mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Merge branch '3.2.x'
Closes gh-40996
This commit is contained in:
commit
45f09df7fe
@ -17,27 +17,18 @@
|
||||
package org.springframework.boot.web.embedded.jetty;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.URI;
|
||||
import java.net.URL;
|
||||
import java.nio.channels.ReadableByteChannel;
|
||||
import java.nio.file.Path;
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.EventListener;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.Spliterator;
|
||||
import java.util.UUID;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import org.eclipse.jetty.ee10.servlet.ErrorHandler;
|
||||
@ -79,7 +70,6 @@ import org.eclipse.jetty.session.DefaultSessionCache;
|
||||
import org.eclipse.jetty.session.FileSessionDataStore;
|
||||
import org.eclipse.jetty.session.SessionConfig;
|
||||
import org.eclipse.jetty.util.Callback;
|
||||
import org.eclipse.jetty.util.resource.CombinedResource;
|
||||
import org.eclipse.jetty.util.resource.Resource;
|
||||
import org.eclipse.jetty.util.resource.ResourceFactory;
|
||||
import org.eclipse.jetty.util.resource.URLResourceFactory;
|
||||
@ -594,154 +584,6 @@ public class JettyServletWebServerFactory extends AbstractServletWebServerFactor
|
||||
}
|
||||
}
|
||||
|
||||
private static final class LoaderHidingResource extends Resource {
|
||||
|
||||
private static final String LOADER_RESOURCE_PATH_PREFIX = "/org/springframework/boot/";
|
||||
|
||||
private final Resource base;
|
||||
|
||||
private final Resource delegate;
|
||||
|
||||
private LoaderHidingResource(Resource base, Resource delegate) {
|
||||
this.base = base;
|
||||
this.delegate = delegate;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void forEach(Consumer<? super Resource> action) {
|
||||
this.delegate.forEach(action);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Path getPath() {
|
||||
return this.delegate.getPath();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isContainedIn(Resource r) {
|
||||
return this.delegate.isContainedIn(r);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Iterator<Resource> iterator() {
|
||||
if (this.delegate instanceof CombinedResource) {
|
||||
return list().iterator();
|
||||
}
|
||||
return List.<Resource>of(this).iterator();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
return this.delegate.equals(obj);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return this.delegate.hashCode();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean exists() {
|
||||
return this.delegate.exists();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Spliterator<Resource> spliterator() {
|
||||
return this.delegate.spliterator();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isDirectory() {
|
||||
return this.delegate.isDirectory();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isReadable() {
|
||||
return this.delegate.isReadable();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Instant lastModified() {
|
||||
return this.delegate.lastModified();
|
||||
}
|
||||
|
||||
@Override
|
||||
public long length() {
|
||||
return this.delegate.length();
|
||||
}
|
||||
|
||||
@Override
|
||||
public URI getURI() {
|
||||
return this.delegate.getURI();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return this.delegate.getName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getFileName() {
|
||||
return this.delegate.getFileName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public InputStream newInputStream() throws IOException {
|
||||
return this.delegate.newInputStream();
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings({ "deprecation", "removal" })
|
||||
public ReadableByteChannel newReadableByteChannel() throws IOException {
|
||||
return this.delegate.newReadableByteChannel();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> list() {
|
||||
return this.delegate.list().stream().filter(this::nonLoaderResource).toList();
|
||||
}
|
||||
|
||||
private boolean nonLoaderResource(Resource resource) {
|
||||
Path prefix = this.base.getPath().resolve(Path.of("org", "springframework", "boot"));
|
||||
return !resource.getPath().startsWith(prefix);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Resource resolve(String subUriPath) {
|
||||
if (subUriPath.startsWith(LOADER_RESOURCE_PATH_PREFIX)) {
|
||||
return null;
|
||||
}
|
||||
Resource resolved = this.delegate.resolve(subUriPath);
|
||||
return (resolved != null) ? new LoaderHidingResource(this.base, resolved) : null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAlias() {
|
||||
return this.delegate.isAlias();
|
||||
}
|
||||
|
||||
@Override
|
||||
public URI getRealURI() {
|
||||
return this.delegate.getRealURI();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void copyTo(Path destination) throws IOException {
|
||||
this.delegate.copyTo(destination);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<Resource> getAllResources() {
|
||||
return this.delegate.getAllResources().stream().filter(this::nonLoaderResource).toList();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return this.delegate.toString();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* {@link AbstractConfiguration} to apply {@code @WebListener} classes.
