/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina.servlets;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.io.RandomAccessFile;
import java.io.Reader;
import java.io.Serializable;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.List;
import java.util.Locale;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import jakarta.servlet.DispatcherType;
import jakarta.servlet.RequestDispatcher;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.ServletResponseWrapper;
import jakarta.servlet.UnavailableException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.connector.RequestFacade;
import org.apache.catalina.connector.ResponseFacade;
import org.apache.catalina.util.IOTools;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.URLEncoder;
import org.apache.catalina.webresources.CachedResource;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.http.ResponseUtil;
import org.apache.tomcat.util.http.parser.ContentRange;
import org.apache.tomcat.util.http.parser.EntityTag;
import org.apache.tomcat.util.http.parser.Ranges;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.security.Escape;
import org.apache.tomcat.util.security.PrivilegedGetTccl;
import org.apache.tomcat.util.security.PrivilegedSetTccl;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.ext.EntityResolver2;
The default resource-serving servlet for most web applications,
used to serve static resources such as HTML pages and images.
This servlet is intended to be mapped to / e.g.:
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
It can be mapped to sub-paths, however in all cases resources are served
from the web application resource root using the full path from the root
of the web application context.
e.g. given a web application structure:
/context
/images
tomcat2.jpg
/static
/images
tomcat.jpg
... and a servlet mapping that maps only /static/*
to the default servlet:
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/static/*</url-pattern>
</servlet-mapping>
Then a request to /context/static/images/tomcat.jpg
will succeed
while a request to /context/images/tomcat2.jpg
will fail.
Author: Craig R. McClanahan, Remy Maucherat
/**
* <p>The default resource-serving servlet for most web applications,
* used to serve static resources such as HTML pages and images.
* </p>
* <p>
* This servlet is intended to be mapped to <em>/</em> e.g.:
* </p>
* <pre>
* <servlet-mapping>
* <servlet-name>default</servlet-name>
* <url-pattern>/</url-pattern>
* </servlet-mapping>
* </pre>
* <p>It can be mapped to sub-paths, however in all cases resources are served
* from the web application resource root using the full path from the root
* of the web application context.
* <br>e.g. given a web application structure:
*</p>
* <pre>
* /context
* /images
* tomcat2.jpg
* /static
* /images
* tomcat.jpg
* </pre>
* <p>
* ... and a servlet mapping that maps only <code>/static/*</code> to the default servlet:
* </p>
* <pre>
* <servlet-mapping>
* <servlet-name>default</servlet-name>
* <url-pattern>/static/*</url-pattern>
* </servlet-mapping>
* </pre>
* <p>
* Then a request to <code>/context/static/images/tomcat.jpg</code> will succeed
* while a request to <code>/context/images/tomcat2.jpg</code> will fail.
* </p>
* @author Craig R. McClanahan
* @author Remy Maucherat
*/
public class DefaultServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
The string manager for this package.
/**
* The string manager for this package.
*/
protected static final StringManager sm = StringManager.getManager(DefaultServlet.class);
private static final DocumentBuilderFactory factory;
private static final SecureEntityResolver secureEntityResolver;
Full range marker.
/**
* Full range marker.
*/
protected static final Ranges FULL = new Ranges(null, new ArrayList<Ranges.Entry>());
private static final ContentRange IGNORE = new ContentRange(null, 0, 0, 0);
MIME multipart separation string
/**
* MIME multipart separation string
*/
protected static final String mimeSeparation = "CATALINA_MIME_BOUNDARY";
Size of file transfer buffer in bytes.
/**
* Size of file transfer buffer in bytes.
*/
protected static final int BUFFER_SIZE = 4096;
// ----------------------------------------------------- Static Initializer
static {
if (Globals.IS_SECURITY_ENABLED) {
factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
factory.setValidating(false);
secureEntityResolver = new SecureEntityResolver();
} else {
factory = null;
secureEntityResolver = null;
}
}
// ----------------------------------------------------- Instance Variables
The debugging detail level for this servlet.
/**
* The debugging detail level for this servlet.
*/
protected int debug = 0;
The input buffer size to use when serving resources.
/**
* The input buffer size to use when serving resources.
*/
protected int input = 2048;
Should we generate directory listings?
/**
* Should we generate directory listings?
*/
protected boolean listings = false;
Read only flag. By default, it's set to true.
/**
* Read only flag. By default, it's set to true.
*/
protected boolean readOnly = true;
List of compression formats to serve and their preference order.
/**
* List of compression formats to serve and their preference order.
*/
protected CompressionFormat[] compressionFormats;
The output buffer size to use when serving resources.
/**
* The output buffer size to use when serving resources.
*/
protected int output = 2048;
Allow customized directory listing per directory.
/**
* Allow customized directory listing per directory.
*/
protected String localXsltFile = null;
Allow customized directory listing per context.
/**
* Allow customized directory listing per context.
*/
protected String contextXsltFile = null;
Allow customized directory listing per instance.
/**
* Allow customized directory listing per instance.
*/
protected String globalXsltFile = null;
Allow a readme file to be included.
/**
* Allow a readme file to be included.
*/
protected String readmeFile = null;
The complete set of web application resources
/**
* The complete set of web application resources
*/
protected transient WebResourceRoot resources = null;
File encoding to be used when reading static files. If none is specified
the platform default is used.
/**
* File encoding to be used when reading static files. If none is specified
* the platform default is used.
*/
protected String fileEncoding = null;
private transient Charset fileEncodingCharset = null;
If a file has a BOM, should that be used in preference to fileEncoding?
/**
* If a file has a BOM, should that be used in preference to fileEncoding?
