From e30594760d4f80b3210237f4b6c60dfaf0096c5d Mon Sep 17 00:00:00 2001 From: timw Date: Mon, 4 Oct 2010 20:19:09 +0000 Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026 Always calculate path of resource to be served relative to the context root. This invokes the standard protection of WEB-INF and META-INF directories. This is a breaking change for the unofficial use of DefaultServlet to remount the webapp base under a new path. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1004393 13f79535-47bb-0310-9956-ffa450edef68 --- .../apache/catalina/servlets/DefaultServlet.java | 48 +++++++++++++++++++++- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java index c614c4729..5e5b126d8 100644 --- a/java/org/apache/catalina/servlets/DefaultServlet.java +++ b/java/org/apache/catalina/servlets/DefaultServlet.java @@ -70,9 +70,44 @@ import org.apache.tomcat.util.res.StringManager; /** - * The default resource-serving servlet for most web applications, + *

The default resource-serving servlet for most web applications, * used to serve static resources such as HTML pages and images. - * + *

+ *

+ * This servlet is intended to be mapped to / e.g.: + *

+ * 
+ *   <servlet-mapping>
+ *       <servlet-name>default</servlet-name>
+ *       <url-pattern>/</url-pattern>
+ *   </servlet-mapping>
+ *
+ *

It can be mapped to sub-paths, however in all cases resources are served + * from the web appplication resource root using the full path from the root + * of the web application context. + *
e.g. given a web application structure: + *

+ * 
+ * /context
+ *   /images
+ *     tomcat2.jpg
+ *   /static
+ *     /images
+ *       tomcat.jpg
+ *
+ *

+ * ... and a servlet mapping that maps only /static/* to the default servlet: + *

+ * 
+ *   <servlet-mapping>
+ *       <servlet-name>default</servlet-name>
+ *       <url-pattern>/static/*</url-pattern>
+ *   </servlet-mapping>
+ *
+ *

+ * Then a request to /context/static/images/tomcat.jpg will succeed + * while a request to /context/images/tomcat2.jpg will fail. + *

* @author Craig R. McClanahan * @author Remy Maucherat * @version $Id$ @@ -303,6 +338,11 @@ public class DefaultServlet * @param request The servlet request we are processing */ protected String getRelativePath(HttpServletRequest request) { + // IMPORTANT: DefaultServlet can be mapped to '/' or '/path/*' but always + // serves resources from the web app root with context rooted paths. + // i.e. it can not be used to mount the web app root under a sub-path + // This method must construct a complete context rooted path, although + // subclasses can change this behaviour. // Are we being processed by a RequestDispatcher.include()? if (request.getAttribute(Globals.INCLUDE_REQUEST_URI_ATTR) != null) { @@ -319,7 +359,11 @@ public class DefaultServlet // No, extract the desired path directly from the request String result = request.getPathInfo(); if (result == null) { + // Mapped to '/' result = request.getServletPath(); + } else { + // Mapped to '/path/*' so get entire path under context + result = request.getServletPath() + result; } if ((result == null) || (result.equals(""))) { result = "/"; -- 2.11.0