|
||||
*/
|
||||
|
@ -0,0 +1,196 @@
|
||||
/*
|
||||
* Copyright 2012-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.boot.web.embedded.jetty;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.URI;
|
||||
import java.nio.channels.ReadableByteChannel;
|
||||
import java.nio.file.Path;
|
||||
import java.time.Instant;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Spliterator;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
import org.eclipse.jetty.util.resource.CombinedResource;
|
||||
import org.eclipse.jetty.util.resource.Resource;
|
||||
|
||||
/**
|
||||
* A custom {@link Resource} that hides Spring Boot's loader classes, preventing them from
|
||||
* being served over HTTP.
|
||||
*
|
||||
* @author Andy Wilkinson
|
||||
*/
|
||||
final class LoaderHidingResource extends Resource {
|
||||
|
||||
private static final String LOADER_RESOURCE_PATH_PREFIX = "/org/springframework/boot/";
|
||||
|
||||
private final Path loaderBasePath;
|
||||
|
||||
private final Resource base;
|
||||
|
||||
private final Resource delegate;
|
||||
|
||||
LoaderHidingResource(Resource base, Resource delegate) {
|
||||
this.base = base;
|
||||
this.delegate = delegate;
|
||||
this.loaderBasePath = base.getPath().getFileSystem().getPath("/", "org", "springframework", "boot");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void forEach(Consumer<? super Resource> action) {
|
||||
this.delegate.forEach(action);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Path getPath() {
|
||||
return this.delegate.getPath();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isContainedIn(Resource r) {
|
||||
return this.delegate.isContainedIn(r);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Iterator<Resource> iterator() {
|
||||
if (this.delegate instanceof CombinedResource) {
|
||||
return list().iterator();
|
||||
}
|
||||
return List.<Resource>of(this).iterator();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
return this.delegate.equals(obj);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return this.delegate.hashCode();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean exists() {
|
||||
return this.delegate.exists();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Spliterator<Resource> spliterator() {
|
||||
return this.delegate.spliterator();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isDirectory() {
|
||||
return this.delegate.isDirectory();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isReadable() {
|
||||
return this.delegate.isReadable();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Instant lastModified() {
|
||||
return this.delegate.lastModified();
|
||||
}
|
||||
|
||||
@Override
|
||||
public long length() {
|
||||
return this.delegate.length();
|
||||
}
|
||||
|
||||
@Override
|
||||
public URI getURI() {
|
||||
return this.delegate.getURI();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return this.delegate.getName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getFileName() {
|
||||
return this.delegate.getFileName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public InputStream newInputStream() throws IOException {
|
||||
return this.delegate.newInputStream();
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings({ "deprecation", "removal" })
|
||||
public ReadableByteChannel newReadableByteChannel() throws IOException {
|
||||
return this.delegate.newReadableByteChannel();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> list() {
|
||||
return asLoaderHidingResources(this.delegate.list());
|
||||
}
|
||||
|
||||
private boolean nonLoaderResource(Resource resource) {
|
||||
return !resource.getPath().startsWith(this.loaderBasePath);
|
||||
}
|
||||
|
||||
private List<Resource> asLoaderHidingResources(Collection<Resource> resources) {
|
||||
return resources.stream().filter(this::nonLoaderResource).map(this::asLoaderHidingResource).toList();
|
||||
}
|
||||
|
||||
private Resource asLoaderHidingResource(Resource resource) {
|
||||
return (resource instanceof LoaderHidingResource) ? resource : new LoaderHidingResource(this.base, resource);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Resource resolve(String subUriPath) {
|
||||
if (subUriPath.startsWith(LOADER_RESOURCE_PATH_PREFIX)) {
|
||||
return null;
|
||||
}
|
||||
Resource resolved = this.delegate.resolve(subUriPath);
|
||||
return (resolved != null) ? new LoaderHidingResource(this.base, resolved) : null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAlias() {
|
||||
return this.delegate.isAlias();
|
||||
}
|
||||
|
||||
@Override
|
||||
public URI getRealURI() {
|
||||
return this.delegate.getRealURI();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void copyTo(Path destination) throws IOException {
|
||||
this.delegate.copyTo(destination);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<Resource> getAllResources() {
|
||||
return asLoaderHidingResources(this.delegate.getAllResources());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return this.delegate.toString();
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,104 @@
|
||||
/*
|
||||
* Copyright 2012-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.boot.web.embedded.jetty;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.nio.file.FileSystems;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.jar.JarOutputStream;
|
||||
import java.util.zip.ZipEntry;
|
||||
|
||||
import org.eclipse.jetty.util.resource.PathResourceFactory;
|
||||
import org.eclipse.jetty.util.resource.Resource;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.io.TempDir;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* Tests for {@link LoaderHidingResource}.
