Package org.eclipse.jetty.server

Class AllowedResourceAliasChecker

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.server.AllowedResourceAliasChecker
All Implemented Interfaces:
AliasCheck, LifeCycle
Direct Known Subclasses:
SymlinkAllowedResourceAliasChecker
public class AllowedResourceAliasChecker extends AbstractLifeCycle implements AliasCheck

This will approve any alias to anything inside of the ContextHandlers resource base which is not protected by a protected target as defined by the ContextHandler protected targets at start.

Aliases approved by this may still be able to bypass SecurityConstraints, so this class would need to be extended to enforce any additional security constraints that are required.

  • Field Details

    • _baseResource

      protected Resource _baseResource

    • _base

      @Deprecated protected Path _base
      Deprecated.

  • Constructor Details

    • AllowedResourceAliasChecker

      public AllowedResourceAliasChecker(ContextHandler contextHandler)
      Parameters:
      contextHandler - the context handler to use.

    • AllowedResourceAliasChecker

      public AllowedResourceAliasChecker(ContextHandler contextHandler, Resource baseResource)

    • AllowedResourceAliasChecker

      public AllowedResourceAliasChecker(ContextHandler contextHandler, Supplier<Resource> resourceBaseSupplier)

  • Method Details

    • getContextHandler

      protected ContextHandler getContextHandler()

    • getBaseResource

      public Resource getBaseResource()

    • initialize

      protected void initialize()

    • doStart

      protected void doStart() throws Exception
      Description copied from class: AbstractLifeCycle
      Method to override to start the lifecycle
      Overrides:
      doStart in class AbstractLifeCycle
      Throws:
      AbstractLifeCycle.StopException - If thrown, the lifecycle will immediately be stopped.
      Exception - If there was a problem starting. Will cause a transition to FAILED state

    • doStop

      protected void doStop() throws Exception
      Description copied from class: AbstractLifeCycle
      Method to override to stop the lifecycle
      Overrides:
      doStop in class AbstractLifeCycle
      Throws:
      Exception - If there was a problem stopping. Will cause a transition to FAILED state

    • checkAlias

      public boolean checkAlias(String pathInContext, Resource resource)
      Description copied from interface: AliasCheck
      Check if an alias is allowed to be served. If any AliasCheck returns true then the alias will be allowed to be served, therefore any alias checker should take things like the ContextHandler.getProtectedTargets() and Security Constraints into consideration before allowing a return a value of true.
      Specified by:
      checkAlias in interface AliasCheck
      Parameters:
      pathInContext - The path the aliased resource was created for.
      resource - The aliased resourced.
      Returns:
      True if the resource is OK to be served.

    • check

      protected boolean check(String pathInContext, Path path)

    • check

      protected boolean check(String pathInContext, Resource resource)

    • isAllowed

      protected boolean isAllowed(Path path)

    • isSameFile

      @Deprecated protected boolean isSameFile(Path path1, Path path2)
      Deprecated.

    • getPath

      @Deprecated protected Path getPath(Resource resource)
      Deprecated.

    • toString

      public String toString()
      Overrides:
      toString in class AbstractLifeCycle