Module org.eclipse.jetty.server
Package org.eclipse.jetty.server

Class AllowedResourceAliasChecker

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.server.AllowedResourceAliasChecker
All Implemented Interfaces:
AliasCheck, org.eclipse.jetty.util.component.LifeCycle
Direct Known Subclasses:
SymlinkAllowedResourceAliasChecker
public class AllowedResourceAliasChecker extends org.eclipse.jetty.util.component.AbstractLifeCycle implements AliasCheck

This will approve any alias to anything inside of the ContextHandlers resource base which is not protected by a protected target as defined by the ContextHandler protected targets at start.

Aliases approved by this may still be able to bypass SecurityConstraints, so this class would need to be extended to enforce any additional security constraints that are required.

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

    org.eclipse.jetty.util.component.LifeCycle.Listener

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected Path
    _base
    Deprecated.
    protected org.eclipse.jetty.util.resource.Resource
    _baseResource
     
    protected static final LinkOption[]
    FOLLOW_LINKS
     
    protected static final LinkOption[]
    NO_FOLLOW_LINKS
     

    Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    FAILED, STARTED, STARTING, STOPPED, STOPPING

  • Constructor Summary

    Constructors
    Constructor
    Description
    AllowedResourceAliasChecker(ContextHandler contextHandler)
     
    AllowedResourceAliasChecker(ContextHandler contextHandler, Supplier<org.eclipse.jetty.util.resource.Resource> resourceBaseSupplier)
     
    AllowedResourceAliasChecker(ContextHandler contextHandler, org.eclipse.jetty.util.resource.Resource baseResource)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected boolean
    check(String pathInContext, Path path)
     
    protected boolean
    check(String pathInContext, org.eclipse.jetty.util.resource.Resource resource)
     
    boolean
    checkAlias(String pathInContext, org.eclipse.jetty.util.resource.Resource resource)
    Check if an alias is allowed to be served.
    protected void
    doStart()
     
    protected void
    doStop()
     
    protected ContextHandler
    getContextHandler()
     
    protected Path
    getPath(org.eclipse.jetty.util.resource.Resource resource)
    Deprecated.
    protected void
    initialize()
     
    protected boolean
    isAllowed(Path path)
     
    protected boolean
    isSameFile(Path path1, Path path2)
    Deprecated.
    String
    toString()
     

    Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    addEventListener, getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, setEventListeners, start, stop

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Field Details

    • _baseResource

      protected org.eclipse.jetty.util.resource.Resource _baseResource

    • _base

      @Deprecated protected Path _base
      Deprecated.

  • Constructor Details

    • AllowedResourceAliasChecker

      public AllowedResourceAliasChecker(ContextHandler contextHandler)
      Parameters:
      contextHandler - the context handler to use.

    • AllowedResourceAliasChecker

      public AllowedResourceAliasChecker(ContextHandler contextHandler, org.eclipse.jetty.util.resource.Resource baseResource)

    • AllowedResourceAliasChecker

      public AllowedResourceAliasChecker(ContextHandler contextHandler, Supplier<org.eclipse.jetty.util.resource.Resource> resourceBaseSupplier)

  • Method Details

    • getContextHandler

      protected ContextHandler getContextHandler()

    • initialize

      protected void initialize()

    • doStart

      protected void doStart() throws Exception
      Overrides:
      doStart in class org.eclipse.jetty.util.component.AbstractLifeCycle
      Throws:
      Exception

    • doStop

      protected void doStop() throws Exception
      Overrides:
      doStop in class org.eclipse.jetty.util.component.AbstractLifeCycle
      Throws:
      Exception

    • checkAlias

      public boolean checkAlias(String pathInContext, org.eclipse.jetty.util.resource.Resource resource)
      Description copied from interface: AliasCheck
      Check if an alias is allowed to be served. If any AliasCheck returns true then the alias will be allowed to be served, therefore any alias checker should take things like the ContextHandler.getProtectedTargets() and Security Constraints into consideration before allowing a return a value of true.
      Specified by:
      checkAlias in interface AliasCheck
      Parameters:
      pathInContext - The path the aliased resource was created for.
      resource - The aliased resourced.
      Returns:
      True if the resource is OK to be served.

    • check

      protected boolean check(String pathInContext, Path path)

    • check

      protected boolean check(String pathInContext, org.eclipse.jetty.util.resource.Resource resource)

    • isAllowed

      protected boolean isAllowed(Path path)

    • isSameFile

      @Deprecated protected boolean isSameFile(Path path1, Path path2)
      Deprecated.

    • getPath

      @Deprecated protected Path getPath(org.eclipse.jetty.util.resource.Resource resource)
      Deprecated.

    • toString

      public String toString()
      Overrides:
      toString in class org.eclipse.jetty.util.component.AbstractLifeCycle