This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new ef500203ec Add mapping validation
ef500203ec is described below
commit ef500203ecadb852dab4d57f41ba2166c801bddd
Author: remm <[email protected]>
AuthorDate: Thu Oct 3 11:29:57 2024 +0200
Add mapping validation
The WebDAV Servlet can realistically only work with wildcard mappings,
so log other mappings.
---
java/org/apache/catalina/servlets/LocalStrings.properties | 1 +
java/org/apache/catalina/servlets/WebdavServlet.java | 12 ++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 17 insertions(+)
diff --git a/java/org/apache/catalina/servlets/LocalStrings.properties
b/java/org/apache/catalina/servlets/LocalStrings.properties
index 3c0f381c72..a2469a8e05 100644
--- a/java/org/apache/catalina/servlets/LocalStrings.properties
+++ b/java/org/apache/catalina/servlets/LocalStrings.properties
@@ -56,4 +56,5 @@ directory.title=Directory Listing For [{0}]
webdavservlet.externalEntityIgnored=The request included a reference to an
external entity with PublicID [{0}] and SystemID [{1}] which was ignored
webdavservlet.inputstreamclosefail=Failed to close the inputStream of [{0}]
webdavservlet.jaxpfailed=JAXP initialization failed
+webdavservlet.nonWildcardMapping=The mapping [{0}] is not a wildcard mapping
and should not be used for the WebDAV Servlet
webdavservlet.noSecret=Generation of secure lock ids need a configured
'secret' init parameter on the Servlet
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 455727ef63..c5ad3f8623 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -27,6 +27,7 @@ import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayDeque;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Deque;
@@ -47,6 +48,7 @@ import jakarta.servlet.DispatcherType;
import jakarta.servlet.RequestDispatcher;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRegistration;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
@@ -261,6 +263,16 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
super.init();
+ // Validate that the Servlet is only mapped to wildcard mappings
+ String servletName = getServletConfig().getServletName();
+ ServletRegistration servletRegistration =
getServletConfig().getServletContext().getServletRegistration(servletName);
+ Collection<String> servletMappings = servletRegistration.getMappings();
+ for (String mapping : servletMappings) {
+ if (!mapping.endsWith("/*")) {
+ log(sm.getString("webdavservlet.nonWildcardMapping", mapping));
+ }
+ }
+
if (getServletConfig().getInitParameter("secret") != null) {
secret = getServletConfig().getInitParameter("secret");
} else {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0ce26bd380..29d8da1a15 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -137,6 +137,10 @@
Make <code>WebdavServlet</code> properly return the <code>Allow</code>
header when deletion of a resource is not allowed. (michaelo)
</fix>
+ <fix>
+ Add log warning if non wildcard mappings are used with the
+ <code>WebdavServlet</code>. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
