[jboss-jira] [JBoss JIRA] (WFLY-5969) io.undertow.servlet.handlers.DefaultServlet will list incorrect directory contents
Matthew Casperson (JIRA)
issues at jboss.org
Sat Mar 19 20:38:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-5969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13179480#comment-13179480 ]
Matthew Casperson commented on WFLY-5969:
-----------------------------------------
Apologies - it does appear that context path has no effect. With or without context path, setting resolve-against-context-root does allow the delivery of static context when the default servlet is mapped to a subpath.
However, I'm still a bit unclear on the intended functionality when resolve-against-context-root is mixed with something like this in web.xml:
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/static/*</url-pattern>
</servlet-mapping>
i.e. this: https://github.com/mcasperson/wildfly-default-servlet-bug/blob/master/src/main/webapp/WEB-INF/web.xml
I would have expected the servlet mapping to allow only the static resources in the "static" directory to browsed and opened. With resolve-against-context-root set to true, browsing and downloading works for all directories, apparently ignoring the servlet-mapping.
To demonstrate this I have deployed the war file generated from the sample app at https://github.com/mcasperson/wildfly-default-servlet-bug deployed to Wildfly 10 Final in Openshift at http://wildflybug1-kuna.rhcloud.com/wildfly-default-servlet-bug/.
You'll note that http://wildflybug1-kuna.rhcloud.com/wildfly-default-servlet-bug/static2 can be browsed (ignore the fact that the response is plain text, I think that is an Openshift issue, as it is a valid HTML page when you run this locally), and http://wildflybug1-kuna.rhcloud.com/wildfly-default-servlet-bug/static2/data2.xml can be downloaded, despite the default servlet being mapped only to the "static" directory.
> io.undertow.servlet.handlers.DefaultServlet will list incorrect directory contents
> ----------------------------------------------------------------------------------
>
> Key: WFLY-5969
> URL: https://issues.jboss.org/browse/WFLY-5969
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 10.0.0.CR5
> Environment: MacOS with Java 8u65
> Reporter: Matthew Casperson
> Assignee: Stuart Douglas
> Attachments: Screen Shot 2016-01-11 at 11.24.34 am.png, Screen Shot 2016-01-11 at 11.24.41 am.png
>
>
> The Untertow DefaultServlet exhibits some odd behaviour when it has been mapped to a subdirectory.
> To see this behaviour, build the WAR file from the sample project at https://github.com/mcasperson/wildfly-default-servlet-bug. Deploy to WildFly 10 CR5, and open the link http://localhost:8080/wildfly-default-servlet-bug/static (note no slash on the end of the URL). You'll see the expected directory listing.
> !Screen Shot 2016-01-11 at 11.24.41 am.png|thumbnail!
> Now open http://localhost:8080/wildfly-default-servlet-bug/static/ (note the slash on the end). You'll actually now be browsing the root directory of the application.
> !Screen Shot 2016-01-11 at 11.24.34 am.png|thumbnail!
> Now open http://localhost:8080/wildfly-default-servlet-bug/static/static/data.xml (note the double static in the URL). You'll be able to open the XML file. This is not what I would have expected.
> Now open http://localhost:8080/wildfly-default-servlet-bug/static/data.xml. You'll get a 404. I would have expected to be able to open the file using this URL.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list