svn commit: r1557127 - /tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java

Fri, 10 Jan 2014 06:13:56 -0800 

Author: markt
Date: Fri Jan 10 14:07:45 2014
New Revision: 1557127

URL: http://svn.apache.org/r1557127
Log:
More graceful handling (a 403 rather than a 500 response) when file permissions 
allow Tomcat to know a resource exists but not to read it

Modified:
    tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java

Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1557127&r1=1557126&r2=1557127&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Fri Jan 
10 14:07:45 2014
@@ -724,6 +724,27 @@ public class DefaultServlet
             return;
         }
 
+        if (!resource.canRead()) {
+            // Check if we're included so we can return the appropriate
+            // missing resource name in the error
+            String requestUri = (String) request.getAttribute(
+                    RequestDispatcher.INCLUDE_REQUEST_URI);
+            if (requestUri == null) {
+                requestUri = request.getRequestURI();
+            } else {
+                // We're included
+                // Spec doesn't say what to do in this case but a FNFE seems
+                // reasonable
+                throw new FileNotFoundException(
+                        sm.getString("defaultServlet.missingResource",
+                    requestUri));
+            }
+
+            response.sendError(HttpServletResponse.SC_FORBIDDEN,
+                               requestUri);
+            return;
+        }
+
         // If the resource is not a collection, and the resource path
         // ends with "/" or "\", return NOT FOUND
         if (resource.isFile()) {



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to