Author: timw
Date: Mon Oct 4 20:19:09 2010
New Revision: 1004393
URL: http://svn.apache.org/viewvc?rev=1004393&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026
Always calculate path of resource to be served relative to the context root.
This invokes the standard protection of WEB-INF and META-INF directories.
This is a breaking change for the unofficial use of DefaultServlet to remount
the webapp base under a new path.
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1004393&r1=1004392&r2=1004393&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Mon Oct
4 20:19:09 2010
@@ -70,9 +70,44 @@ import org.apache.tomcat.util.res.String
/**
- * The default resource-serving servlet for most web applications,
+ * <p>The default resource-serving servlet for most web applications,
* used to serve static resources such as HTML pages and images.
- *
+ * </p>
+ * <p>
+ * This servlet is intended to be mapped to <em>/</em> e.g.:
+ * </p>
+ * <pre>
+ * <servlet-mapping>
+ * <servlet-name>default</servlet-name>
+ * <url-pattern>/</url-pattern>
+ * </servlet-mapping>
+ * </pre>
+ * <p>It can be mapped to sub-paths, however in all cases resources are served
+ * from the web appplication resource root using the full path from the root
+ * of the web application context.
+ * <br/>e.g. given a web application structure:
+ *</p>
+ * <pre>
+ * /context
+ * /images
+ * tomcat2.jpg
+ * /static
+ * /images
+ * tomcat.jpg
+ * </pre>
+ * <p>
+ * ... and a servlet mapping that maps only <code>/static/*</code> to the
default servlet:
+ * </p>
+ * <pre>
+ * <servlet-mapping>
+ * <servlet-name>default</servlet-name>
+ * <url-pattern>/static/*</url-pattern>
+ * </servlet-mapping>
+ * </pre>
+ * <p>
+ * Then a request to <code>/context/static/images/tomcat.jpg</code> will
succeed
+ * while a request to <code>/context/images/tomcat2.jpg</code> will fail.
+ * </p>
* @author Craig R. McClanahan
* @author Remy Maucherat
* @version $Id$
@@ -303,6 +338,11 @@ public class DefaultServlet
* @param request The servlet request we are processing
*/
protected String getRelativePath(HttpServletRequest request) {
+ // IMPORTANT: DefaultServlet can be mapped to '/' or '/path/*' but
always
+ // serves resources from the web app root with context rooted paths.
+ // i.e. it can not be used to mount the web app root under a sub-path
+ // This method must construct a complete context rooted path, although
+ // subclasses can change this behaviour.
// Are we being processed by a RequestDispatcher.include()?
if (request.getAttribute(Globals.INCLUDE_REQUEST_URI_ATTR) != null) {
@@ -319,7 +359,11 @@ public class DefaultServlet
// No, extract the desired path directly from the request
String result = request.getPathInfo();
if (result == null) {
+ // Mapped to '/'
result = request.getServletPath();
+ } else {
+ // Mapped to '/path/*' so get entire path under context
+ result = request.getServletPath() + result;
}
if ((result == null) || (result.equals(""))) {
result = "/";
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
