This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 721c3f8587 Add mapping validation
721c3f8587 is described below
commit 721c3f858732f5da41414e7fd0ac2ad5ebdbd824
Author: remm <[email protected]>
AuthorDate: Thu Oct 3 11:29:57 2024 +0200
Add mapping validation
The WebDAV Servlet can realistically only work with wildcard mappings,
so log other mappings.
---
java/org/apache/catalina/servlets/LocalStrings.properties | 1 +
java/org/apache/catalina/servlets/WebdavServlet.java | 12 ++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 17 insertions(+)
diff --git a/java/org/apache/catalina/servlets/LocalStrings.properties
b/java/org/apache/catalina/servlets/LocalStrings.properties
index 3d9eebfc8d..73795d5e0d 100644
--- a/java/org/apache/catalina/servlets/LocalStrings.properties
+++ b/java/org/apache/catalina/servlets/LocalStrings.properties
@@ -59,3 +59,4 @@ directory.title=Directory Listing For [{0}]
webdavservlet.externalEntityIgnored=The request included a reference to an
external entity with PublicID [{0}] and SystemID [{1}] which was ignored
webdavservlet.inputstreamclosefail=Failed to close the inputStream of [{0}]
webdavservlet.jaxpfailed=JAXP initialization failed
+webdavservlet.nonWildcardMapping=The mapping [{0}] is not a wildcard mapping
and should not be used for the WebDAV Servlet
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index daee33e435..bf338ef1d6 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -27,6 +27,7 @@ import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayDeque;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Deque;
@@ -43,6 +44,7 @@ import javax.servlet.DispatcherType;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+import javax.servlet.ServletRegistration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilder;
@@ -260,6 +262,16 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
super.init();
+ // Validate that the Servlet is only mapped to wildcard mappings
+ String servletName = getServletConfig().getServletName();
+ ServletRegistration servletRegistration =
getServletConfig().getServletContext().getServletRegistration(servletName);
+ Collection<String> servletMappings = servletRegistration.getMappings();
+ for (String mapping : servletMappings) {
+ if (!mapping.endsWith("/*")) {
+ log(sm.getString("webdavservlet.nonWildcardMapping", mapping));
+ }
+ }
+
if (getServletConfig().getInitParameter("secret") != null) {
secret = getServletConfig().getInitParameter("secret");
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e32871c8be..cdc66eeea7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -151,6 +151,10 @@
Make <code>WebdavServlet</code> properly return the <code>Allow</code>
header when deletion of a resource is not allowed. (michaelo)
</fix>
+ <fix>
+ Add log warning if non wildcard mappings are used with the
+ <code>WebdavServlet</code>. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
