Issue #11492 - Auto-add AliasChecker for custom Base Resource from Re…

…sourceServlet Signed-off-by: Lachlan Roberts <lachlan.p.roberts@gmail.com>
jetty · Oct 1, 2024 · 02227df · 02227df
1 parent e376b1a
commit 02227df
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 3 deletions.
diff --git a/...core/jetty-server/src/main/java/org/eclipse/jetty/server/AllowedResourceAliasChecker.java b/...core/jetty-server/src/main/java/org/eclipse/jetty/server/AllowedResourceAliasChecker.java
@@ -82,6 +82,14 @@ private String[] getProtectedTargets()
         return _contextHandler.getProtectedTargets();
     }
 
+    public Resource getBaseResource()
+    {
+        if (_baseResource != null)
+            return _baseResource;
+        _baseResource = _resourceBaseSupplier.get();
+        return _baseResource;
+    }
+
     private void extractBaseResourceFromContext()
     {
         _baseResource = _resourceBaseSupplier.get();
@@ -123,6 +131,7 @@ protected void doStop() throws Exception
     {
         _contextHandler.removeEventListener(_listener);
         _baseResource = null;
+        _initialized = false;
         _protected.clear();
     }
 

diff --git a/...ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ResourceServlet.java b/...ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ResourceServlet.java
@@ -47,6 +47,8 @@
 import org.eclipse.jetty.http.content.ValidatingCachingHttpContentFactory;
 import org.eclipse.jetty.http.content.VirtualHttpContentFactory;
 import org.eclipse.jetty.io.ByteBufferPool;
+import org.eclipse.jetty.server.AliasCheck;
+import org.eclipse.jetty.server.AllowedResourceAliasChecker;
 import org.eclipse.jetty.server.Context;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.ResourceService;
@@ -104,6 +106,12 @@
  *     Use {@code true} to generate ETags in responses.
  *     Defaults to {@code false}.
  *   </dd>
+ *   <dt>installAliasChecker</dt>
+ *   <dd>
+ *     Whether to add an {@link AllowedResourceAliasChecker} to the context if one
+ *     does not already exist for this baseResource.
+ *     Defaults to {@code true}.
+ *   </dd>
  *   <dt>maxCachedFiles</dt>
  *   <dd>
  *     The max number of cached static resources.
@@ -206,6 +214,23 @@ public void init() throws ServletException
         if (baseResource != null && !(baseResource.isDirectory() && baseResource.isReadable()))
             LOG.warn("baseResource {} is not a readable directory", baseResource);
 
+        if (getInitBoolean("installAliasChecker", true))
+        {
+            // Add a new aliasCheck to the ContextHandler if one does not exist for this baseResource.
+            boolean addAliasCheck = true;
+            for (AliasCheck aliasCheck : contextHandler.getAliasChecks())
+            {
+                if (aliasCheck instanceof AllowedResourceAliasChecker allowedResourceAliasChecker
+                    && Objects.equals(baseResource, allowedResourceAliasChecker.getBaseResource()))
+                {
+                    addAliasCheck = false;
+                    break;
+                }
+            }
+            if (addAliasCheck)
+                contextHandler.addAliasCheck(new AllowedResourceAliasChecker(contextHandler, baseResource));
+        }
+
         List<CompressedContentFormat> precompressedFormats = parsePrecompressedFormats(getInitParameter("precompressed"),
             getInitBoolean("gzip"), _resourceService.getPrecompressedFormats());
 

diff --git a/...ntegration/src/test/java/org/eclipse/jetty/ee10/test/AllowedResourceAliasCheckerTest.java b/...ntegration/src/test/java/org/eclipse/jetty/ee10/test/AllowedResourceAliasCheckerTest.java
@@ -17,14 +17,14 @@
 import java.io.FileWriter;
 import java.io.IOException;
 import java.net.URI;
-import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
 
 import org.eclipse.jetty.client.ContentResponse;
 import org.eclipse.jetty.client.HttpClient;
 import org.eclipse.jetty.ee10.servlet.DefaultServlet;
 import org.eclipse.jetty.ee10.servlet.ServletContextHandler;
+import org.eclipse.jetty.ee10.servlet.ServletHolder;
 import org.eclipse.jetty.http.HttpStatus;
 import org.eclipse.jetty.server.AllowedResourceAliasChecker;
 import org.eclipse.jetty.server.Server;
@@ -40,7 +40,6 @@
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class AllowedResourceAliasCheckerTest
@@ -67,7 +66,8 @@ public static void beforeAll() throws Exception
 
         _context = new ServletContextHandler();
         _context.setContextPath("/");
-        _context.addServlet(DefaultServlet.class, "/");
+        ServletHolder servletHolder = _context.addServlet(DefaultServlet.class, "/");
+        servletHolder.setInitOrder(1);
         _server.setHandler(_context);
 
         _baseDir = MavenTestingUtils.getTargetTestingPath(AllowedResourceAliasCheckerTest.class.getName());
@@ -141,4 +141,21 @@ public void testCreateBaseDirFileAfterStart() throws Exception
         assertThat(response.getStatus(), is(HttpStatus.OK_200));
         assertThat(response.getContentAsString(), is("this is a file in the baseDir"));
     }
+
+    @Test
+    public void testAutoAddAliasCheck() throws Exception
+    {
+        _context.clearAliasChecks();
+        createBaseDirFile();
+
+        // The AliasCheck is created on initialization.
+        assertThat(_context.getAliasChecks().size(), equalTo(0));
+        start();
+        assertThat(_context.getAliasChecks().size(), equalTo(1));
+
+        URI uri = URI.create("http://localhost:" + _connector.getLocalPort() + "/symlink");
+        ContentResponse response = _client.GET(uri);
+        assertThat(response.getStatus(), is(HttpStatus.OK_200));
+        assertThat(response.getContentAsString(), is("this is a file in the baseDir"));
+    }
 }