[undertow-dev] Different checks between servlet context's get resource methods

Brad Wood bdw429s at gmail.com
Thu Jul 30 02:05:26 EDT 2020 

Understood, thanks for the reply.

Thanks!

~Brad

*Developer Advocate*
*Ortus Solutions, Corp *

E-mail: brad at coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com



On Wed, Jul 29, 2020 at 11:02 PM Stuart Douglas <sdouglas at redhat.com> wrote:

> I would just leave it for now, fixing it has the potential to break
> applications, with no real gain.
>
> Stuart
>
> On Thu, 30 Jul 2020 at 13:51, Brad Wood <bdw429s at gmail.com> wrote:
>
>> Fair enough, is it worth a pull request or do we leave it?
>>
>> Thanks!
>>
>> ~Brad
>>
>> *Developer Advocate*
>> *Ortus Solutions, Corp *
>>
>> E-mail: brad at coldbox.org
>> ColdBox Platform: http://www.coldbox.org
>> Blog: http://www.codersrevolution.com
>>
>>
>>
>> On Wed, Jul 29, 2020 at 10:47 PM Stuart Douglas <sdouglas at redhat.com>
>> wrote:
>>
>>> Probably an oversight, I would guess that maybe there is a TCK test for
>>> one method and not the other :-)
>>>
>>>
>>> On Thu, 30 Jul 2020 at 04:07, Brad Wood <bdw429s at gmail.com> wrote:
>>>
>>>> Why does the *getResource()* method in *ServletContextImpl* have the
>>>> following check
>>>>
>>>>         if (!path.startsWith("/")) {
>>>>             throw
>>>> UndertowServletMessages.MESSAGES.pathMustStartWithSlash(path);
>>>>         }
>>>>
>>>> but the *getResourceAsStream()* method in the same class does not.
>>>>
>>>> The ServletContext spec does say "*The path must begin with a / *" for
>>>> the *getResource()* method
>>>>
>>>> https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#getResource-java.lang.String-
>>>>
>>>>
>>>> And the *getResourceAsStream()* method also says that "*The path must
>>>> be specified according to the rules given in getResource*"
>>>>
>>>>
>>>> https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#getResourceAsStream-java.lang.String-
>>>>
>>>>
>>>> So it seems the same validation rules should apply to both methods.
>>>>
>>>> Thanks!
>>>>
>>>> ~Brad
>>>>
>>>> *Developer Advocate*
>>>> *Ortus Solutions, Corp *
>>>>
>>>> E-mail: brad at coldbox.org
>>>> ColdBox Platform: http://www.coldbox.org
>>>> Blog: http://www.codersrevolution.com
>>>>
>>>> _______________________________________________
>>>> undertow-dev mailing list
>>>> undertow-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20200730/b1d0837c/attachment.html

More information about the undertow-dev mailing list