Author: timw Date: Mon Oct 4 20:19:09 2010 New Revision: 1004393 URL: http://svn.apache.org/viewvc?rev=1004393&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026 Always calculate path of resource to be served relative to the context root. This invokes the standard protection of WEB-INF and META-INF directories. This is a breaking change for the unofficial use of DefaultServlet to remount the webapp base under a new path.
Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1004393&r1=1004392&r2=1004393&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original) +++ tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Mon Oct 4 20:19:09 2010 @@ -70,9 +70,44 @@ import org.apache.tomcat.util.res.String /** - * The default resource-serving servlet for most web applications, + * <p>The default resource-serving servlet for most web applications, * used to serve static resources such as HTML pages and images. - * + * </p> + * <p> + * This servlet is intended to be mapped to <em>/</em> e.g.: + * </p> + * <pre> + * <servlet-mapping> + * <servlet-name>default</servlet-name> + * <url-pattern>/</url-pattern> + * </servlet-mapping> + * </pre> + * <p>It can be mapped to sub-paths, however in all cases resources are served + * from the web appplication resource root using the full path from the root + * of the web application context. + * <br/>e.g. given a web application structure: + *</p> + * <pre> + * /context + * /images + * tomcat2.jpg + * /static + * /images + * tomcat.jpg + * </pre> + * <p> + * ... and a servlet mapping that maps only <code>/static/*</code> to the default servlet: + * </p> + * <pre> + * <servlet-mapping> + * <servlet-name>default</servlet-name> + * <url-pattern>/static/*</url-pattern> + * </servlet-mapping> + * </pre> + * <p> + * Then a request to <code>/context/static/images/tomcat.jpg</code> will succeed + * while a request to <code>/context/images/tomcat2.jpg</code> will fail. + * </p> * @author Craig R. McClanahan * @author Remy Maucherat * @version $Id$ @@ -303,6 +338,11 @@ public class DefaultServlet * @param request The servlet request we are processing */ protected String getRelativePath(HttpServletRequest request) { + // IMPORTANT: DefaultServlet can be mapped to '/' or '/path/*' but always + // serves resources from the web app root with context rooted paths. + // i.e. it can not be used to mount the web app root under a sub-path + // This method must construct a complete context rooted path, although + // subclasses can change this behaviour. // Are we being processed by a RequestDispatcher.include()? if (request.getAttribute(Globals.INCLUDE_REQUEST_URI_ATTR) != null) { @@ -319,7 +359,11 @@ public class DefaultServlet // No, extract the desired path directly from the request String result = request.getPathInfo(); if (result == null) { + // Mapped to '/' result = request.getServletPath(); + } else { + // Mapped to '/path/*' so get entire path under context + result = request.getServletPath() + result; } if ((result == null) || (result.equals(""))) { result = "/"; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org