Package org.eclipse.jetty.server

Class AllowedResourceAliasChecker

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.server.AllowedResourceAliasChecker

All Implemented Interfaces:

ContextHandler.AliasCheck, LifeCycle

Direct Known Subclasses:

SymlinkAllowedResourceAliasChecker

public class AllowedResourceAliasChecker
extends AbstractLifeCycle
implements ContextHandler.AliasCheck

This will approve any alias to anything inside of the ContextHandlers resource base which is not protected by a protected target as defined by ContextHandler.getProtectedTargets() at start.

Aliases approved by this may still be able to bypass SecurityConstraints, so this class would need to be extended to enforce any additional security constraints that are required.

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

LifeCycle.Listener

Field Summary

Fields

Modifier and Type	Field	Description
protected Path	_base
protected static final LinkOption[]	FOLLOW_LINKS
protected static final LinkOption[]	NO_FOLLOW_LINKS

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, STARTED, STARTING, STOPPED, STOPPING

Constructor Summary

Constructors

Constructor	Description
AllowedResourceAliasChecker(ContextHandler contextHandler)
AllowedResourceAliasChecker(ContextHandler contextHandler, Supplier<Resource> resourceBaseSupplier)
AllowedResourceAliasChecker(ContextHandler contextHandler, Resource baseResource)

Method Summary

Modifier and Type	Method	Description
protected boolean	check(String pathInContext, Path path)
boolean	check(String pathInContext, Resource resource)	Check an alias
protected void	doStart()	Method to override to start the lifecycle
protected void	doStop()	Method to override to stop the lifecycle
protected ContextHandler	getContextHandler()
protected Path	getPath(Resource resource)
protected void	initialize()
protected boolean	isAllowed(Path path)
protected boolean	isSameFile(Path path1, Path path2)
String	toString()

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

addEventListener, getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, setEventListeners, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

FOLLOW_LINKS

protected static final LinkOption[] FOLLOW_LINKS

NO_FOLLOW_LINKS

protected static final LinkOption[] NO_FOLLOW_LINKS

_base

protected Path _base

Constructor Details

AllowedResourceAliasChecker

public AllowedResourceAliasChecker(ContextHandler contextHandler)

Parameters:

contextHandler - the context handler to use.

AllowedResourceAliasChecker

public AllowedResourceAliasChecker(ContextHandler contextHandler,
 Resource baseResource)

AllowedResourceAliasChecker

public AllowedResourceAliasChecker(ContextHandler contextHandler,
 Supplier<Resource> resourceBaseSupplier)

Method Details

getContextHandler

protected ContextHandler getContextHandler()

initialize

protected void initialize()

doStart

protected void doStart()
                throws Exception

Description copied from class: AbstractLifeCycle

Method to override to start the lifecycle

Overrides:

doStart in class AbstractLifeCycle

Throws:

AbstractLifeCycle.StopException - If thrown, the lifecycle will immediately be stopped.

Exception - If there was a problem starting. Will cause a transition to FAILED state

doStop

protected void doStop()
               throws Exception

Description copied from class: AbstractLifeCycle

Method to override to stop the lifecycle

Overrides:

doStop in class AbstractLifeCycle

Throws:

Exception - If there was a problem stopping. Will cause a transition to FAILED state

check

public boolean check(String pathInContext,
 Resource resource)

Description copied from interface: ContextHandler.AliasCheck

Check an alias

Specified by:

check in interface ContextHandler.AliasCheck

Parameters:

pathInContext - The path the aliased resource was created for

resource - The aliased resourced

Returns:

True if the resource is OK to be served.

check

protected boolean check(String pathInContext,
 Path path)

isAllowed

protected boolean isAllowed(Path path)

isSameFile

protected boolean isSameFile(Path path1,
 Path path2)

getPath

protected Path getPath(Resource resource)

toString

public String toString()

Overrides:

toString in class AbstractLifeCycle