*/
private boolean useBomIfPresent = true;
Minimum size for sendfile usage in bytes.
/**
* Minimum size for sendfile usage in bytes.
*/
protected int sendfileSize = 48 * 1024;
Should the Accept-Ranges: bytes header be send with static resources?
/**
* Should the Accept-Ranges: bytes header be send with static resources?
*/
protected boolean useAcceptRanges = true;
Flag to determine if server information is presented.
/**
* Flag to determine if server information is presented.
*/
protected boolean showServerInfo = true;
Flag to determine if resources should be sorted.
/**
* Flag to determine if resources should be sorted.
*/
protected boolean sortListings = false;
The sorting manager for sorting files and directories.
/**
* The sorting manager for sorting files and directories.
*/
protected transient SortManager sortManager;
Flag that indicates whether partial PUTs are permitted.
/**
* Flag that indicates whether partial PUTs are permitted.
*/
private boolean allowPartialPut = true;
// --------------------------------------------------------- Public Methods
Finalize this servlet.
/**
* Finalize this servlet.
*/
@Override
public void destroy() {
// NOOP
}
Initialize this servlet.
/**
* Initialize this servlet.
*/
@Override
public void init() throws ServletException {
if (getServletConfig().getInitParameter("debug") != null) {
debug = Integer.parseInt(getServletConfig().getInitParameter("debug"));
}
if (getServletConfig().getInitParameter("input") != null) {
input = Integer.parseInt(getServletConfig().getInitParameter("input"));
}
if (getServletConfig().getInitParameter("output") != null) {
output = Integer.parseInt(getServletConfig().getInitParameter("output"));
}
listings = Boolean.parseBoolean(getServletConfig().getInitParameter("listings"));
if (getServletConfig().getInitParameter("readonly") != null) {
readOnly = Boolean.parseBoolean(getServletConfig().getInitParameter("readonly"));
}
compressionFormats = parseCompressionFormats(
getServletConfig().getInitParameter("precompressed"),
getServletConfig().getInitParameter("gzip"));
if (getServletConfig().getInitParameter("sendfileSize") != null) {
sendfileSize = Integer.parseInt(getServletConfig().getInitParameter("sendfileSize")) * 1024;
}
fileEncoding = getServletConfig().getInitParameter("fileEncoding");
if (fileEncoding == null) {
fileEncodingCharset = Charset.defaultCharset();
fileEncoding = fileEncodingCharset.name();
} else {
try {
fileEncodingCharset = B2CConverter.getCharset(fileEncoding);
} catch (UnsupportedEncodingException e) {
throw new ServletException(e);
}
}
if (getServletConfig().getInitParameter("useBomIfPresent") != null) {
useBomIfPresent = Boolean.parseBoolean(getServletConfig().getInitParameter("useBomIfPresent"));
}
globalXsltFile = getServletConfig().getInitParameter("globalXsltFile");
contextXsltFile = getServletConfig().getInitParameter("contextXsltFile");
localXsltFile = getServletConfig().getInitParameter("localXsltFile");
readmeFile = getServletConfig().getInitParameter("readmeFile");
if (getServletConfig().getInitParameter("useAcceptRanges") != null) {
useAcceptRanges = Boolean.parseBoolean(getServletConfig().getInitParameter("useAcceptRanges"));
}
// Sanity check on the specified buffer sizes
if (input < 256) {
input = 256;
}
if (output < 256) {
output = 256;
}
if (debug > 0) {
log("DefaultServlet.init: input buffer size=" + input +
", output buffer size=" + output);
}
// Load the web resources
resources = (WebResourceRoot) getServletContext().getAttribute(Globals.RESOURCES_ATTR);
if (resources == null) {
throw new UnavailableException(sm.getString("defaultServlet.noResources"));
}
if (getServletConfig().getInitParameter("showServerInfo") != null) {
showServerInfo = Boolean.parseBoolean(getServletConfig().getInitParameter("showServerInfo"));
}
if (getServletConfig().getInitParameter("sortListings") != null) {
sortListings = Boolean.parseBoolean(getServletConfig().getInitParameter("sortListings"));
if(sortListings) {
boolean sortDirectoriesFirst;
if (getServletConfig().getInitParameter("sortDirectoriesFirst") != null) {
sortDirectoriesFirst = Boolean.parseBoolean(getServletConfig().getInitParameter("sortDirectoriesFirst"));
} else {
sortDirectoriesFirst = false;
}
sortManager = new SortManager(sortDirectoriesFirst);
}
}
if (getServletConfig().getInitParameter("allowPartialPut") != null) {
allowPartialPut = Boolean.parseBoolean(getServletConfig().getInitParameter("allowPartialPut"));
}
}
private CompressionFormat[] parseCompressionFormats(String precompressed, String gzip) {
List<CompressionFormat> ret = new ArrayList<>();
if (precompressed != null && precompressed.indexOf('=') > 0) {
for (String pair : precompressed.split(",")) {
String[] setting = pair.split("=");
String encoding = setting[0];
String extension = setting[1];
ret.add(new CompressionFormat(extension, encoding));
}
} else if (precompressed != null) {
if (Boolean.parseBoolean(precompressed)) {
ret.add(new CompressionFormat(".br", "br"));
ret.add(new CompressionFormat(".gz", "gzip"));
}
} else if (Boolean.parseBoolean(gzip)) {
// gzip handling is for backwards compatibility with Tomcat 8.x
ret.add(new CompressionFormat(".gz", "gzip"));
}
return ret.toArray(new CompressionFormat[0]);
}
// ------------------------------------------------------ Protected Methods
Return the relative path associated with this servlet.
