Module org.eclipse.jetty.server

Package org.eclipse.jetty.server

Class AllowedResourceAliasChecker

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.server.AllowedResourceAliasChecker

All Implemented Interfaces:

AliasCheck, org.eclipse.jetty.util.component.LifeCycle

Direct Known Subclasses:

SymlinkAllowedResourceAliasChecker

public class AllowedResourceAliasChecker
extends org.eclipse.jetty.util.component.AbstractLifeCycle
implements AliasCheck

This will approve any alias to anything inside of the ContextHandlers resource base which is not protected by a protected target as defined by the ContextHandler protected targets at start.

Aliases approved by this may still be able to bypass SecurityConstraints, so this class would need to be extended to enforce any additional security constraints that are required.

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

org.eclipse.jetty.util.component.LifeCycle.Listener

Field Summary

Fields

Modifier and Type	Field	Description
protected Path	_base	Deprecated.
protected org.eclipse.jetty.util.resource.Resource	_baseResource
protected static final LinkOption[]	FOLLOW_LINKS
protected static final LinkOption[]	NO_FOLLOW_LINKS

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, STARTED, STARTING, STOPPED, STOPPING

Constructor Summary

Constructors

Constructor	Description
AllowedResourceAliasChecker(ContextHandler contextHandler)
AllowedResourceAliasChecker(ContextHandler contextHandler, Supplier<org.eclipse.jetty.util.resource.Resource> resourceBaseSupplier)
AllowedResourceAliasChecker(ContextHandler contextHandler, org.eclipse.jetty.util.resource.Resource baseResource)

Method Summary

Modifier and Type	Method	Description
protected boolean	check(String pathInContext, Path path)
protected boolean	check(String pathInContext, org.eclipse.jetty.util.resource.Resource resource)
boolean	checkAlias(String pathInContext, org.eclipse.jetty.util.resource.Resource resource)	Check if an alias is allowed to be served.
protected void	doStart()
protected void	doStop()
org.eclipse.jetty.util.resource.Resource	getBaseResource()
protected ContextHandler	getContextHandler()
protected Path	getPath(org.eclipse.jetty.util.resource.Resource resource)	Deprecated.
protected void	initialize()
protected boolean	isAllowed(Path path)
protected boolean	isSameFile(Path path1, Path path2)	Deprecated.
String	toString()

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

addEventListener, getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, setEventListeners, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

FOLLOW_LINKS

protected static final LinkOption[] FOLLOW_LINKS

NO_FOLLOW_LINKS

protected static final LinkOption[] NO_FOLLOW_LINKS

_baseResource

protected org.eclipse.jetty.util.resource.Resource _baseResource

_base

@Deprecated
protected Path _base

Deprecated.

Constructor Details

AllowedResourceAliasChecker

public AllowedResourceAliasChecker(ContextHandler contextHandler)

Parameters:

contextHandler - the context handler to use.

AllowedResourceAliasChecker

public AllowedResourceAliasChecker(ContextHandler contextHandler,
 org.eclipse.jetty.util.resource.Resource baseResource)

AllowedResourceAliasChecker

public AllowedResourceAliasChecker(ContextHandler contextHandler,
 Supplier<org.eclipse.jetty.util.resource.Resource> resourceBaseSupplier)

Method Details

getContextHandler

protected ContextHandler getContextHandler()

getBaseResource

public org.eclipse.jetty.util.resource.Resource getBaseResource()

initialize

protected void initialize()

doStart

protected void doStart()
                throws Exception

Overrides:

doStart in class org.eclipse.jetty.util.component.AbstractLifeCycle

Throws:

Exception

doStop

protected void doStop()
               throws Exception

Overrides:

doStop in class org.eclipse.jetty.util.component.AbstractLifeCycle

Throws:

Exception

checkAlias

public boolean checkAlias(String pathInContext,
 org.eclipse.jetty.util.resource.Resource resource)

Description copied from interface: AliasCheck

Check if an alias is allowed to be served. If any AliasCheck returns true then the alias will be allowed to be served, therefore any alias checker should take things like the ContextHandler.getProtectedTargets() and Security Constraints into consideration before allowing a return a value of true.

Specified by:

checkAlias in interface AliasCheck

Parameters:

pathInContext - The path the aliased resource was created for.

resource - The aliased resourced.

Returns:

True if the resource is OK to be served.

check

protected boolean check(String pathInContext,
 Path path)

check

protected boolean check(String pathInContext,
 org.eclipse.jetty.util.resource.Resource resource)

isAllowed

protected boolean isAllowed(Path path)

isSameFile

@Deprecated
protected boolean isSameFile(Path path1,
 Path path2)

Deprecated.

getPath

@Deprecated
protected Path getPath(org.eclipse.jetty.util.resource.Resource resource)

Deprecated.

toString

public String toString()

Overrides:

toString in class org.eclipse.jetty.util.component.AbstractLifeCycle