Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML

[Lachlan Roberts <lachlan@xxxxxxxxxxx>]

The snippet would not work in Jetty 12 directly, because Jetty 12.0 supports EE8, EE9 and EE10. 

So that WebAppContext class does not exist anymore, you would use something like org.eclipse.jetty.ee8.webapp.WebAppContext

You should view the migration guides in the Jetty documentation for the upgrade.
https://jetty.org/docs/jetty/12/programming-guide/migration/94-to-10.html
https://jetty.org/docs/jetty/12/programming-guide/migration/11-to-12.html

On Thu, Jun 26, 2025 at 4:37 PM Fab Stz <fabstz-it@xxxxxxxx> wrote:

Le jeudi 26 juin 2025 08:26:22 CEST, vous avez écrit :
> Jetty 9 is EOL, you should upgrade to 12.0
> see https://github.com/jetty/jetty.project/issues/7958

Debian stable (bookworm) ships jetty9, so upgrading will be difficult.
Debian testing (trixie) has (jetty9 and) jetty12, but it doesn't startup, maybe because of packaging issues.

Should I understand that you snippet will work fine with jetty12 and that the cause of my issues is jetty9?

> > I don't think that there is an issue with the webapp because with the
> deprecated AllowSymLinkAliasChecker it works.
>
> I would not recommend using AllowSymLinkAliasChecker, it has some security
> issues.
> These issues have been fixed in the SymlinkAllowedResourceAliasChecker.

It look like I don't have choice and have to stick to the deprecated alternative since I can't make SymlinkAllowedResourceAliasChecker work with jetty9.

Regards