|
||||
*
|
||||
* @author Andy Wilkinson
|
||||
*/
|
||||
class LoaderHidingResourceTests {
|
||||
|
||||
@Test
|
||||
void listHidesLoaderResources(@TempDir File temp) throws IOException {
|
||||
URI warUri = createExampleWar(temp);
|
||||
Resource resource = new PathResourceFactory().newResource(warUri);
|
||||
LoaderHidingResource loaderHidingResource = new LoaderHidingResource(resource, resource);
|
||||
assertThat(deepList(loaderHidingResource)).hasOnlyElementsOfType(LoaderHidingResource.class)
|
||||
.extracting(Resource::getName)
|
||||
.contains("/assets/image.jpg")
|
||||
.doesNotContain("/org/springframework/boot/Loader.class");
|
||||
}
|
||||
|
||||
@Test
|
||||
void getAllResourcesHidesLoaderResources(@TempDir File temp) throws IOException {
|
||||
URI warUri = createExampleWar(temp);
|
||||
Resource resource = new PathResourceFactory().newResource(warUri);
|
||||
LoaderHidingResource loaderHidingResource = new LoaderHidingResource(resource, resource);
|
||||
Collection<Resource> allResources = loaderHidingResource.getAllResources();
|
||||
assertThat(allResources).hasOnlyElementsOfType(LoaderHidingResource.class)
|
||||
.extracting(Resource::getName)
|
||||
.contains("/assets/image.jpg")
|
||||
.doesNotContain("/org/springframework/boot/Loader.class");
|
||||
}
|
||||
|
||||
@Test
|
||||
void resolveHidesLoaderResources(@TempDir File temp) throws IOException {
|
||||
URI warUri = createExampleWar(temp);
|
||||
Resource resource = new PathResourceFactory().newResource(warUri);
|
||||
LoaderHidingResource loaderHidingResource = new LoaderHidingResource(resource, resource);
|
||||
assertThat(loaderHidingResource.resolve("/assets/image.jpg").exists()).isTrue();
|
||||
assertThat(loaderHidingResource.resolve("/assets/image.jpg")).isInstanceOf(LoaderHidingResource.class);
|
||||
assertThat(loaderHidingResource.resolve("/assets/non-existent.jpg").exists()).isFalse();
|
||||
assertThat(loaderHidingResource.resolve("/assets/non-existent.jpg")).isInstanceOf(LoaderHidingResource.class);
|
||||
assertThat(loaderHidingResource.resolve("/org/springframework/boot/Loader.class")).isNull();
|
||||
}
|
||||
|
||||
private URI createExampleWar(File temp) throws IOException {
|
||||
File exampleWarFile = new File(temp, "example.war");
|
||||
try (JarOutputStream out = new JarOutputStream(new FileOutputStream(exampleWarFile))) {
|
||||
out.putNextEntry(new ZipEntry("org/"));
|
||||
out.putNextEntry(new ZipEntry("org/springframework/"));
|
||||
out.putNextEntry(new ZipEntry("org/springframework/boot/"));
|
||||
out.putNextEntry(new ZipEntry("org/springframework/boot/Loader.class"));
|
||||
out.putNextEntry(new ZipEntry("assets/"));
|
||||
out.putNextEntry(new ZipEntry("assets/image.jpg"));
|
||||
}
|
||||
URI warUri = URI.create("jar:" + exampleWarFile.toURI() + "!/");
|
||||
FileSystems.newFileSystem(warUri, Collections.emptyMap());
|
||||
return warUri;
|
||||
}
|
||||
|
||||
private List<Resource> deepList(Resource resource) {
|
||||
List<Resource> all = new ArrayList<>();
|
||||
for (Resource listed : resource.list()) {
|
||||
all.add(listed);
|
||||
all.addAll(deepList(listed));
|
||||
}
|
||||
return all;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user