Params: - request – The servlet request we are processing
Returns: the relative path
/**
* Return the relative path associated with this servlet.
*
* @param request The servlet request we are processing
* @return the relative path
*/
protected String getRelativePath(HttpServletRequest request) {
return getRelativePath(request, false);
}
protected String getRelativePath(HttpServletRequest request, boolean allowEmptyPath) {
// IMPORTANT: DefaultServlet can be mapped to '/' or '/path/*' but always
// serves resources from the web app root with context rooted paths.
// i.e. it cannot be used to mount the web app root under a sub-path
// This method must construct a complete context rooted path, although
// subclasses can change this behaviour.
String servletPath;
String pathInfo;
if (request.getAttribute(RequestDispatcher.INCLUDE_REQUEST_URI) != null) {
// For includes, get the info from the attributes
pathInfo = (String) request.getAttribute(RequestDispatcher.INCLUDE_PATH_INFO);
servletPath = (String) request.getAttribute(RequestDispatcher.INCLUDE_SERVLET_PATH);
} else {
pathInfo = request.getPathInfo();
servletPath = request.getServletPath();
}
StringBuilder result = new StringBuilder();
if (servletPath.length() > 0) {
result.append(servletPath);
}
if (pathInfo != null) {
result.append(pathInfo);
}
if (result.length() == 0 && !allowEmptyPath) {
result.append('/');
}
return result.toString();
}
Determines the appropriate path to prepend resources with when generating directory listings. Depending on the behaviour of getRelativePath(HttpServletRequest)
this will change. Params: - request – the request to determine the path for
Returns: the prefix to apply to all resources in the listing.
/**
* Determines the appropriate path to prepend resources with
* when generating directory listings. Depending on the behaviour of
* {@link #getRelativePath(HttpServletRequest)} this will change.
* @param request the request to determine the path for
* @return the prefix to apply to all resources in the listing.
*/
protected String getPathPrefix(final HttpServletRequest request) {
return request.getContextPath();
}
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
if (req.getDispatcherType() == DispatcherType.ERROR) {
doGet(req, resp);
} else {
super.service(req, resp);
}
}
Process a GET request for the specified resource.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
Throws: - IOException – if an input/output error occurs
- ServletException – if a servlet-specified error occurs
/**
* Process a GET request for the specified resource.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet-specified error occurs
*/
@Override
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException {
// Serve the requested resource, including the data content
serveResource(request, response, true, fileEncoding);
}
Process a HEAD request for the specified resource.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
Throws: - IOException – if an input/output error occurs
- ServletException – if a servlet-specified error occurs
/**
* Process a HEAD request for the specified resource.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet-specified error occurs
*/
@Override
protected void doHead(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
// Serve the requested resource, without the data content unless we are
// being included since in that case the content needs to be provided so
// the correct content length is reported for the including resource
boolean serveContent = DispatcherType.INCLUDE.equals(request.getDispatcherType());
serveResource(request, response, serveContent, fileEncoding);
}
Override default implementation to ensure that TRACE is correctly
handled.
Params: - req – the
HttpServletRequest
object that contains the request the client made of the servlet - resp – the
HttpServletResponse
object that contains the response the servlet returns to the client
Throws: - IOException – if an input or output error occurs
while the servlet is handling the
OPTIONS request
- ServletException – if the request for the
OPTIONS cannot be handled
/**
* Override default implementation to ensure that TRACE is correctly
* handled.
*
* @param req the {@link HttpServletRequest} object that
* contains the request the client made of
* the servlet
*
* @param resp the {@link HttpServletResponse} object that
* contains the response the servlet returns
* to the client
*
* @exception IOException if an input or output error occurs
* while the servlet is handling the
* OPTIONS request
*
* @exception ServletException if the request for the
* OPTIONS cannot be handled
*/
@Override
protected void doOptions(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.setHeader("Allow", determineMethodsAllowed(req));
}
protected String determineMethodsAllowed(HttpServletRequest req) {
StringBuilder allow = new StringBuilder();
// Start with methods that are always allowed
allow.append("OPTIONS, GET, HEAD, POST");
// PUT and DELETE depend on readonly
if (!readOnly) {
allow.append(", PUT, DELETE");
}
// Trace - assume disabled unless we can prove otherwise
if (req instanceof RequestFacade &&
((RequestFacade) req).getAllowTrace()) {
allow.append(", TRACE");
}
return allow.toString();
}
protected void sendNotAllowed(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
resp.addHeader("Allow", determineMethodsAllowed(req));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
}
Process a POST request for the specified resource.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
Throws: - IOException – if an input/output error occurs
- ServletException – if a servlet-specified error occurs
/**
* Process a POST request for the specified resource.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet-specified error occurs
*/
@Override
protected void doPost(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException {
doGet(request, response);
}
Process a PUT request for the specified resource.
Params: - req – The servlet request we are processing
- resp – The servlet response we are creating
Throws: - IOException – if an input/output error occurs
- ServletException – if a servlet-specified error occurs
/**
* Process a PUT request for the specified resource.
