wiki.eclipse.org is for a long EOL (End of Life) version of Jetty. The big red box at the top even tells you that, and gives you a link to the up to date Jetty documentation.
Windows File Locking is a standard feature of windows. Files that are open are locked and prevented from being tampered with. You cannot rely on this feature of Windows for what you want. As Jetty cannot have all files on your webapp open at the same time, that would hit open file limits on your OS rather quickly. The temporary directory of a webapp is standard servlet spec behavior and is where all temporary files reside, that directory can never be read-only, otherwise your webapp wouldn't function as you expect. You should probably just rely on standard operating system protections, have Jetty run on it's own user, with it's own temporary directory, setup to not allow other users on the operating system to change/modify the content of those directories. This is not something that can be controlled by Jetty itself, this is something you have to setup and configure at the OS level, the FileSystem level, and perhaps even configure your WebApp to use those user specific directories. Joakim Erdfelt / [email protected] On Wed, Jul 17, 2019 at 7:41 AM deepak dhandapani <[email protected]> wrote: > Hello Jan, > > Add on to the above, the link I posted in the first mail list is wrong. It > should be > https://wiki.eclipse.org/Jetty/Howto/Deal_with_Locked_Windows_Files which > deals about disabling memory mapping. > > On Wed, Jul 17, 2019 at 1:51 PM deepak dhandapani <[email protected]> > wrote: > >> Hello Jan, >> >> Thanks for your reply. Jetty version should be >> *jetty-distribution-9.4.9.v20180320.* >> >> Making the scanInterval to 0 in jetty-deploy.xml does one time scan of >> the monitored directory upon starting the Jetty service. This gives me a >> partial solution since any changes in the webapps directory is not >> reflecting in the response. Why I mean partial is that, on the time of scan >> the content of the WAR file is extracted into an temporary directory and >> Jetty uses the extracted files to process the request and delivers a >> response. >> >> If I make changes to files in the temporary directory containing my >> resource files, this would still allow file tampering. >> >> Is *jetty-distribution-9.4.9.v20180320* run on NIO based connectors? If >> Yes,making the configuration *useFileMappedBuffer *for *DefaultServlet* >> to be *true* is having no effect to use memory-mapped files. >> >> Could you advise me how to secure my resource files in this case? >> >> Thanks in advance! >> >> On Tue, Jul 16, 2019 at 10:26 PM Jan Bartel <[email protected]> wrote: >> >>> You haven't provided a recognisable jetty version, can you double check >>> what you're using? >>> >>> You don't have to use the webapp deployer to deploy your webapp if you >>> don't want to. The one we provide will periodically scan for changed files, >>> however you could write your own that just deploys once. Take a look in the >>> jetty-deploy maven src module, should be pretty easy. >>> >>> You might be able to fudge it by setting the scanInterval to 0 on the >>> current deployer in the ini file or in the jetty-deploy.xml file, but I've >>> never tried that so can't guarantee it works. >>> >>> Other option is you can just write a small xml file that directly >>> deploys your webapp. >>> >>> You should also be using operating system privileges to protect who can >>> interact with the jetty instance, do things like copying or modifying >>> files, starting or stopping jetty. >>> >>> >>> >>> On Tue., 16 Jul. 2019, 07:44 deepak dhandapani, <[email protected]> >>> wrote: >>> >>>> Hi There, >>>> >>>> I'm currently working with the Gradle project which is used to design >>>> an web services to deploy in the Jetty web server in the location >>>> "*C:\Program >>>> Files\jetty\mt-base\webapps*" as .WAR file. When I run the Jetty >>>> services, my services working fine as expected but what worrying me is, >>>> Jetty allowing the WAR file for modification even when Jetty is running and >>>> thus reloading the services to have effect on the server response for the >>>> client request. >>>> >>>> This allows for malicious tampering of the WAR file and we are looking >>>> to protect this from happening. >>>> >>>> My question is, *Is there any Jetty configuration to lock the web >>>> application file while the service is up and running (I.E., lock all files >>>> inside "C:\Program Files\jetty\mt-base\webapps" folder)? If Yes, could you >>>> let me know how to setup the configurations for me, please?* >>>> >>>> However, I do see a facility *'useFileMappedBuffer'* property in the >>>> link https://wiki.eclipse.org/Jetty/Reference/webdefault.xml for >>>> memory-mapping of files for the Jetty services. I'm currently trying this >>>> to see if I can achieve my need. Could you elaborate the statement "*Jetty >>>> buffers static content for webapps such as HTML files, CSS files, images, >>>> etc. If you are using NIO connectors, Jetty uses memory-mapped files to do >>>> this.*" in the link >>>> https://wiki.eclipse.org/Jetty/Reference/webdefault.xml? What does NIO >>>> connectors mean? How to implement in my Jetty? >>>> >>>> Current Jetty I'm using is *Jetty (x64) 1.4.0.56668 * >>>> OS - Windows 10 Enterprise >>>> >>>> Thanks in advance! >>>> _______________________________________________ >>>> jetty-users mailing list >>>> [email protected] >>>> To change your delivery options, retrieve your password, or unsubscribe >>>> from this list, visit >>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>> >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://www.eclipse.org/mailman/listinfo/jetty-users >> >> _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
