(path))
-        {
-            return true;
-        }
-
-        // Lets try each path segment
-        Path base = path.getRoot();
-        for (Path segment : path)
-        {
-            base = base.resolve(segment);
-            if (Files.isSymbolicLink(base))
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-}