Re: RFR: 8245095: Implementation of JEP 408: Simple Web Server [v4]
On Mon, 20 Sep 2021 16:16:10 GMT, Daniel Fuchs wrote: >> src/jdk.httpserver/share/classes/sun/net/httpserver/simpleserver/FileServerHandler.java >> line 340: >> >>> 338: } >>> 339: } >>> 340: return false; >> >> This will start checking from the root of the file system. I believe we want >> to start checking from the root of the FileServerHandler, root excluded. > > Maybe these checks should be made in `mapToPath` instead since you already > walk the path there - and IIRC returning null from `mapToPath` will cause > HTTP 404. Agreed. I refactored the handler to check `!isReadable`, `isHidden` and `isSymbolicLink` for each path segment from the root, excluding the root itself. If any of these conditions is met, a 404 response is sent. A generic 404 response for hides potentially revealing information. The checks are repeated in handle() on line 375, let's keep them in there for reassurance. - PR: https://git.openjdk.java.net/jdk/pull/5505
Re: RFR: 8245095: Implementation of JEP 408: Simple Web Server [v4]
On Mon, 20 Sep 2021 16:09:14 GMT, Daniel Fuchs wrote: >> Julia Boes has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 12 commits: >> >> - Merge branch 'master' into simpleserver >> - check isHidden, isSymlink, isReadable for all path segments >> - add checks for all path segments >> - Merge branch 'master' into componentcheck >> - Merge branch 'master' into simpleserver >> - improve output on startup >> - correct path handling >> - small spec rewording >> - add module main class to symbolgenerator >> - remove UnmodifiableHeaders constant >> - ... and 2 more: >> https://git.openjdk.java.net/jdk/compare/4d95a5d6...10523290 > > src/jdk.httpserver/share/classes/sun/net/httpserver/simpleserver/FileServerHandler.java > line 340: > >> 338: } >> 339: } >> 340: return false; > > This will start checking from the root of the file system. I believe we want > to start checking from the root of the FileServerHandler, root excluded. Maybe these checks should be made in `mapToPath` instead since you already walk the path there - and IIRC returning null from `mapToPath` will cause HTTP 404. - PR: https://git.openjdk.java.net/jdk/pull/5505
Re: RFR: 8245095: Implementation of JEP 408: Simple Web Server [v4]
On Mon, 20 Sep 2021 15:28:05 GMT, Julia Boes wrote: >> This change implements a simple web server that can be run on the >> command-line with `java -m jdk.httpserver`. >> >> This is facilitated by adding an entry point for the `jdk.httpserver` >> module, an implementation class whose main method is run when the above >> command is executed. This is the first such module entry point in the JDK. >> >> The server is a minimal HTTP server that serves the static files of a given >> directory, similar to existing alternatives on other platforms and >> convenient for testing, development, and debugging. >> >> Additionally, a small API is introduced for programmatic creation and >> customization. >> >> Testing: tier1-3. > > Julia Boes has updated the pull request with a new target base due to a merge > or a rebase. The pull request now contains 12 commits: > > - Merge branch 'master' into simpleserver > - check isHidden, isSymlink, isReadable for all path segments > - add checks for all path segments > - Merge branch 'master' into componentcheck > - Merge branch 'master' into simpleserver > - improve output on startup > - correct path handling > - small spec rewording > - add module main class to symbolgenerator > - remove UnmodifiableHeaders constant > - ... and 2 more: > https://git.openjdk.java.net/jdk/compare/4d95a5d6...10523290 src/jdk.httpserver/share/classes/sun/net/httpserver/simpleserver/FileServerHandler.java line 340: > 338: } > 339: } > 340: return false; This will start checking from the root of the file system. I believe we want to start checking from the root of the FileServerHandler, root excluded. - PR: https://git.openjdk.java.net/jdk/pull/5505
Re: RFR: 8245095: Implementation of JEP 408: Simple Web Server [v4]
> This change implements a simple web server that can be run on the > command-line with `java -m jdk.httpserver`. > > This is facilitated by adding an entry point for the `jdk.httpserver` module, > an implementation class whose main method is run when the above command is > executed. This is the first such module entry point in the JDK. > > The server is a minimal HTTP server that serves the static files of a given > directory, similar to existing alternatives on other platforms and convenient > for testing, development, and debugging. > > Additionally, a small API is introduced for programmatic creation and > customization. > > Testing: tier1-3. Julia Boes has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 12 commits: - Merge branch 'master' into simpleserver - check isHidden, isSymlink, isReadable for all path segments - add checks for all path segments - Merge branch 'master' into componentcheck - Merge branch 'master' into simpleserver - improve output on startup - correct path handling - small spec rewording - add module main class to symbolgenerator - remove UnmodifiableHeaders constant - ... and 2 more: https://git.openjdk.java.net/jdk/compare/4d95a5d6...10523290 - Changes: https://git.openjdk.java.net/jdk/pull/5505/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk=5505=03 Stats: 7034 lines in 43 files changed: 6998 ins; 15 del; 21 mod Patch: https://git.openjdk.java.net/jdk/pull/5505.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/5505/head:pull/5505 PR: https://git.openjdk.java.net/jdk/pull/5505