*
* @param req The servlet request we are processing
* @param resp The servlet response we are creating
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet-specified error occurs
*/
@Override
protected void doPut(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
if (readOnly) {
sendNotAllowed(req, resp);
return;
}
String path = getRelativePath(req);
WebResource resource = resources.getResource(path);
ContentRange range = parseContentRange(req, resp);
if (range == null) {
// Processing error. parseContentRange() set the error code
return;
}
InputStream resourceInputStream = null;
try {
// Append data specified in ranges to existing content for this
// resource - create a temp. file on the local filesystem to
// perform this operation
// Assume just one range is specified for now
if (range == IGNORE) {
resourceInputStream = req.getInputStream();
} else {
File contentFile = executePartialPut(req, range, path);
resourceInputStream = new FileInputStream(contentFile);
}
if (resources.write(path, resourceInputStream, true)) {
if (resource.exists()) {
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
} else {
resp.setStatus(HttpServletResponse.SC_CREATED);
}
} else {
resp.sendError(HttpServletResponse.SC_CONFLICT);
}
} finally {
if (resourceInputStream != null) {
try {
resourceInputStream.close();
} catch (IOException ioe) {
// Ignore
}
}
}
}
Handle a partial PUT. New content specified in request is appended to
existing content in oldRevisionContent (if present). This code does
not support simultaneous partial updates to the same resource.
Params: - req – The Servlet request
- range – The range that will be written
- path – The path
Throws: - IOException – an IO error occurred
Returns: the associated file object
/**
* Handle a partial PUT. New content specified in request is appended to
* existing content in oldRevisionContent (if present). This code does
* not support simultaneous partial updates to the same resource.
* @param req The Servlet request
* @param range The range that will be written
* @param path The path
* @return the associated file object
* @throws IOException an IO error occurred
*/
protected File executePartialPut(HttpServletRequest req, ContentRange range,
String path)
throws IOException {
// Append data specified in ranges to existing content for this
// resource - create a temp. file on the local filesystem to
// perform this operation
File tempDir = (File) getServletContext().getAttribute
(ServletContext.TEMPDIR);
// Convert all '/' characters to '.' in resourcePath
String convertedResourcePath = path.replace('/', '.');
File contentFile = new File(tempDir, convertedResourcePath);
if (contentFile.createNewFile()) {
// Clean up contentFile when Tomcat is terminated
contentFile.deleteOnExit();
}
try (RandomAccessFile randAccessContentFile =
new RandomAccessFile(contentFile, "rw")) {
WebResource oldResource = resources.getResource(path);
// Copy data in oldRevisionContent to contentFile
if (oldResource.isFile()) {
try (BufferedInputStream bufOldRevStream =
new BufferedInputStream(oldResource.getInputStream(),
BUFFER_SIZE)) {
int numBytesRead;
byte[] copyBuffer = new byte[BUFFER_SIZE];
while ((numBytesRead = bufOldRevStream.read(copyBuffer)) != -1) {
randAccessContentFile.write(copyBuffer, 0, numBytesRead);
}
}
}
randAccessContentFile.setLength(range.getLength());
// Append data in request input stream to contentFile
randAccessContentFile.seek(range.getStart());
int numBytesRead;
byte[] transferBuffer = new byte[BUFFER_SIZE];
try (BufferedInputStream requestBufInStream =
new BufferedInputStream(req.getInputStream(), BUFFER_SIZE)) {
while ((numBytesRead = requestBufInStream.read(transferBuffer)) != -1) {
randAccessContentFile.write(transferBuffer, 0, numBytesRead);
}
}
}
return contentFile;
}
Process a DELETE request for the specified resource.
Params: - req – The servlet request we are processing
- resp – The servlet response we are creating
Throws: - IOException – if an input/output error occurs
- ServletException – if a servlet-specified error occurs
/**
* Process a DELETE request for the specified resource.
*
* @param req The servlet request we are processing
* @param resp The servlet response we are creating
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet-specified error occurs
*/
@Override
protected void doDelete(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
if (readOnly) {
sendNotAllowed(req, resp);
return;
}
String path = getRelativePath(req);
WebResource resource = resources.getResource(path);
if (resource.exists()) {
if (resource.delete()) {
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
} else {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
}
} else {
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
}
}
Check if the conditions specified in the optional If headers are
satisfied.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
- resource – The resource
Throws: - IOException – an IO error occurred
Returns: true
if the resource meets all the specified
conditions, and false
if any of the conditions is not
satisfied, in which case request processing is stopped
/**
* Check if the conditions specified in the optional If headers are
* satisfied.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param resource The resource
* @return <code>true</code> if the resource meets all the specified
* conditions, and <code>false</code> if any of the conditions is not
* satisfied, in which case request processing is stopped
* @throws IOException an IO error occurred
*/
protected boolean checkIfHeaders(HttpServletRequest request,
HttpServletResponse response,
WebResource resource)
throws IOException {
return checkIfMatch(request, response, resource)
&& checkIfModifiedSince(request, response, resource)
&& checkIfNoneMatch(request, response, resource)
&& checkIfUnmodifiedSince(request, response, resource);
}
URL rewriter.
Params: - path – Path which has to be rewritten
Returns: the rewritten path
/**
* URL rewriter.
*
* @param path Path which has to be rewritten
* @return the rewritten path
*/
protected String rewriteUrl(String path) {
return URLEncoder.DEFAULT.encode(path, StandardCharsets.UTF_8);
}
Serve the specified resource, optionally including the data content.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
- content – Should the content be included?
- inputEncoding – The encoding to use if it is necessary to access the
source as characters rather than as bytes
Throws: - IOException – if an input/output error occurs
- ServletException – if a servlet-specified error occurs
/**
* Serve the specified resource, optionally including the data content.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param content Should the content be included?
