Servlet context document root not found when running as exploded WAR

* Added additional search in AbstractEmbeddedServletContainerFactory.getValidDocumentRoot() to detect a /WEB-INF/ directory in the code archive * If the code archive is in /WEB-INF/** then we assume it is safe to serve content from / (exposes the loader classes but nothing sensitive from the app) [Fixes #54345578]
13 years ago · 39425c81d6
2 changed files with 18 additions and 11 deletions
--- a/spring-boot-samples/spring-boot-sample-jetty/src/main/foo.html
+++ b/spring-boot-samples/spring-boot-sample-jetty/src/main/foo.html
@ -1,10 +0,0 @@
				@@ -1,10 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<title>Insert title here</title>
-</head>
-<body>
-
-</body>
-</html>
--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactory.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactory.java
@ -303,7 +303,11 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
				@@ -303,7 +303,11 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
 	 */
 	protected final File getValidDocumentRoot() {
 		File file = getDocumentRoot();
+		// If document root not explicitly set see if we are running from a war archive
 		file = file != null ? file : getWarFileDocumentRoot();
+		// If not a war archive maybe it is an exploded war
+		file = file != null ? file : getExplodedWarFileDocumentRoot();
+		// Or maybe there is a document root in a well-known location
 		file = file != null ? file : getCommonDocumentRoot();
 		if (file == null && this.logger.isWarnEnabled()) {
 			this.logger.debug("None of the document roots "
@ -316,12 +320,25 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
				@@ -316,12 +320,25 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
 		return file;
 	}

+	private File getExplodedWarFileDocumentRoot() {
+		File file = getCodeSourceArchive();
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Code archive: " + file);
+		}
+		if (file != null && file.exists() && file.getAbsolutePath().contains("/WEB-INF/")) {
+			String path = file.getAbsolutePath();
+			path = path.substring(0, path.indexOf("/WEB-INF/"));
+			return new File(path);
+		}
+		return null;
+	}
+
 	private File getArchiveFileDocumentRoot(String extension) {
 		File file = getCodeSourceArchive();
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("Code archive: " + file);
 		}
-		if (file.exists() && !file.isDirectory()
+		if (file != null && file.exists() && !file.isDirectory()
 				&& file.getName().toLowerCase().endsWith(extension)) {
 			return file.getAbsoluteFile();
 		}