io.undertow.util.CanonicalPathUtils Java Examples

The following examples show how to use io.undertow.util.CanonicalPathUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpServletResponseImpl.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Override
public void sendRedirect(final String location) throws IOException {
    if (responseStarted()) {
        throw UndertowServletMessages.MESSAGES.responseAlreadyCommited();
    }
    resetBuffer();
    setStatus(StatusCodes.FOUND);
    String realPath;
    if (isAbsoluteUrl(location)) {//absolute url
        exchange.setResponseHeader(HttpHeaderNames.LOCATION, location);
    } else {
        if (location.startsWith("/")) {
            realPath = location;
        } else {
            String current = exchange.getRelativePath();
            int lastSlash = current.lastIndexOf("/");
            if (lastSlash != -1) {
                current = current.substring(0, lastSlash + 1);
            }
            realPath = CanonicalPathUtils.canonicalize(servletContext.getContextPath() + current + location);
        }
        String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + realPath;
        exchange.setResponseHeader(HttpHeaderNames.LOCATION, loc);
    }
    responseDone();
}
 
Example #2
Source File: DefaultServlet.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
private String getPath(final HttpServletRequest request) {
    String servletPath;
    String pathInfo;

    if (request.getDispatcherType() == DispatcherType.INCLUDE && request.getAttribute(RequestDispatcher.INCLUDE_REQUEST_URI) != null) {
        pathInfo = (String) request.getAttribute(RequestDispatcher.INCLUDE_PATH_INFO);
        servletPath = (String) request.getAttribute(RequestDispatcher.INCLUDE_SERVLET_PATH);
    } else {
        pathInfo = request.getPathInfo();
        servletPath = request.getServletPath();
    }
    String result = pathInfo;
    if (result == null) {
        result = CanonicalPathUtils.canonicalize(servletPath);
    } else if (resolveAgainstContextRoot) {
        result = servletPath + CanonicalPathUtils.canonicalize(pathInfo);
    } else {
        result = CanonicalPathUtils.canonicalize(result);
    }
    if ((result == null) || (result.isEmpty())) {
        result = "/";
    }
    return result;

}
 
Example #3
Source File: HttpServletResponseImpl.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
public void sendRedirect(final String location) throws IOException {
    if (responseStarted()) {
        throw UndertowServletMessages.MESSAGES.responseAlreadyCommited();
    }
    resetBuffer();
    setStatus(StatusCodes.FOUND);
    String realPath;
    if (isAbsoluteUrl(location)) {//absolute url
        exchange.getResponseHeaders().put(Headers.LOCATION, location);
    } else {
        if (location.startsWith("/")) {
            realPath = location;
        } else {
            String current = exchange.getRelativePath();
            int lastSlash = current.lastIndexOf("/");
            if (lastSlash != -1) {
                current = current.substring(0, lastSlash + 1);
            }
            realPath = CanonicalPathUtils.canonicalize(servletContext.getContextPath() + current + location);
        }
        String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + realPath;
        exchange.getResponseHeaders().put(Headers.LOCATION, loc);
    }
    responseDone();
}
 
Example #4
Source File: DefaultServlet.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
private String getPath(final HttpServletRequest request) {
    String servletPath;
    String pathInfo;

    if (request.getDispatcherType() == DispatcherType.INCLUDE && request.getAttribute(RequestDispatcher.INCLUDE_REQUEST_URI) != null) {
        pathInfo = (String) request.getAttribute(RequestDispatcher.INCLUDE_PATH_INFO);
        servletPath = (String) request.getAttribute(RequestDispatcher.INCLUDE_SERVLET_PATH);
    } else {
        pathInfo = request.getPathInfo();
        servletPath = request.getServletPath();
    }
    String result = pathInfo;
    if (result == null) {
        result = CanonicalPathUtils.canonicalize(servletPath);
    } else if(resolveAgainstContextRoot) {
        result = servletPath + CanonicalPathUtils.canonicalize(pathInfo);
    } else {
        result = CanonicalPathUtils.canonicalize(result);
    }
    if ((result == null) || (result.isEmpty())) {
        result = "/";
    }
    return result;

