root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Reinstate permissive alias check 

Without the permissive check, unusually named static resources are
inaccessible. The need for this may be due to a Jetty bug. This change
restores the tests to their previous form for now.

See gh-40568
This commit is contained in:
Andy Wilkinson 2024-04-29 12:50:42 +01:00
parent f70a270ec8
commit 34e62bb4e2
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
spring-boot-tests/spring-boot-integration-tests/spring-boot-server-tests/spring-boot-server-tests-app/src/main/java/com/example/JettyServerCustomizerConfig.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2012-2024 the original author or authors.
* Copyright 2012-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,6 +20,7 @@ import org.eclipse.jetty.http.UriCompliance;
import org.eclipse.jetty.server.AllowedResourceAliasChecker;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
@ -29,19 +30,23 @@ import org.springframework.context.annotation.Configuration;
/**
* {@link JettyServerCustomizer} that:
* <ul>
* <li>Approves all aliases to allow access to unusually named static resources
* <li>Relaxes URI compliance to allow access to static resources with {@code %} in their file name.
* </ul>
*
* @author Madhura Bhave
* @author Andy Wilkinson
*/
@ConditionalOnClass(name = "org.eclipse.jetty.server.Connector")
@ConditionalOnClass(name = {"org.eclipse.jetty.server.handler.ContextHandler"})
@Configuration(proxyBeanMethods = false)
public class JettyServerCustomizerConfig {
@Bean
public JettyServerCustomizer jettyServerCustomizer() {
return (server) -> {
ContextHandler handler = (ContextHandler) server.getHandler();
handler.addAliasCheck((path, resource) -> true);
for (Connector connector : server.getConnectors()) {
connector.getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration()
.setUriCompliance(UriCompliance.LEGACY);