* @param inputEncoding The encoding to use if it is necessary to access the
* source as characters rather than as bytes
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet-specified error occurs
*/
protected void serveResource(HttpServletRequest request,
HttpServletResponse response,
boolean content,
String inputEncoding)
throws IOException, ServletException {
boolean serveContent = content;
// Identify the requested resource path
String path = getRelativePath(request, true);
if (debug > 0) {
if (serveContent)
log("DefaultServlet.serveResource: Serving resource '" +
path + "' headers and data");
else
log("DefaultServlet.serveResource: Serving resource '" +
path + "' headers only");
}
if (path.length() == 0) {
// Context root redirect
doDirectoryRedirect(request, response);
return;
}
WebResource resource = resources.getResource(path);
boolean isError = DispatcherType.ERROR == request.getDispatcherType();
if (!resource.exists()) {
// Check if we're included so we can return the appropriate
// missing resource name in the error
String requestUri = (String) request.getAttribute(
RequestDispatcher.INCLUDE_REQUEST_URI);
if (requestUri == null) {
requestUri = request.getRequestURI();
} else {
// We're included
// SRV.9.3 says we must throw a FNFE
throw new FileNotFoundException(sm.getString(
"defaultServlet.missingResource", requestUri));
}
if (isError) {
response.sendError(((Integer) request.getAttribute(
RequestDispatcher.ERROR_STATUS_CODE)).intValue());
} else {
response.sendError(HttpServletResponse.SC_NOT_FOUND,
sm.getString("defaultServlet.missingResource", requestUri));
}
return;
}
if (!resource.canRead()) {
// Check if we're included so we can return the appropriate
// missing resource name in the error
String requestUri = (String) request.getAttribute(
RequestDispatcher.INCLUDE_REQUEST_URI);
if (requestUri == null) {
requestUri = request.getRequestURI();
} else {
// We're included
// Spec doesn't say what to do in this case but a FNFE seems
// reasonable
throw new FileNotFoundException(sm.getString(
"defaultServlet.missingResource", requestUri));
}
if (isError) {
response.sendError(((Integer) request.getAttribute(
RequestDispatcher.ERROR_STATUS_CODE)).intValue());
} else {
response.sendError(HttpServletResponse.SC_FORBIDDEN, requestUri);
}
return;
}
boolean included = false;
// Check if the conditions specified in the optional If headers are
// satisfied.
if (resource.isFile()) {
// Checking If headers
included = (request.getAttribute(
RequestDispatcher.INCLUDE_CONTEXT_PATH) != null);
if (!included && !isError && !checkIfHeaders(request, response, resource)) {
return;
}
}
// Find content type.
String contentType = resource.getMimeType();
if (contentType == null) {
contentType = getServletContext().getMimeType(resource.getName());
resource.setMimeType(contentType);
}
// These need to reflect the original resource, not the potentially
// precompressed version of the resource so get them now if they are going to
// be needed later
String eTag = null;
String lastModifiedHttp = null;
if (resource.isFile() && !isError) {
eTag = generateETag(resource);
lastModifiedHttp = resource.getLastModifiedHttp();
}
// Serve a precompressed version of the file if present
boolean usingPrecompressedVersion = false;
if (compressionFormats.length > 0 && !included && resource.isFile() &&
!pathEndsWithCompressedExtension(path)) {
List<PrecompressedResource> precompressedResources =
getAvailablePrecompressedResources(path);
if (!precompressedResources.isEmpty()) {
ResponseUtil.addVaryFieldName(response, "accept-encoding");
PrecompressedResource bestResource =
getBestPrecompressedResource(request, precompressedResources);
if (bestResource != null) {
response.addHeader("Content-Encoding", bestResource.format.encoding);
resource = bestResource.resource;
usingPrecompressedVersion = true;
}
}
}
Ranges ranges = FULL;
long contentLength = -1L;
if (resource.isDirectory()) {
if (!path.endsWith("/")) {
doDirectoryRedirect(request, response);
return;
}
// Skip directory listings if we have been configured to
// suppress them
if (!listings) {
response.sendError(HttpServletResponse.SC_NOT_FOUND,
sm.getString("defaultServlet.missingResource", request.getRequestURI()));
return;
}
contentType = "text/html;charset=UTF-8";
} else {
if (!isError) {
if (useAcceptRanges) {
// Accept ranges header
response.setHeader("Accept-Ranges", "bytes");
}
// Parse range specifier
ranges = parseRange(request, response, resource);
if (ranges == null) {
return;
}
// ETag header
response.setHeader("ETag", eTag);
// Last-Modified header
response.setHeader("Last-Modified", lastModifiedHttp);
}
// Get content length
contentLength = resource.getContentLength();
// Special case for zero length files, which would cause a
// (silent) ISE when setting the output buffer size
if (contentLength == 0L) {
serveContent = false;
}
}
ServletOutputStream ostream = null;
PrintWriter writer = null;
if (serveContent) {
// Trying to retrieve the servlet output stream
try {
ostream = response.getOutputStream();
} catch (IllegalStateException e) {
// If it fails, we try to get a Writer instead if we're
// trying to serve a text file
if (!usingPrecompressedVersion && isText(contentType)) {
writer = response.getWriter();
// Cannot reliably serve partial content with a Writer
ranges = FULL;
} else {
throw e;
}
}
}
// Check to see if a Filter, Valve or wrapper has written some content.
// If it has, disable range requests and setting of a content length
// since neither can be done reliably.
ServletResponse r = response;
long contentWritten = 0;
while (r instanceof ServletResponseWrapper) {
r = ((ServletResponseWrapper) r).getResponse();
}
if (r instanceof ResponseFacade) {
contentWritten = ((ResponseFacade) r).getContentWritten();
}
if (contentWritten > 0) {
ranges = FULL;
}
String outputEncoding = response.getCharacterEncoding();
Charset charset = B2CConverter.getCharset(outputEncoding);
boolean conversionRequired;
/*
* The test below deliberately uses != to compare two Strings. This is
* because the code is looking to see if the default character encoding
* has been returned because no explicit character encoding has been
* defined. There is no clean way of doing this via the Servlet API. It
* would be possible to add a Tomcat specific API but that would require
* quite a bit of code to get to the Tomcat specific request object that
* may have been wrapped. The != test is a (slightly hacky) quick way of
* doing this.
