Only use jar shortcut for matching URLs

Update JAR `Handler` logic so that the existing `jarFile` is only used
if the requested URL starts with the same path. Prior to this commit it
was possible to construct a URL with another URL as context. This could
mean that the `handler` was shared and the already resolved `jarFile`
contained in the handler wasn't necessarily suitable.

Fixes gh-12483

spring-boot-tools/spring-boot-loader/src/main/java/org/springframework/boot/loader/jar/Handler.java

@@ -92,7 +92,8 @@ public class Handler extends URLStreamHandler {
 
 	@Override
 	protected URLConnection openConnection(URL url) throws IOException {
-		if (this.jarFile != null) {
+		if (this.jarFile != null
+				&& url.toString().startsWith(this.jarFile.getUrl().toString())) {
 			return JarURLConnection.get(url, this.jarFile);
 		}
 		try {

spring-boot-tools/spring-boot-loader/src/test/java/org/springframework/boot/loader/jar/JarFileTests.java

@@ -485,4 +485,24 @@ public class JarFileTests {
 		assertThat(temp.delete()).isTrue();
 	}
 
+	@Test
+	public void createUrlFromStringWithContextWhenNotFound() throws Exception {
+		// gh-12483
+		JarURLConnection.setUseFastExceptions(true);
+		try {
+			JarFile.registerUrlProtocolHandler();
+			JarFile nested = this.jarFile
+					.getNestedJarFile(this.jarFile.getEntry("nested.jar"));
+			URL context = nested.getUrl();
+			new URL(context, "jar:" + this.rootJarFile.toURI() + "!/nested.jar!/3.dat")
+					.openConnection().getInputStream().close();
+			this.thrown.expect(FileNotFoundException.class);
+			new URL(context, "jar:" + this.rootJarFile.toURI() + "!/no.dat")
+					.openConnection().getInputStream().close();
+		}
+		finally {
+			JarURLConnection.setUseFastExceptions(false);
+		}
+	}
+
 }