amyroh 2002/09/11 17:37:56
Modified: catalina/src/share/org/apache/catalina/core
StandardContextValve.java
catalina/src/share/org/apache/catalina/ssi SSIServlet.java
Log:
Servlet spec SRV 9.6 states :
"any request to access the resources in META-INF directory must be returned
with a SC_FORBIDDEN(403) response".
The current tomcat was returning 404 instead.
Fixes bugzilla 12462.
Revision Changes Path
1.2 +25 -5
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContextValve.java
Index: StandardContextValve.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- StandardContextValve.java 18 Jul 2002 16:48:12 -0000 1.1
+++ StandardContextValve.java 12 Sep 2002 00:37:56 -0000 1.2
@@ -165,7 +165,7 @@
relativeURI.equals("/WEB-INF") ||
relativeURI.startsWith("/META-INF/") ||
relativeURI.startsWith("/WEB-INF/")) {
- notFound(requestURI, (HttpServletResponse) response.getResponse());
+ forbidden(requestURI, (HttpServletResponse) response.getResponse());
return;
}
@@ -216,6 +216,26 @@
}
}
+
+
+ /**
+ * Report a "forbidden" error for the specified resource.
+ *
+ * @param requestURI The request URI for the requested resource
+ * @param response The response we are creating
+ */
+ private void forbidden(String requestURI, HttpServletResponse response) {
+
+ try {
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, requestURI);
+ } catch (IllegalStateException e) {
+ ;
+ } catch (IOException e) {
+ ;
+ }
+
+ }
+
/**
* Report a "not found" error for the specified resource. FIXME: We
1.2 +25 -25
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServlet.java
Index: SSIServlet.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServlet.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SSIServlet.java 18 Jul 2002 16:47:50 -0000 1.1
+++ SSIServlet.java 12 Sep 2002 00:37:56 -0000 1.2
@@ -216,15 +216,15 @@
path.toUpperCase().startsWith("/WEB-INF") ||
path.toUpperCase().startsWith("/META-INF") ) {
- res.sendError(res.SC_NOT_FOUND, path);
- log( "Can't serve file: " + path );
+ res.sendError(res.SC_FORBIDDEN, path);
+ log( "Can't serve file: " + path );
return;
}
-
- URL resource = servletContext.getResource(path);
+
+ URL resource = servletContext.getResource(path);
if (resource==null) {
res.sendError(res.SC_NOT_FOUND, path);
- log( "Can't find file: " + path );
+ log( "Can't find file: " + path );
return;
}
@@ -235,36 +235,36 @@
new java.util.Date()).getTime() + expires.longValue() * 1000);
}
- processSSI( req, res, resource );
+ processSSI( req, res, resource );
}
protected void processSSI( HttpServletRequest req,
- HttpServletResponse res,
- URL resource ) throws IOException {
- SSIExternalResolver ssiExternalResolver = new SSIServletExternalResolver(
this, req, res,
-
isVirtualWebappRelative,
-
debug );
- SSIProcessor ssiProcessor = new SSIProcessor( ssiExternalResolver, debug );
+ HttpServletResponse res,
+ URL resource ) throws IOException {
+ SSIExternalResolver ssiExternalResolver = new SSIServletExternalResolver( this,
req, res,
+ isVirtualWebappRelative,
+ debug );
+ SSIProcessor ssiProcessor = new SSIProcessor( ssiExternalResolver, debug );
PrintWriter printWriter = null;
- StringWriter stringWriter = null;
+ StringWriter stringWriter = null;
if (buffered) {
- stringWriter = new StringWriter();
+ stringWriter = new StringWriter();
printWriter = new PrintWriter( stringWriter );
} else {
printWriter = res.getWriter();
- }
+ }
URLConnection resourceInfo = resource.openConnection();
InputStream resourceInputStream = resourceInfo.getInputStream();
- BufferedReader bufferedReader = new BufferedReader( new InputStreamReader(
resourceInputStream ) );
- Date lastModifiedDate = new Date( resourceInfo.getLastModified() );
- ssiProcessor.process( bufferedReader, lastModifiedDate, printWriter );
+ BufferedReader bufferedReader = new BufferedReader( new InputStreamReader(
resourceInputStream ) );
+ Date lastModifiedDate = new Date( resourceInfo.getLastModified() );
+ ssiProcessor.process( bufferedReader, lastModifiedDate, printWriter );
if ( buffered ) {
- printWriter.flush();
- String text = stringWriter.toString();
+ printWriter.flush();
+ String text = stringWriter.toString();
res.getWriter().write( text );
- }
+ }
}
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