*/
boolean outputEncodingSpecified =
outputEncoding != org.apache.coyote.Constants.DEFAULT_BODY_CHARSET.name() &&
outputEncoding != resources.getContext().getResponseCharacterEncoding();
if (!usingPrecompressedVersion && isText(contentType) && outputEncodingSpecified &&
!charset.equals(fileEncodingCharset)) {
conversionRequired = true;
// Conversion often results fewer/more/different bytes.
// That does not play nicely with range requests.
ranges = FULL;
} else {
conversionRequired = false;
}
if (resource.isDirectory() || isError || ranges == FULL ) {
// Set the appropriate output headers
if (contentType != null) {
if (debug > 0)
log("DefaultServlet.serveFile: contentType='" +
contentType + "'");
// Don't override a previously set content type
if (response.getContentType() == null) {
response.setContentType(contentType);
}
}
if (resource.isFile() && contentLength >= 0 &&
(!serveContent || ostream != null)) {
if (debug > 0)
log("DefaultServlet.serveFile: contentLength=" +
contentLength);
// Don't set a content length if something else has already
// written to the response or if conversion will be taking place
if (contentWritten == 0 && !conversionRequired) {
response.setContentLengthLong(contentLength);
}
}
if (serveContent) {
try {
response.setBufferSize(output);
} catch (IllegalStateException e) {
// Silent catch
}
InputStream renderResult = null;
if (ostream == null) {
// Output via a writer so can't use sendfile or write
// content directly.
if (resource.isDirectory()) {
renderResult = render(request, getPathPrefix(request), resource, inputEncoding);
} else {
renderResult = resource.getInputStream();
if (included) {
// Need to make sure any BOM is removed
if (!renderResult.markSupported()) {
renderResult = new BufferedInputStream(renderResult);
}
Charset bomCharset = processBom(renderResult);
if (bomCharset != null && useBomIfPresent) {
inputEncoding = bomCharset.name();
}
}
}
copy(renderResult, writer, inputEncoding);
} else {
// Output is via an OutputStream
if (resource.isDirectory()) {
renderResult = render(request, getPathPrefix(request), resource, inputEncoding);
} else {
// Output is content of resource
// Check to see if conversion is required
if (conversionRequired || included) {
// When including a file, we need to check for a BOM
// to determine if a conversion is required, so we
// might as well always convert
InputStream source = resource.getInputStream();
if (!source.markSupported()) {
source = new BufferedInputStream(source);
}
Charset bomCharset = processBom(source);
if (bomCharset != null && useBomIfPresent) {
inputEncoding = bomCharset.name();
}
// Following test also ensures included resources
// are converted if an explicit output encoding was
// specified
if (outputEncodingSpecified) {
OutputStreamWriter osw = new OutputStreamWriter(ostream, charset);
PrintWriter pw = new PrintWriter(osw);
copy(source, pw, inputEncoding);
pw.flush();
} else {
// Just included but no conversion
renderResult = source;
}
} else {
if (!checkSendfile(request, response, resource, contentLength, null)) {
// sendfile not possible so check if resource
// content is available directly via
// CachedResource. Do not want to call
// getContent() on other resource
// implementations as that could trigger loading
// the contents of a very large file into memory
byte[] resourceBody = null;
if (resource instanceof CachedResource) {
resourceBody = resource.getContent();
}
if (resourceBody == null) {
// Resource content not directly available,
// use InputStream
renderResult = resource.getInputStream();
} else {
// Use the resource content directly
ostream.write(resourceBody);
}
}
}
}
// If a stream was configured, it needs to be copied to
// the output (this method closes the stream)
if (renderResult != null) {
copy(renderResult, ostream);
}
}
}
} else {
if ((ranges == null) || (ranges.getEntries().isEmpty()))
return;
// Partial content response.
response.setStatus(HttpServletResponse.SC_PARTIAL_CONTENT);
if (ranges.getEntries().size() == 1) {
Ranges.Entry range = ranges.getEntries().get(0);
long start = getStart(range, contentLength);
long end = getEnd(range, contentLength);
response.addHeader("Content-Range",
"bytes " + start + "-" + end + "/" + contentLength);
long length = end - start + 1;
response.setContentLengthLong(length);
if (contentType != null) {
if (debug > 0)
log("DefaultServlet.serveFile: contentType='" +
contentType + "'");
response.setContentType(contentType);
}
if (serveContent) {
try {
response.setBufferSize(output);
} catch (IllegalStateException e) {
// Silent catch
}
if (ostream != null) {
if (!checkSendfile(request, response, resource,
contentLength, range))
copy(resource, contentLength, ostream, range);
} else {
// we should not get here
throw new IllegalStateException();
}
}
} else {
response.setContentType("multipart/byteranges; boundary="
+ mimeSeparation);
if (serveContent) {
try {
response.setBufferSize(output);
} catch (IllegalStateException e) {
// Silent catch
}
if (ostream != null) {
copy(resource, contentLength, ostream, ranges, contentType);
} else {
// we should not get here
throw new IllegalStateException();
}
}
}
}
}
/*
* Code borrowed heavily from Jasper's EncodingDetector
*/
private static Charset processBom(InputStream is) throws IOException {
// Java supported character sets do not use BOMs longer than 4 bytes
byte[] bom = new byte[4];
is.mark(bom.length);
int count = is.read(bom);
// BOMs are at least 2 bytes
if (count < 2) {
skip(is, 0);
return null;
}
// Look for two byte BOMs
int b0 = bom[0] & 0xFF;
int b1 = bom[1] & 0xFF;
if (b0 == 0xFE && b1 == 0xFF) {
skip(is, 2);
return StandardCharsets.UTF_16BE;
}
// Delay the UTF_16LE check if there are more that 2 bytes since it
// overlaps with UTF-32LE.
