From 55b279cc3da989d850aa6f8b63a4a3905dbca6da Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Tue, 22 Oct 2013 20:33:33 +1100 Subject: 420048 - DefaultServlet alias checks configured resourceBase Conflicts: jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java --- .../org/eclipse/jetty/servlet/DefaultServlet.java | 6 ++++ .../eclipse/jetty/servlet/DefaultServletTest.java | 36 ++++++++++++++++++++++ 2 files changed, 42 insertions(+) (limited to 'jetty-servlet') diff --git a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java index 8743cd7948..62d0c99dc7 100644 --- a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java +++ b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/DefaultServlet.java @@ -354,6 +354,12 @@ public class DefaultServlet extends HttpServlet implements ResourceFactory if (_resourceBase!=null) { r = _resourceBase.addPath(pathInContext); + if (!_contextHandler.checkAlias(pathInContext,r)) + r=null; + } + else if (_servletContext instanceof ContextHandler.Context) + { + r = _contextHandler.getResource(pathInContext); } else { diff --git a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java index 4a84ad96ce..fae82c6c6b 100644 --- a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java +++ b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java @@ -23,6 +23,7 @@ import static org.junit.Assert.assertTrue; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; +import java.nio.file.Files; import java.util.EnumSet; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -39,6 +40,7 @@ import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.LocalConnector; import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.toolchain.test.FS; import org.eclipse.jetty.toolchain.test.MavenTestingUtils; import org.eclipse.jetty.toolchain.test.OS; @@ -414,6 +416,40 @@ public class DefaultServletTest } } + @Test + public void testResourceBase() throws Exception + { + testdir.ensureEmpty(); + File resBase = testdir.getFile("docroot"); + FS.ensureDirExists(resBase); + File foobar = new File(resBase, "foobar.txt"); + File link = new File(resBase, "link.txt"); + createFile(foobar, "Foo Bar"); + + String resBasePath = resBase.getAbsolutePath(); + + ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); + defholder.setInitParameter("resourceBase", resBasePath); + defholder.setInitParameter("gzip", "false"); + + String response; + + response = connector.getResponses("GET /context/foobar.txt HTTP/1.0\r\n\r\n"); + assertResponseContains("Foo Bar", response); + + if (!OS.IS_WINDOWS) + { + Files.createSymbolicLink(link.toPath(),foobar.toPath()); + response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n"); + assertResponseContains("404", response); + + context.addAliasCheck(new ContextHandler.ApproveAliases()); + + response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n"); + assertResponseContains("Foo Bar", response); + } + } + @Test public void testWelcomeExactServlet() throws Exception { -- cgit v1.2.3