Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Examples for SymlinkAllowedResourceAliasChecker in XML config file 
I installed jetty12 locally to check it and still it fails. XML and error are below.

Constructor should be fine unless I have some misunderstanding.
SymlinkAllowedResourceAliasChecker has a constructor which takes a ContextHandler and "org.eclipse.jetty.ee8.webapp.WebAppContext" extends it (through org.eclipse.jetty.ee8.servlet.ServletContextHandler).
Actually it extends org.eclipse.jetty.ee8.nested.ContextHandler but not org.eclipse.jetty.server.handler.ContextHandler. Maybe this is the reason, because SymlinkAllowedResourceAliasChecker wants org.eclipse.jetty.server.handler.ContextHandler

I also tried "casting" the Arf with type="org.eclipse.jetty.ee8.nested.ContextHandler" but that led to "Unknown type org.eclipse.jetty.ee8.nested.ContextHandler".
Same for casting to org.eclipse.jetty.server.handler.ContextHandler


XML:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://jetty.org/configure_10_0.dtd";>

<Configure id="CssValidatorContext" class="org.eclipse.jetty.ee8.webapp.WebAppContext">
  <Set name="contextPath">/css-validator</Set>
  <Set name="war">/run/schroot/mount/dev/usr/share/css-validator/css-validator</Set>

  <!-- Enable symlinks -->
  <Call name="addAliasCheck">
    <Arg>
      <New class="org.eclipse.jetty.server.SymlinkAllowedResourceAliasChecker">
        <Arg><Ref refid="CssValidatorContext"/></Arg>
      </New>
    </Arg>
  </Call>

</Configure>

Log:

2025-06-26 22:09:43.837:INFO :oejs.Server:main: jetty-12.0.22; built: 2025-06-02T15:25:31.946Z; git: 335c9ab44a5591f0ea941bf350e139b8c4f5537c; jvm 17.0.15+6-Debian-1deb12u1
2025-06-26 22:09:43.858:INFO :oejdp.ScanningAppProvider:main: Deployment monitor ee10 in [file:///mnt/packages/downloads/jetty-base/webapps/] at intervals 0s
2025-06-26 22:09:43.867:INFO :oejdp.ScanningAppProvider:main: Deployment monitor ee8 in [file:///mnt/packages/downloads/jetty-base/webapps/] at intervals 0s
2025-06-26 22:09:43.868:INFO :oejd.DeploymentManager:main: addApp: App@fa36558[ee8,null,/mnt/packages/downloads/jetty-base/webapps/css-validator.xml]
2025-06-26 22:09:43.924:WARN :oejx.XmlConfiguration:main: Config error java.lang.IllegalStateException: No suitable constructor: <New class="org.eclipse.jetty.server.SymlinkAllowedResourceAliasChecker"><Arg><Ref refid="CssValidatorContext"/></Arg></New> on oeje8w.WebAppContext@58d75e99{css-validator,/css-validator,null,false}{/run/schroot/mount/dev/usr/share/css-validator/css-validator} at <Call name="addAliasCheck"><Arg>|      <New class="org.eclipse.jetty.server.SymlinkAllowedResourceAliasChecker"><Arg><Ref refid="CssValidatorContext"/></Arg></New>|    </Arg></Call> in file:///mnt/packages/downloads/jetty-base/webapps/css-validator.xml


Enabled Modules:
----------------
  0) resources                 transitive provider of resources for logging-jetty
  1) logging/slf4j             transitive provider of logging/slf4j for logging-jetty
                               dynamic dependency of logging-jetty
  2) logging-jetty             transitive provider of logging for threadpool
                               transitive provider of logging for bytebufferpool
                               transitive provider of logging for server
  3) bytebufferpool            transitive provider of bytebufferpool for server
                               ini template available with --add-modules=bytebufferpool
  4) threadpool                transitive provider of threadpool for server
                               ini template available with --add-modules=threadpool
  5) server                    ${jetty.base}/start.d/server.ini
  6) deploy                    transitive provider of deploy for ee8-deploy
                               transitive provider of deploy for ee10-deploy
  7) sessions                  transitive provider of sessions for ee10-servlet
                               transitive provider of sessions for ee8-servlet
                               ini template available with --add-modules=sessions
  8) ee10-servlet              transitive provider of ee10-servlet for ee10-webapp
  9) security                  transitive provider of security for ee10-security
                               transitive provider of security for ee8-security
 10) ee10-security             transitive provider of ee10-security for ee10-webapp
 11) ee-webapp                 ${jetty.base}/start.d/ee-webapp.ini
 12) ee10-webapp               transitive provider of ee10-webapp for ee10-deploy
                               ini template available with --add-modules=ee10-webapp
 13) ee10-deploy               ${jetty.base}/start.d/ee10-deploy.ini
 14) ee8-servlet               ${jetty.base}/start.d/ee8-servlet.ini
 15) ee8-security              transitive provider of ee8-security for ee8-webapp
 16) ee8-webapp                transitive provider of ee8-webapp for ee8-deploy
                               ini template available with --add-modules=ee8-webapp
 17) ee8-deploy                ${jetty.base}/start.d/ee8-deploy.ini
 18) http                      ${jetty.base}/start.d/http.ini


Last trial was to completely get rid of addAliasCheck subtree, and actually the webapp worked with the symlinks to the jars...

Still, I don't understand why it says "No suitable constructor"


Le jeudi 26 juin 2025, 08:57:49 CEST Lachlan Roberts a écrit :
> The snippet would not work in Jetty 12 directly, because Jetty 12.0
> supports EE8, EE9 and EE10.
> So that WebAppContext class does not exist anymore, you would use something
> like org.eclipse.jetty.ee8.webapp.WebAppContext
> 
> You should view the migration guides in the Jetty documentation for the
> upgrade.
> https://jetty.org/docs/jetty/12/programming-guide/migration/94-to-10.html
> https://jetty.org/docs/jetty/12/programming-guide/migration/11-to-12.html
> 
> On Thu, Jun 26, 2025 at 4:37 PM Fab Stz <fabstz-it@xxxxxxxx> wrote:
> 
> > Le jeudi 26 juin 2025 08:26:22 CEST, vous avez écrit :
> > > Jetty 9 is EOL, you should upgrade to 12.0
> > > see https://github.com/jetty/jetty.project/issues/7958
> >
> > Debian stable (bookworm) ships jetty9, so upgrading will be difficult.
> > Debian testing (trixie) has (jetty9 and) jetty12, but it doesn't startup,
> > maybe because of packaging issues.
> >
> > Should I understand that you snippet will work fine with jetty12 and that
> > the cause of my issues is jetty9?
> >
> > > > I don't think that there is an issue with the webapp because with the
> > > deprecated AllowSymLinkAliasChecker it works.
> > >
> > > I would not recommend using AllowSymLinkAliasChecker, it has some
> > security
> > > issues.
> > > These issues have been fixed in the SymlinkAllowedResourceAliasChecker.
> >
> > It look like I don't have choice and have to stick to the deprecated
> > alternative since I can't make SymlinkAllowedResourceAliasChecker work with
> > jetty9.
> >
> > Regards
> >
> >
> >
>

Back to the top