if (count == 2 && b0 == 0xFF && b1 == 0xFE) {
skip(is, 2);
return StandardCharsets.UTF_16LE;
}
// Remaining BOMs are at least 3 bytes
if (count < 3) {
skip(is, 0);
return null;
}
// UTF-8 is only 3-byte BOM
int b2 = bom[2] & 0xFF;
if (b0 == 0xEF && b1 == 0xBB && b2 == 0xBF) {
skip(is, 3);
return StandardCharsets.UTF_8;
}
if (count < 4) {
skip(is, 0);
return null;
}
// Look for 4-byte BOMs
int b3 = bom[3] & 0xFF;
if (b0 == 0x00 && b1 == 0x00 && b2 == 0xFE && b3 == 0xFF) {
return Charset.forName("UTF-32BE");
}
if (b0 == 0xFF && b1 == 0xFE && b2 == 0x00 && b3 == 0x00) {
return Charset.forName("UTF-32LE");
}
// Now we can check for UTF16-LE. There is an assumption here that we
// won't see a UTF16-LE file with a BOM where the first real data is
// 0x00 0x00
if (b0 == 0xFF && b1 == 0xFE) {
skip(is, 2);
return StandardCharsets.UTF_16LE;
}
skip(is, 0);
return null;
}
private static void skip(InputStream is, int skip) throws IOException {
is.reset();
while (skip-- > 0) {
is.read();
}
}
private static boolean isText(String contentType) {
return contentType == null || contentType.startsWith("text") ||
contentType.endsWith("xml") || contentType.contains("/javascript");
}
private static boolean validate(ContentRange range) {
// bytes is the only range unit supported
return (range != null) && ("bytes".equals(range.getUnits())) && (range.getStart() >= 0)
&& (range.getEnd() >= 0) && (range.getStart() <= range.getEnd()) && (range.getLength() > 0);
}
private static boolean validate(Ranges.Entry range, long length) {
long start = getStart(range, length);
long end = getEnd(range, length);
return (start >= 0) && (end >= 0) && (start <= end);
}
private static long getStart(Ranges.Entry range, long length) {
long start = range.getStart();
if (start == -1 ) {
long end = range.getEnd();
// If there is no start, then the start is based on the end
if (end >= length) {
return 0;
} else {
return length - end;
}
} else {
return start;
}
}
private static long getEnd(Ranges.Entry range, long length) {
long end = range.getEnd();
if (range.getStart() == -1 || end == -1 || end >= length) {
return length - 1;
} else {
return end;
}
}
private boolean pathEndsWithCompressedExtension(String path) {
for (CompressionFormat format : compressionFormats) {
if (path.endsWith(format.extension)) {
return true;
}
}
return false;
}
private List<PrecompressedResource> getAvailablePrecompressedResources(String path) {
List<PrecompressedResource> ret = new ArrayList<>(compressionFormats.length);
for (CompressionFormat format : compressionFormats) {
WebResource precompressedResource = resources.getResource(path + format.extension);
if (precompressedResource.exists() && precompressedResource.isFile()) {
ret.add(new PrecompressedResource(precompressedResource, format));
}
}
return ret;
}
Match the client preferred encoding formats to the available precompressed resources.
Params: - request – The servlet request we are processing
- precompressedResources – List of available precompressed resources.
Returns: The best matching precompressed resource or null if no match was found.
/**
* Match the client preferred encoding formats to the available precompressed resources.
*
* @param request The servlet request we are processing
* @param precompressedResources List of available precompressed resources.
* @return The best matching precompressed resource or null if no match was found.
