root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 19 Packages Projects Releases Wiki Activity

Servlet context document root not found when running as exploded WAR 

* Added additional search in
AbstractEmbeddedServletContainerFactory.getValidDocumentRoot() to
detect a /WEB-INF/ directory in the code archive
* If the code archive is in /WEB-INF/** then we assume it is
safe to serve content from / (exposes the loader classes
but nothing sensitive from the app)

[Fixes #54345578]
This commit is contained in:
Dave Syer 2013-07-31 10:27:17 +01:00
parent b65625bec3
commit 39425c81d6
2 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
spring-boot-samples/spring-boot-sample-jetty/src/main/foo.html
View File

@ -1,10 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
</body>
</html>

19
spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactory.java
View File

@ -303,7 +303,11 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
*/ */
protected final File getValidDocumentRoot() { protected final File getValidDocumentRoot() {
File file = getDocumentRoot(); File file = getDocumentRoot();
// If document root not explicitly set see if we are running from a war archive
file = file != null ? file : getWarFileDocumentRoot(); file = file != null ? file : getWarFileDocumentRoot();
// If not a war archive maybe it is an exploded war
file = file != null ? file : getExplodedWarFileDocumentRoot();
// Or maybe there is a document root in a well-known location
file = file != null ? file : getCommonDocumentRoot(); file = file != null ? file : getCommonDocumentRoot();
if (file == null && this.logger.isWarnEnabled()) { if (file == null && this.logger.isWarnEnabled()) {
this.logger.debug("None of the document roots " this.logger.debug("None of the document roots "
@ -316,12 +320,25 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
return file; return file;
} }
private File getExplodedWarFileDocumentRoot() {
File file = getCodeSourceArchive();
if (this.logger.isDebugEnabled()) {
this.logger.debug("Code archive: " + file);
}
if (file != null && file.exists() && file.getAbsolutePath().contains("/WEB-INF/")) {
String path = file.getAbsolutePath();
path = path.substring(0, path.indexOf("/WEB-INF/"));
return new File(path);
}
return null;
}
private File getArchiveFileDocumentRoot(String extension) { private File getArchiveFileDocumentRoot(String extension) {
File file = getCodeSourceArchive(); File file = getCodeSourceArchive();
if (this.logger.isDebugEnabled()) { if (this.logger.isDebugEnabled()) {
this.logger.debug("Code archive: " + file); this.logger.debug("Code archive: " + file);
} }
if (file.exists() && !file.isDirectory() if (file != null && file.exists() && !file.isDirectory()
&& file.getName().toLowerCase().endsWith(extension)) { && file.getName().toLowerCase().endsWith(extension)) {
return file.getAbsoluteFile(); return file.getAbsoluteFile();
} }