From: Jules G. <jul...@us...> - 2002-08-29 21:13:30
|
User: jules_gosnell Date: 02/08/29 14:13:29 Modified: jetty/src/main/org/mortbay/http/handler Tag: Branch_3_2 ResourceHandler.java Log: Jetty-4.1.0RC3 - 28 August 2002 + Fixed security problem for suffix matching with trailing "/" + addWebApplications encodes paths to allow for spaces in file names. + Improved handling of PUT,DELETE & MOVE. + Improved handling of path encoding in Resources for bad JVMs + Added buffering to request log + Created and integrated the Jetty Launcher + Made Resource canonicalize it's base path for directories + Allow WebApplicationHandler to be used with other handlers. + Added defaults descriptor to addWebApplications. + Allow FORM auth pages to be within security constraint. Revision Changes Path No revision No revision 1.15.2.2 +57 -32 contrib/jetty/src/main/org/mortbay/http/handler/ResourceHandler.java Index: ResourceHandler.java =================================================================== RCS file: /cvsroot/jboss/contrib/jetty/src/main/org/mortbay/http/handler/ResourceHandler.java,v retrieving revision 1.15.2.1 retrieving revision 1.15.2.2 diff -u -r1.15.2.1 -r1.15.2.2 --- ResourceHandler.java 24 Aug 2002 18:53:38 -0000 1.15.2.1 +++ ResourceHandler.java 29 Aug 2002 21:13:29 -0000 1.15.2.2 @@ -1,6 +1,6 @@ // =========================================================================== // Copyright (c) 1996-2002 Mort Bay Consulting Pty. Ltd. All rights reserved. -// $Id: ResourceHandler.java,v 1.15.2.1 2002/08/24 18:53:38 jules_gosnell Exp $ +// $Id: ResourceHandler.java,v 1.15.2.2 2002/08/29 21:13:29 jules_gosnell Exp $ // --------------------------------------------------------------------------- package org.mortbay.http.handler; @@ -46,7 +46,7 @@ * A simple memory cache is also provided to reduce file I/O. * HTTP/1.1 ranges are supported. * - * @version $Id: ResourceHandler.java,v 1.15.2.1 2002/08/24 18:53:38 jules_gosnell Exp $ + * @version $Id: ResourceHandler.java,v 1.15.2.2 2002/08/29 21:13:29 jules_gosnell Exp $ * @author Nuno Preguiça * @author Greg Wilkins */ @@ -147,7 +147,6 @@ HttpResponse response) throws HttpException, IOException { - boolean endsWithSlash= pathInContext.endsWith("/"); Resource resource = getHttpContext().getResource(pathInContext); if (resource==null) @@ -177,7 +176,7 @@ if (method.equals(HttpRequest.__GET) || method.equals(HttpRequest.__POST) || method.equals(HttpRequest.__HEAD)) - handleGet(request, response, pathInContext, pathParams, resource, endsWithSlash); + handleGet(request, response, pathInContext, pathParams, resource); else if (method.equals(HttpRequest.__PUT)) handlePut(request, response, pathInContext, resource); else if (method.equals(HttpRequest.__DELETE)) @@ -215,18 +214,17 @@ HttpResponse response, String pathInContext, String pathParams, - Resource resource, - boolean endsWithSlash) + Resource resource) throws IOException { Code.debug("Looking for ",resource); - + if (resource!=null && resource.exists()) { // check if directory if (resource.isDirectory()) { - if (!endsWithSlash && !pathInContext.equals("/")) + if (!pathInContext.endsWith("/") && !pathInContext.equals("/")) { Code.debug("Redirect to directory/"); @@ -238,7 +236,8 @@ buf.append(q); } response.setField(HttpFields.__Location, URI.addPaths(buf.toString(),"/")); - response.sendError(302); + response.setStatus(302); + request.setHandled(true); return; } @@ -301,7 +300,8 @@ { if (resource.lastModified() <= date) { - response.sendError(response.__304_Not_Modified); + response.setStatus(response.__304_Not_Modified); + request.setHandled(true); return false; } } @@ -325,27 +325,50 @@ !passConditionalHeaders(request,response,resource)) return; - try + if (pathInContext.endsWith("/")) { - int toRead = request.getContentLength(); - InputStream in = request.getInputStream(); - OutputStream out = resource.getOutputStream(); - if (toRead>=0) - IO.copy(in,out,toRead); + if (!exists) + { + if (!resource.getFile().mkdirs()) + response.sendError(response.__403_Forbidden, "Directories could not be created"); + else + { + request.setHandled(true); + response.setStatus(HttpResponse.__201_Created); + response.commit(); + } + } else - IO.copy(in,out); - out.close(); - request.setHandled(true); - response.setStatus(exists - ?HttpResponse.__200_OK - :HttpResponse.__201_Created); - response.commit(); - } - catch (Exception ex) - { - Code.warning(ex); - response.sendError(response.__403_Forbidden, - ex.getMessage()); + { + request.setHandled(true); + response.setStatus(HttpResponse.__200_OK); + response.commit(); + } + } + else + { + try + { + int toRead = request.getContentLength(); + InputStream in = request.getInputStream(); + OutputStream out = resource.getOutputStream(); + if (toRead>=0) + IO.copy(in,out,toRead); + else + IO.copy(in,out); + out.close(); + request.setHandled(true); + response.setStatus(exists + ?HttpResponse.__200_OK + :HttpResponse.__201_Created); + response.commit(); + } + catch (Exception ex) + { + Code.warning(ex); + response.sendError(response.__403_Forbidden, + ex.getMessage()); + } } } @@ -365,11 +388,13 @@ try { // delete the file - resource.delete(); + if (resource.delete()) + response.setStatus(HttpResponse.__204_No_Content); + else + response.sendError(HttpResponse.__403_Forbidden); // Send response request.setHandled(true); - response.sendError(response.__204_No_Content); } catch (SecurityException sex) { @@ -419,8 +444,8 @@ Code.debug("Moving "+resource+" to "+newFile); resource.renameTo(newFile); + response.setStatus(response.__204_No_Content); request.setHandled(true); - response.sendError(response.__204_No_Content); } catch (Exception ex) { |