}
 
Example #5
Source File: ServletContextImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public String getRealPath(final String path) {
    if (path == null) {
        return null;
    }
    String canonicalPath = CanonicalPathUtils.canonicalize(path);
    Resource resource;
    try {
        resource = deploymentInfo.getResourceManager().getResource(canonicalPath);

        if (resource == null) {
            //UNDERTOW-373 even though the resource does not exist we still need to return a path
            Resource deploymentRoot = deploymentInfo.getResourceManager().getResource("/");
            if(deploymentRoot == null) {
                return null;
            }
            Path root = deploymentRoot.getFilePath();
            if(root == null) {
                return null;
            }
            if(!canonicalPath.startsWith("/")) {
                canonicalPath = "/" + canonicalPath;
            }
            if(File.separatorChar != '/') {
                canonicalPath = canonicalPath.replace('/', File.separatorChar);
            }
            return root.toAbsolutePath().toString() + canonicalPath;
        }
    } catch (IOException e) {
        return null;
    }
    Path file = resource.getFilePath();
    if (file == null) {
        return null;
    }
    return file.toAbsolutePath().toString();
}
 
Example #6
Source File: HttpServletRequestImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public RequestDispatcher getRequestDispatcher(final String path) {
    String realPath;
    if (path.startsWith("/")) {
        realPath = path;
    } else {
        String current = exchange.getRelativePath();
        int lastSlash = current.lastIndexOf("/");
        if (lastSlash != -1) {
            current = current.substring(0, lastSlash + 1);
        }
        realPath = CanonicalPathUtils.canonicalize(current + path);
    }
    return new RequestDispatcherImpl(realPath, servletContext);
}
 
Example #7
Source File: ServletContextImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public String getRealPath(final String path) {
    if (path == null) {
        return null;
    }
    String canonicalPath = CanonicalPathUtils.canonicalize(path);
    Resource resource;
    try {
        resource = deploymentInfo.getResourceManager().getResource(canonicalPath);

        if (resource == null) {
            //UNDERTOW-373 even though the resource does not exist we still need to return a path
            Resource deploymentRoot = deploymentInfo.getResourceManager().getResource("/");
            if(deploymentRoot == null) {
                return null;
            }
            Path root = deploymentRoot.getFilePath();
            if(root == null) {
                return null;
            }
            if(!canonicalPath.startsWith("/")) {
                canonicalPath = "/" + canonicalPath;
            }
            if(File.separatorChar != '/') {
                canonicalPath = canonicalPath.replace('/', File.separatorChar);
            }
            return root.toAbsolutePath().toString() + canonicalPath;
        }
    } catch (IOException e) {
        return null;
    }
    Path file = resource.getFilePath();
    if (file == null) {
        return null;
    }
    return file.toAbsolutePath().toString();
}
 
Example #8
Source File: HttpServletRequestImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public RequestDispatcher getRequestDispatcher(final String path) {
    String realPath;
    if (path.startsWith("/")) {
        realPath = path;
    } else {
        String current = exchange.getRelativePath();
        int lastSlash = current.lastIndexOf("/");
        if (lastSlash != -1) {
            current = current.substring(0, lastSlash + 1);
        }
        realPath = CanonicalPathUtils.canonicalize(current + path);
    }
    return new RequestDispatcherImpl(realPath, servletContext);
}
 
Example #9
Source File: DefaultServlet.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
    String path = getPath(req);
    if (!isAllowed(path, req.getDispatcherType())) {
        resp.sendError(StatusCodes.NOT_FOUND);
        return;
    }
    if (File.separatorChar != '/') {
        //if the separator char is not / we want to replace it with a / and canonicalise
        path = CanonicalPathUtils.canonicalize(path.replace(File.separatorChar, '/'));
    }

