amyroh 2002/09/11 17:37:56 Modified: catalina/src/share/org/apache/catalina/core StandardContextValve.java catalina/src/share/org/apache/catalina/ssi SSIServlet.java Log: Servlet spec SRV 9.6 states : "any request to access the resources in META-INF directory must be returned with a SC_FORBIDDEN(403) response". The current tomcat was returning 404 instead. Fixes bugzilla 12462. Revision Changes Path 1.2 +25 -5 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContextValve.java Index: StandardContextValve.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- StandardContextValve.java 18 Jul 2002 16:48:12 -0000 1.1 +++ StandardContextValve.java 12 Sep 2002 00:37:56 -0000 1.2 @@ -165,7 +165,7 @@ relativeURI.equals("/WEB-INF") || relativeURI.startsWith("/META-INF/") || relativeURI.startsWith("/WEB-INF/")) { - notFound(requestURI, (HttpServletResponse) response.getResponse()); + forbidden(requestURI, (HttpServletResponse) response.getResponse()); return; } @@ -216,6 +216,26 @@ } } + + + /** + * Report a "forbidden" error for the specified resource. + * + * @param requestURI The request URI for the requested resource + * @param response The response we are creating + */ + private void forbidden(String requestURI, HttpServletResponse response) { + + try { + response.sendError(HttpServletResponse.SC_FORBIDDEN, requestURI); + } catch (IllegalStateException e) { + ; + } catch (IOException e) { + ; + } + + } + /** * Report a "not found" error for the specified resource. FIXME: We 1.2 +25 -25 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServlet.java Index: SSIServlet.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServlet.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- SSIServlet.java 18 Jul 2002 16:47:50 -0000 1.1 +++ SSIServlet.java 12 Sep 2002 00:37:56 -0000 1.2 @@ -216,15 +216,15 @@ path.toUpperCase().startsWith("/WEB-INF") || path.toUpperCase().startsWith("/META-INF") ) { - res.sendError(res.SC_NOT_FOUND, path); - log( "Can't serve file: " + path ); + res.sendError(res.SC_FORBIDDEN, path); + log( "Can't serve file: " + path ); return; } - - URL resource = servletContext.getResource(path); + + URL resource = servletContext.getResource(path); if (resource==null) { res.sendError(res.SC_NOT_FOUND, path); - log( "Can't find file: " + path ); + log( "Can't find file: " + path ); return; } @@ -235,36 +235,36 @@ new java.util.Date()).getTime() + expires.longValue() * 1000); } - processSSI( req, res, resource ); + processSSI( req, res, resource ); } protected void processSSI( HttpServletRequest req, - HttpServletResponse res, - URL resource ) throws IOException { - SSIExternalResolver ssiExternalResolver = new SSIServletExternalResolver( this, req, res, - isVirtualWebappRelative, - debug ); - SSIProcessor ssiProcessor = new SSIProcessor( ssiExternalResolver, debug ); + HttpServletResponse res, + URL resource ) throws IOException { + SSIExternalResolver ssiExternalResolver = new SSIServletExternalResolver( this, req, res, + isVirtualWebappRelative, + debug ); + SSIProcessor ssiProcessor = new SSIProcessor( ssiExternalResolver, debug ); PrintWriter printWriter = null; - StringWriter stringWriter = null; + StringWriter stringWriter = null; if (buffered) { - stringWriter = new StringWriter(); + stringWriter = new StringWriter(); printWriter = new PrintWriter( stringWriter ); } else { printWriter = res.getWriter(); - } + } URLConnection resourceInfo = resource.openConnection(); InputStream resourceInputStream = resourceInfo.getInputStream(); - BufferedReader bufferedReader = new BufferedReader( new InputStreamReader( resourceInputStream ) ); - Date lastModifiedDate = new Date( resourceInfo.getLastModified() ); - ssiProcessor.process( bufferedReader, lastModifiedDate, printWriter ); + BufferedReader bufferedReader = new BufferedReader( new InputStreamReader( resourceInputStream ) ); + Date lastModifiedDate = new Date( resourceInfo.getLastModified() ); + ssiProcessor.process( bufferedReader, lastModifiedDate, printWriter ); if ( buffered ) { - printWriter.flush(); - String text = stringWriter.toString(); + printWriter.flush(); + String text = stringWriter.toString(); res.getWriter().write( text ); - } + } } }
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>