Thanks Lachlan,
It is not a big problem for us to skip 10.0.7 and wait for 10.0.8 so
keeping things as they are now is probably the simplest option. On the
other hand, if we happen to push out an update of our core application
in the meantime I may decide to add the ApproveAliases and move to
10.0.7. Anyway I will be looking forward to 10.0.8.
Thanks for the help,
Kind regards,
Silvio
On 11/29/21 03:02, Lachlan Roberts wrote:
Silvio,
Thanks for the info, I will look into it.
The intention of the AliasChecker change was not to break the usage of
symlinks but to improve safety. The fact that you have experienced a
change in behaviour probably means there is a bug in the
new SymlinkAllowedResourceAliasChecker implementation.
For now you should be able to revert to the previous behaviour by
adding the AllowSymLinkAliasChecker which has now been deprecated. But
we will try to get a fix out in the upcoming 10.0.8 release.
cheers
On Mon, Nov 29, 2021 at 12:39 PM Silvio Bierman
<sbier...@jambo-software.com> wrote:
Hi Lachlan,
An additional observation:
Th symbolic link helps us (among other things) to use the same
configuration properties in various development and testing
environments as we use in most production environments. I manually
modified one development configuration to not use the symbolic
link and upgraded it to Jetty 10.0.7. And as you expected that
does work correctly.
Can you explain to me what the issue is with having symbolic links
in paths and what the consequence would be if I turned off this
behavior in production? I would expect symbolic links in paths to
be transparent to the application.
Kind regards,
Silvio
On 11/29/21 00:53, Lachlan Roberts wrote:
Hi Silvio,
Do you have any symlink in the path to these static resources? If
so, this could be related to the AliasChecker changes. You can
test if this is related to the AliasCheckers by adding the
`ContextHandler.ApproveAliases` to the `ContextHandler` and see
if you still get the 404's. But even if this fixes it, do not add
`ContextHandler.ApproveAliases` to your production code.
Would you be able to post a simple reproducer that works on
10.0.6 but not on 10.0.7?
cheers,
Lachlan
On Sun, Nov 28, 2021 at 2:40 AM Silvio Bierman
<sbier...@jambo-software.com> wrote:
Hello all,
I use an embedded Jetty 10 server. My server setup code adds
a number of
ContextHandlers that each wrap a ResourceHandler to server
static
content on paths like /images and /scripts etc. Finally a single
ServletContextHandler that wraps a ServletHolder is added at
/ to handle
all other requests.
This same setup code has been used through various Jetty
versions (with
some slight modifications for major version jumps) and has
worked fine
up until Jetty 10.0.6. But starting from Jetty 10.0.7 it no
longer works
because requests for the static contents all result in 404
errors.
Did anything change in the 10.0.7 release that could explain
this? I did
not see anything in the change log that sounds remotely
related but I
could be wrong.
Thanks,
Silvio
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
