Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Auto add AliasChecker for custom Base Resource in DefaultServlet #11492

Closed
joakime opened this issue Mar 7, 2024 · 0 comments · Fixed by #12337
Closed

Auto add AliasChecker for custom Base Resource in DefaultServlet #11492

joakime opened this issue Mar 7, 2024 · 0 comments · Fixed by #12337
Assignees
@lachlan-roberts
Labels
Enhancement

Comments

@joakime
Copy link
Contributor

joakime commented Mar 7, 2024

Jetty version(s)
Jetty 12.0.7

Enhancement Description
If a user adds a DefaultServlet with a custom Base Resource, like this ...

ServletHolder holder = new ServletHolder("ui", new DefaultServlet());
servletContextHandler.addServlet(holder, "/ui/*");
URL url = getStaticContentURL("/ui/");
holder.setInitParameter("baseResource", url.toExternalForm());

Then this base resource cannot serve content as the AliasCheck that come from the existing ServletContextHandler are not aware of this new Base Resource.

Now a user will have to add an additional AliasCheck for this new Base Resource.

Resource base = servletContextHandler.newResource(url);
servletContextHandler.addAliasCheck(new AllowedResourceAliasChecker(servletContextHandler, base));

This is particularly difficult to do when using dynamic servlet registration techniques, or with the servlet descriptor (WEB-INF/web.xml)

ServletRegistration sr = servletContext.addServlet("ui", defaultServlet);
sr.addMapping("/ui/*");
URL url = getStaticContentURL("/ui/");
sr.setInitParameter("baseResource", url.toExternalForm());

I propose that the DefaultServlet itself auto-add the AllowedResourceAliasChecker for any custom Base Resource that it is told to use.
@tesshucom tesshucom mentioned this issue May 18, 2024
Closed
@joakime joakime removed this from Jetty 12.0.14 Sep 25, 2024
lachlan-roberts added a commit that referenced this issue Oct 1, 2024
@lachlan-roberts
Issue #11492 - Auto-add AliasChecker for custom Base Resource from Re…
02227df 
…sourceServlet

Signed-off-by: Lachlan Roberts <lachlan.p.roberts@gmail.com>
@lachlan-roberts lachlan-roberts mentioned this issue Oct 1, 2024
Merged
lachlan-roberts added a commit that referenced this issue Oct 21, 2024
@lachlan-roberts
Merge pull request #12337 from jetty/jetty-12.0.x-11492-AutoAdd-Alias…
afdbad5 
…Checker

Issue #11492 - Auto-add AliasChecker for custom Base Resource from ResourceServlet
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@lachlan-roberts lachlan-roberts

Labels
Enhancement
Projects
No open projects
Jetty 12.0.15 FROZEN
Status: ✅ Done
Milestone
No milestone
2 participants
@joakime @lachlan-roberts