Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026

Always calculate path of resource to be served relative to the context root.
This invokes the standard protection of WEB-INF and META-INF directories.
This is a breaking change for the unofficial use of DefaultServlet to remount the webapp base under a new path.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1004393 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java
index c614c47..5e5b126 100644 (file)
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -70,9 +70,44 @@ import org.apache.tomcat.util.res.StringManager;
 
 
 /**
- * The default resource-serving servlet for most web applications,
+ * <p>The default resource-serving servlet for most web applications,
  * used to serve static resources such as HTML pages and images.
- *
+ * </p>
+ * <p>
+ * This servlet is intended to be mapped to <em>/</em> e.g.:
+ * </p>
+ * <pre>
+ *   &lt;servlet-mapping&gt;
+ *       &lt;servlet-name&gt;default&lt;/servlet-name&gt;
+ *       &lt;url-pattern&gt;/&lt;/url-pattern&gt;
+ *   &lt;/servlet-mapping&gt;
+ * </pre>
+ * <p>It can be mapped to sub-paths, however in all cases resources are served
+ * from the web appplication resource root using the full path from the root
+ * of the web application context.
+ * <br/>e.g. given a web application structure:
+ *</p>
+ * <pre>
+ * /context
+ *   /images
+ *     tomcat2.jpg
+ *   /static
+ *     /images
+ *       tomcat.jpg
+ * </pre>
+ * <p>
+ * ... and a servlet mapping that maps only <code>/static/*</code> to the default servlet:
+ * </p>
+ * <pre>
+ *   &lt;servlet-mapping&gt;
+ *       &lt;servlet-name&gt;default&lt;/servlet-name&gt;
+ *       &lt;url-pattern&gt;/static/*&lt;/url-pattern&gt;
+ *   &lt;/servlet-mapping&gt;
+ * </pre>
+ * <p>
+ * Then a request to <code>/context/static/images/tomcat.jpg</code> will succeed
+ * while a request to <code>/context/images/tomcat2.jpg</code> will fail. 
+ * </p>
  * @author Craig R. McClanahan
  * @author Remy Maucherat
  * @version $Id$
@@ -303,6 +338,11 @@ public class DefaultServlet
      * @param request The servlet request we are processing
      */
     protected String getRelativePath(HttpServletRequest request) {
+        // IMPORTANT: DefaultServlet can be mapped to '/' or '/path/*' but always
+        // serves resources from the web app root with context rooted paths.
+        // i.e. it can not be used to mount the web app root under a sub-path
+        // This method must construct a complete context rooted path, although
+        // subclasses can change this behaviour.
 
         // Are we being processed by a RequestDispatcher.include()?
         if (request.getAttribute(Globals.INCLUDE_REQUEST_URI_ATTR) != null) {
@@ -319,7 +359,11 @@ public class DefaultServlet
         // No, extract the desired path directly from the request
         String result = request.getPathInfo();
         if (result == null) {
+            // Mapped to '/'
             result = request.getServletPath();
+        } else {
+            // Mapped to '/path/*' so get entire path under context
+            result = request.getServletPath() + result;
         }
         if ((result == null) || (result.equals(""))) {
             result = "/";