Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

jetty-9 removed alias option

This commit is contained in:
Greg Wilkins 2013-01-10 20:34:36 +11:00
parent b1882a3258
commit e6d3397c1c
4 changed files with 18 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
View File

@ -162,7 +162,6 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
private int _maxFormKeys = Integer.getInteger("org.eclipse.jetty.server.Request.maxFormKeys",-1).intValue();
private int _maxFormContentSize = Integer.getInteger("org.eclipse.jetty.server.Request.maxFormContentSize",-1).intValue();
private boolean _compactPath = false;
private boolean _aliases = false;
private final List<EventListener> _eventListeners=new CopyOnWriteArrayList<>();
private final List<EventListener> _programmaticListeners=new CopyOnWriteArrayList<>();
@ -1343,26 +1342,6 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
}
}
/* ------------------------------------------------------------ */
/**
* @return True if aliases are allowed
*/
@ManagedAttribute("true if alias checking is performed on resource")
public boolean isAliases()
{
return _aliases;
}
/* ------------------------------------------------------------ */
/**
* @param aliases
* aliases are allowed
*/
public void setAliases(boolean aliases)
{
_aliases = aliases;
}
/* ------------------------------------------------------------ */
/**
* @return Returns the mimeTypes.
@ -1573,7 +1552,7 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
Resource resource = _baseResource.addPath(path);
// Is the resource aliased?
if (!_aliases && resource.getAlias() != null)
if (resource.getAlias() != null)
{
if (LOG.isDebugEnabled())
LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias());
@ -2549,6 +2528,18 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
boolean check(String path, Resource resource);
}
/* ------------------------------------------------------------ */
/** Approve all aliases.
*/
public static class ApproveAliases implements AliasCheck
{
@Override
public boolean check(String path, Resource resource)
{
return true;
}
}
/* ------------------------------------------------------------ */
/** Approve Aliases with same suffix.
@ -2557,6 +2548,7 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
*/
public static class ApproveSameSuffixAliases implements AliasCheck
{
@Override
public boolean check(String path, Resource resource)
{
int dot = path.lastIndexOf('.');
@ -2575,6 +2567,7 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
*/
public static class ApprovePathPrefixAliases implements AliasCheck
{
@Override
public boolean check(String path, Resource resource)
{
int slash = path.lastIndexOf('/');
@ -2591,6 +2584,7 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
*/
public static class ApproveNonExistentDirectoryAliases implements AliasCheck
{
@Override
public boolean check(String path, Resource resource)
{
int slash = path.lastIndexOf('/');

35
jetty-server/src/main/java/org/eclipse/jetty/server/handler/ResourceHandler.java
View File

@ -64,7 +64,6 @@ public class ResourceHandler extends HandlerWrapper
String[] _welcomeFiles={"index.html"};
MimeTypes _mimeTypes = new MimeTypes();
String _cacheControl;
boolean _aliases;
boolean _directory;
boolean _etags;
@ -86,28 +85,6 @@ public class ResourceHandler extends HandlerWrapper
_mimeTypes = mimeTypes;
}
/* ------------------------------------------------------------ */
/**
* @return True if resource aliases are allowed.
*/
public boolean isAliases()
{
return _aliases;
}
/* ------------------------------------------------------------ */
/**
* Set if resource aliases (eg symlink, 8.3 names, case insensitivity) are allowed.
* Allowing aliases can significantly increase security vulnerabilities.
* If this handler is deployed inside a ContextHandler, then the
* {@link ContextHandler#isAliases()} takes precedent.
* @param aliases True if aliases are supported.
*/
public void setAliases(boolean aliases)
{
_aliases = aliases;
}
/* ------------------------------------------------------------ */
/** Get the directory option.
* @return true if directories are listed.
@ -152,12 +129,6 @@ public class ResourceHandler extends HandlerWrapper
Context scontext = ContextHandler.getCurrentContext();
_context = (scontext==null?null:scontext.getContextHandler());
if (_context!=null)
_aliases=_context.isAliases();
if (!_aliases && !FileResource.getCheckAliases())
throw new IllegalStateException("Alias checking disabled");
super.doStart();
}
@ -406,12 +377,6 @@ public class ResourceHandler extends HandlerWrapper
}
}
if (!_aliases && resource.getAlias()!=null)
{
LOG.info(resource+" aliased to "+resource.getAlias());
return;
}
// We are going to serve something
baseRequest.setHandled(true);

14
jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java
View File

@ -109,9 +109,6 @@ import org.eclipse.jetty.util.resource.ResourceFactory;
* stylesheet Set with the location of an optional stylesheet that will be used
* to decorate the directory listing html.
*
* aliases If True, aliases of resources are allowed (eg. symbolic
* links and caps variations). May bypass security constraints.
*
* etags If True, weak etags will be generated and handled.
*
* maxCacheSize The maximum total size of the cache or 0 for no cache.
@ -192,15 +189,6 @@ public class DefaultServlet extends HttpServlet implements ResourceFactory
else
_welcomeServlets=getInitBoolean("welcomeServlets", _welcomeServlets);
if (getInitParameter("aliases")!=null)
_contextHandler.setAliases(getInitBoolean("aliases",false));
boolean aliases=_contextHandler.isAliases();
if (!aliases && !FileResource.getCheckAliases())
throw new IllegalStateException("Alias checking disabled");
if (aliases)
_servletContext.log("Aliases are enabled! Security constraints may be bypassed!!!");
_useFileMappedBuffer=getInitBoolean("useFileMappedBuffer",_useFileMappedBuffer);
_relativeResourceBase = getInitParameter("relativeResourceBase");
@ -479,7 +467,7 @@ public class DefaultServlet extends HttpServlet implements ResourceFactory
}
else if (!resource.isDirectory())
{
if (endsWithSlash && _contextHandler.isAliases() && pathInContext.length()>1)
if (endsWithSlash && pathInContext.length()>1)
{
String q=request.getQueryString();
pathInContext=pathInContext.substring(0,pathInContext.length()-1);

21
jetty-util/src/main/java/org/eclipse/jetty/util/resource/FileResource.java
View File

@ -53,30 +53,11 @@ import org.eclipse.jetty.util.log.Logger;
public class FileResource extends URLResource
{
private static final Logger LOG = Log.getLogger(FileResource.class);
private static boolean __checkAliases = true;
/* ------------------------------------------------------------ */
private File _file;
private transient URL _alias=null;
private transient boolean _aliasChecked=false;
/* ------------------------------------------------------------------------------- */
/** setCheckAliases.
* @param checkAliases True of resource aliases are to be checked for (eg case insensitivity or 8.3 short names) and treated as not found.
*/
public static void setCheckAliases(boolean checkAliases)
{
__checkAliases=checkAliases;
}
/* ------------------------------------------------------------------------------- */
/** getCheckAliases.
* @return True of resource aliases are to be checked for (eg case insensitivity or 8.3 short names) and treated as not found.
*/
public static boolean getCheckAliases()
{
return __checkAliases;
}
/* -------------------------------------------------------- */
public FileResource(URL url)
@ -190,7 +171,7 @@ public class FileResource extends URLResource
@Override
public URL getAlias()
{
if (__checkAliases && !_aliasChecked)
if (!_aliasChecked)
{
try
{