GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Servlet context document root not found when running as exploded WAR 

* Added additional search in
AbstractEmbeddedServletContainerFactory.getValidDocumentRoot() to
detect a /WEB-INF/ directory in the code archive
* If the code archive is in /WEB-INF/** then we assume it is
safe to serve content from / (exposes the loader classes
but nothing sensitive from the app)

[Fixes #54345578]
pull/9/head
Dave Syer 13 years ago
parent
b65625bec3
commit
39425c81d6
2 changed files with 18 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      spring-boot-samples/spring-boot-sample-jetty/src/main/foo.html
  2. 19
      spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactory.java

10
spring-boot-samples/spring-boot-sample-jetty/src/main/foo.html
Unescape View File

@ -1,10 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
</body>
</html>

19
spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactory.java
Unescape View File

@ -303,7 +303,11 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
*/ */
protected final File getValidDocumentRoot() { protected final File getValidDocumentRoot() {
File file = getDocumentRoot(); File file = getDocumentRoot();
// If document root not explicitly set see if we are running from a war archive
file = file != null ? file : getWarFileDocumentRoot(); file = file != null ? file : getWarFileDocumentRoot();
// If not a war archive maybe it is an exploded war
file = file != null ? file : getExplodedWarFileDocumentRoot();
// Or maybe there is a document root in a well-known location
file = file != null ? file : getCommonDocumentRoot(); file = file != null ? file : getCommonDocumentRoot();
if (file == null && this.logger.isWarnEnabled()) { if (file == null && this.logger.isWarnEnabled()) {
this.logger.debug("None of the document roots " this.logger.debug("None of the document roots "
@ -316,12 +320,25 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
return file; return file;
} }
private File getExplodedWarFileDocumentRoot() {
File file = getCodeSourceArchive();
if (this.logger.isDebugEnabled()) {
this.logger.debug("Code archive: " + file);
}
if (file != null && file.exists() && file.getAbsolutePath().contains("/WEB-INF/")) {
String path = file.getAbsolutePath();
path = path.substring(0, path.indexOf("/WEB-INF/"));
return new File(path);
}
return null;
}
private File getArchiveFileDocumentRoot(String extension) { private File getArchiveFileDocumentRoot(String extension) {
File file = getCodeSourceArchive(); File file = getCodeSourceArchive();
if (this.logger.isDebugEnabled()) { if (this.logger.isDebugEnabled()) {
this.logger.debug("Code archive: " + file); this.logger.debug("Code archive: " + file);
} }
if (file.exists() && !file.isDirectory() if (file != null && file.exists() && !file.isDirectory()
&& file.getName().toLowerCase().endsWith(extension)) { && file.getName().toLowerCase().endsWith(extension)) {
return file.getAbsoluteFile(); return file.getAbsoluteFile();
} }

Write Preview
Loading…
Cancel
Save