mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Servlet context document root not found when running as exploded WAR
* Added additional search in AbstractEmbeddedServletContainerFactory.getValidDocumentRoot() to detect a /WEB-INF/ directory in the code archive * If the code archive is in /WEB-INF/** then we assume it is safe to serve content from / (exposes the loader classes but nothing sensitive from the app) [Fixes #54345578]
This commit is contained in:
parent
b65625bec3
commit
39425c81d6
@ -1,10 +0,0 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|
||||
<title>Insert title here</title>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -303,7 +303,11 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
|
||||
*/
|
||||
protected final File getValidDocumentRoot() {
|
||||
File file = getDocumentRoot();
|
||||
// If document root not explicitly set see if we are running from a war archive
|
||||
file = file != null ? file : getWarFileDocumentRoot();
|
||||
// If not a war archive maybe it is an exploded war
|
||||
file = file != null ? file : getExplodedWarFileDocumentRoot();
|
||||
// Or maybe there is a document root in a well-known location
|
||||
file = file != null ? file : getCommonDocumentRoot();
|
||||
if (file == null && this.logger.isWarnEnabled()) {
|
||||
this.logger.debug("None of the document roots "
|
||||
@ -316,12 +320,25 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
|
||||
return file;
|
||||
}
|
||||
|
||||
private File getExplodedWarFileDocumentRoot() {
|
||||
File file = getCodeSourceArchive();
|
||||
if (this.logger.isDebugEnabled()) {
|
||||
this.logger.debug("Code archive: " + file);
|
||||
}
|
||||
if (file != null && file.exists() && file.getAbsolutePath().contains("/WEB-INF/")) {
|
||||
String path = file.getAbsolutePath();
|
||||
path = path.substring(0, path.indexOf("/WEB-INF/"));
|
||||
return new File(path);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private File getArchiveFileDocumentRoot(String extension) {
|
||||
File file = getCodeSourceArchive();
|
||||
if (this.logger.isDebugEnabled()) {
|
||||
this.logger.debug("Code archive: " + file);
|
||||
}
|
||||
if (file.exists() && !file.isDirectory()
|
||||
if (file != null && file.exists() && !file.isDirectory()
|
||||
&& file.getName().toLowerCase().endsWith(extension)) {
|
||||
return file.getAbsoluteFile();
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user