Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file

From: Fab Stz <fabstz-it@xxxxxxxx>
Date: Thu, 26 Jun 2025 08:07:07 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hello,

Thank you for your reply.

I tried as you said before posting here but that wasn't sufficient. I thought I missed the "The symlink must exist under your resourceBase" for it work as you suggested but although I tried various things to add /usr/share/java in the allowed dirs (as target of the symlinks which are in /usr/share/css-validator/css-validator/WEB-INF/lib/jar{1,2,3}.jar), I still can't make it work.

With your suggestion, I have this error in the logs.

java.lang.NullPointerException: Cannot invoke "java.net.URL.getProtocol()" because "url" is null
        at org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:382)
        at org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:195)

So I tried configuring this way, but it doesn't work because I'm on jetty9 (on Debian) which doesn't have a constructor for SymlinkAllowedResourceAliasChecker where one can pass the Resource.

<New id="path" class="java.io.File">
  <Arg>/usr/share/java</Arg>
</New>  
<New id="resource" class="org.eclipse.jetty.util.resource.PathResource">
  <Arg><Ref refid="path"/></Arg>
</New>

<!-- Enable symlinks -->
  <Call name="addAliasCheck">
    <Arg>
      <New class="org.eclipse.jetty.server.SymlinkAllowedResourceAliasChecker">
        <Arg>
          <Ref refid="CssValidatorContext"/>
        </Arg>
         <Arg>
          <Ref refid="resource"/>
        </Arg>
      </New>
    </Arg>
  </Call>

Then I tried this, but localhost:8080/css-validator/ listed all files of that dir instead of the displaying the webapp.

<Set name="resourceBase">/usr/share/java</Set>

Then I tried this, which also ended in 
Cannot invoke "java.net.URL.getProtocol()" because "url" is null

<Call name="setResourceAlias">
  <Arg>system-jars</Arg>
  <Arg>/usr/share/java</Arg>
</Call>

I don't really understand how to make the /usr/share/java dir accepted.

I don't think that there is an issue with the webapp because with the deprecated AllowSymLinkAliasChecker it works.

What am I doing wrong or missing?

Regards
Fab


Le jeudi 26 juin 2025, 04:08:42 CEST Lachlan Roberts a écrit :
> Hi,
> 
> See the javadoc for this class
> https://javadoc.jetty.org/jetty-12/org/eclipse/jetty/server/SymlinkAllowedRe
> sourceAliasChecker.html
> 
> It takes the ContextHandler and optional base resource (if the base
> resource is different to that of the ContextHandler).
> The symlink must exist under your resourceBase for the
> SymlinkAllowedResourceAliasChecker to approve it.
> 
> So your XML could now look something like this:
> 
> <Configure id="MyContext" class="org.eclipse.jetty.webapp.WebAppContext">
>   <Set name="contextPath">/css-validator</Set>
>   <Set name="war">/usr/share/css-validator/css-validator</Set>
> 
>   <!-- Enable symlinks -->
>   <Call name="addAliasCheck">
>     <Arg>
>       <New class="org.eclipse.jetty.server.AllowedResourceAliasChecker">
>         <Arg><Ref refid="MyContext"/></Arg>
>       <New/>
>     </Arg>
>   </Call>
> 
> </Configure>
> 
> 
> cheers,
> Lachlan
> 
> On Wed, Jun 25, 2025 at 8:37 PM Fab Stz via jetty-users <
> 
> jetty-users@xxxxxxxxxxx> wrote:
> > Hello,
> > 
> > I have a web app configuration XML file like this (because there are
> > symbolic
> > links to the jars in WEB-INF/libs), but AllowSymLinkAliasChecker [1] is
> > said
> > to be deprecated and replaced by SymlinkAllowedResourceAliasChecker.
> > 
> > However I can't manage to switch to that. Do you have an example? The
> > symbolic
> > links point to jars in /usr/share/java.
> > 
> > 
> > <Configure class="org.eclipse.jetty.webapp.WebAppContext">
> > 
> >   <Set name="contextPath">/css-validator</Set>
> >   <Set name="war">/usr/share/css-validator/css-validator</Set>
> >   
> >   <!-- Enable symlinks -->
> >   <Call name="addAliasCheck">
> >   
> >     <Arg>
> >     
> >       <New
> > 
> > class="org.eclipse.jetty.server.handler.AllowSymLinkAliasChecker" /
> > 
> >     </Arg>
> >   
> >   </Call>
> > 
> > </Configure>
> > 
> > 
> > [1] https://javadoc.jetty.org/jetty-11/org/eclipse/jetty/server/handler/
> > AllowSymLinkAliasChecker.html
> > <https://javadoc.jetty.org/jetty-11/org/eclipse/jetty/server/handler/Allow
> > SymLinkAliasChecker.html>
> > 
> > Regards
> > Fab
> > 
> > 
> > _______________________________________________
> > jetty-users mailing list
> > jetty-users@xxxxxxxxxxx
> > To unsubscribe from this list, visit
> > https://www.eclipse.org/mailman/listinfo/jetty-users

Follow-Ups:
- Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file
  - From: Lachlan Roberts

References:
- [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file
  - From: Fab Stz
- Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file
  - From: Lachlan Roberts

Prev by Date: Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file
Next by Date: Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file
Previous by thread: Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file
Next by thread: Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file
Index(es):
- Date
- Thread

Breadcrumbs