    HttpServerExchange exchange = SecurityActions.requireCurrentServletRequestContext().getOriginalRequest().getExchange();
    final Resource resource;
    //we want to disallow windows characters in the path
    if (File.separatorChar == '/' || !path.contains(File.separator)) {
        resource = resourceSupplier.getResource(exchange, path);
    } else {
        resource = null;
    }

    if (resource == null) {
        if (req.getDispatcherType() == DispatcherType.INCLUDE) {
            //servlet 9.3
            throw new FileNotFoundException(path);
        } else {
            resp.sendError(StatusCodes.NOT_FOUND);
        }
        return;
    } else if (resource.isDirectory()) {
        if ("css".equals(req.getQueryString())) {
            resp.setContentType("text/css");
            resp.getWriter().write(DirectoryUtils.Blobs.FILE_CSS);
            return;
        } else if ("js".equals(req.getQueryString())) {
            resp.setContentType("application/javascript");
            resp.getWriter().write(DirectoryUtils.Blobs.FILE_JS);
            return;
        }
        if (directoryListingEnabled) {
            StringBuilder output = DirectoryUtils.renderDirectoryListing(req.getRequestURI(), resource);
            resp.getWriter().write(output.toString());
        } else {
            resp.sendError(StatusCodes.FORBIDDEN);
        }
    } else {
        if (path.endsWith("/")) {
            //UNDERTOW-432
            resp.sendError(StatusCodes.NOT_FOUND);
            return;
        }
        serveFileBlocking(req, resp, resource, exchange);
    }
}
 
Example #10
Source File: ResourceHandler.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
private String canonicalize(String s) {
    if (canonicalizePaths) {
        return CanonicalPathUtils.canonicalize(s);
    }
    return s;
}
 
Example #11
Source File: CanonicalPathHandler.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    exchange.setRelativePath(CanonicalPathUtils.canonicalize(exchange.getRelativePath()));
    next.handleRequest(exchange);
}
 
Example #12
Source File: DefaultServlet.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
    String path = getPath(req);
    if (!isAllowed(path, req.getDispatcherType())) {
        resp.sendError(StatusCodes.NOT_FOUND);
        return;
    }
    if(File.separatorChar != '/') {
        //if the separator char is not / we want to replace it with a / and canonicalise
        path = CanonicalPathUtils.canonicalize(path.replace(File.separatorChar, '/'));
    }

    HttpServerExchange exchange = SecurityActions.requireCurrentServletRequestContext().getOriginalRequest().getExchange();
    final Resource resource;
    //we want to disallow windows characters in the path
    if(File.separatorChar == '/' || !path.contains(File.separator)) {
        resource = resourceSupplier.getResource(exchange, path);
    } else {
        resource = null;
    }

    if (resource == null) {
        if (req.getDispatcherType() == DispatcherType.INCLUDE) {
            //servlet 9.3
            throw new FileNotFoundException(path);
        } else {
            resp.sendError(StatusCodes.NOT_FOUND);
        }
        return;
    } else if (resource.isDirectory()) {
        if ("css".equals(req.getQueryString())) {
            resp.setContentType("text/css");
            resp.getWriter().write(DirectoryUtils.Blobs.FILE_CSS);
            return;
        } else if ("js".equals(req.getQueryString())) {
            resp.setContentType("application/javascript");
            resp.getWriter().write(DirectoryUtils.Blobs.FILE_JS);
            return;
        }
        if (directoryListingEnabled) {
            StringBuilder output = DirectoryUtils.renderDirectoryListing(req.getRequestURI(), resource);
            resp.getWriter().write(output.toString());
        } else {
            resp.sendError(StatusCodes.FORBIDDEN);
        }
    } else {
        if(path.endsWith("/")) {
            //UNDERTOW-432
            resp.sendError(StatusCodes.NOT_FOUND);
            return;
        }
        serveFileBlocking(req, resp, resource, exchange);
    }
}
 
Example #13
Source File: ResourceHandler.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
private String canonicalize(String s) {
    if(canonicalizePaths) {
        return CanonicalPathUtils.canonicalize(s);
    }
    return s;
}
 
Example #14
Source File: CanonicalPathHandler.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    exchange.setRelativePath(CanonicalPathUtils.canonicalize(exchange.getRelativePath()));
    next.handleRequest(exchange);
}