*/
private PrecompressedResource getBestPrecompressedResource(HttpServletRequest request,
List<PrecompressedResource> precompressedResources) {
Enumeration<String> headers = request.getHeaders("Accept-Encoding");
PrecompressedResource bestResource = null;
double bestResourceQuality = 0;
int bestResourcePreference = Integer.MAX_VALUE;
while (headers.hasMoreElements()) {
String header = headers.nextElement();
for (String preference : header.split(",")) {
double quality = 1;
int qualityIdx = preference.indexOf(';');
if (qualityIdx > 0) {
int equalsIdx = preference.indexOf('=', qualityIdx + 1);
if (equalsIdx == -1) {
continue;
}
quality = Double.parseDouble(preference.substring(equalsIdx + 1).trim());
}
if (quality >= bestResourceQuality) {
String encoding = preference;
if (qualityIdx > 0) {
encoding = encoding.substring(0, qualityIdx);
}
encoding = encoding.trim();
if ("identity".equals(encoding)) {
bestResource = null;
bestResourceQuality = quality;
bestResourcePreference = Integer.MAX_VALUE;
continue;
}
if ("*".equals(encoding)) {
bestResource = precompressedResources.get(0);
bestResourceQuality = quality;
bestResourcePreference = 0;
continue;
}
for (int i = 0; i < precompressedResources.size(); ++i) {
PrecompressedResource resource = precompressedResources.get(i);
if (encoding.equals(resource.format.encoding)) {
if (quality > bestResourceQuality || i < bestResourcePreference) {
bestResource = resource;
bestResourceQuality = quality;
bestResourcePreference = i;
}
break;
}
}
}
}
}
return bestResource;
}
private void doDirectoryRedirect(HttpServletRequest request, HttpServletResponse response)
throws IOException {
StringBuilder location = new StringBuilder(request.getRequestURI());
location.append('/');
if (request.getQueryString() != null) {
location.append('?');
location.append(request.getQueryString());
}
// Avoid protocol relative redirects
while (location.length() > 1 && location.charAt(1) == '/') {
location.deleteCharAt(0);
}
response.sendRedirect(response.encodeRedirectURL(location.toString()));
}
Parse the content-range header.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
Throws: - IOException – an IO error occurred
Returns: the partial content-range, null
if the content-range header was invalid or #IGNORE
if there is no header to process
/**
* Parse the content-range header.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @return the partial content-range, {@code null} if the content-range
* header was invalid or {@code #IGNORE} if there is no header to
* process
* @throws IOException an IO error occurred
*/
protected ContentRange parseContentRange(HttpServletRequest request,
HttpServletResponse response)
throws IOException {
// Retrieving the content-range header (if any is specified
String contentRangeHeader = request.getHeader("Content-Range");
if (contentRangeHeader == null) {
return IGNORE;
}
if (!allowPartialPut) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return null;
}
ContentRange contentRange = ContentRange.parse(new StringReader(contentRangeHeader));
if (contentRange == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return null;
}
if (!validate(contentRange)) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return null;
}
return contentRange;
}
Parse the range header.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
- resource – The resource
Throws: - IOException – an IO error occurred
Returns: a list of ranges, null
if the range header was invalid or #FULL
if the Range header should be ignored.
/**
* Parse the range header.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param resource The resource
* @return a list of ranges, {@code null} if the range header was invalid or
* {@code #FULL} if the Range header should be ignored.
* @throws IOException an IO error occurred
*/
protected Ranges parseRange(HttpServletRequest request,
HttpServletResponse response,
WebResource resource) throws IOException {
// Range headers are only valid on GET requests. That implies they are
// also valid on HEAD requests. This method is only called by doGet()
// and doHead() so no need to check the request method.
// Checking If-Range
String headerValue = request.getHeader("If-Range");
if (headerValue != null) {
long headerValueTime = (-1L);
try {
headerValueTime = request.getDateHeader("If-Range");
} catch (IllegalArgumentException e) {
// Ignore
}
String eTag = generateETag(resource);
long lastModified = resource.getLastModified();
if (headerValueTime == (-1L)) {
// If the ETag the client gave does not match the entity
// etag, then the entire entity is returned.
if (!eTag.equals(headerValue.trim())) {
return FULL;
}
} else {
// If the timestamp of the entity the client got differs from
// the last modification date of the entity, the entire entity
// is returned.
if (Math.abs(lastModified - headerValueTime) > 1000) {
return FULL;
}
}
}
long fileLength = resource.getContentLength();
if (fileLength == 0) {
// Range header makes no sense for a zero length resource. Tomcat
// therefore opts to ignore it.
return FULL;
}
// Retrieving the range header (if any is specified
String rangeHeader = request.getHeader("Range");
if (rangeHeader == null) {
// No Range header is the same as ignoring any Range header
return FULL;
}
Ranges ranges = Ranges.parse(new StringReader(rangeHeader));
if (ranges == null) {
// The Range header is present but not formatted correctly.
// Could argue for a 400 response but 416 is more specific.
// There is also the option to ignore the (invalid) Range header.
// RFC7233#4.4 notes that many servers do ignore the Range header in
// these circumstances but Tomcat has always returned a 416.
response.addHeader("Content-Range", "bytes */" + fileLength);
response.sendError(HttpServletResponse.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
return null;
}
// bytes is the only range unit supported (and I don't see the point
// of adding new ones).
if (!ranges.getUnits().equals("bytes")) {
// RFC7233#3.1 Servers must ignore range units they don't understand
return FULL;
}
for (Ranges.Entry range : ranges.getEntries()) {
if (!validate(range, fileLength)) {
response.addHeader("Content-Range", "bytes */" + fileLength);
response.sendError(HttpServletResponse.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
return null;
}
}
return ranges;
}
Decide which way to render. HTML or XML.
Params: - request – The HttpServletRequest being served
- contextPath – The path
- resource – The resource
- encoding – The encoding to use to process the readme (if any)
Throws: - IOException – an IO error occurred
- ServletException – rendering error
Returns: the input stream with the rendered output
/**
* Decide which way to render. HTML or XML.
*
* @param request The HttpServletRequest being served
* @param contextPath The path
* @param resource The resource
* @param encoding The encoding to use to process the readme (if any)
*
* @return the input stream with the rendered output
*
* @throws IOException an IO error occurred
* @throws ServletException rendering error
*/
protected InputStream render(HttpServletRequest request, String contextPath, WebResource resource, String encoding)
throws IOException, ServletException {
Source xsltSource = findXsltSource(resource);
if (xsltSource == null) {
return renderHtml(request, contextPath, resource, encoding);
}
return renderXml(request, contextPath, resource, xsltSource, encoding);
}
Return an InputStream to an XML representation of the contents this
directory.
Params: - request – The HttpServletRequest being served
- contextPath – Context path to which our internal paths are relative
- resource – The associated resource
- xsltSource – The XSL stylesheet
- encoding – The encoding to use to process the readme (if any)
Throws: - IOException – an IO error occurred
- ServletException – rendering error
Returns: the XML data
/**
* Return an InputStream to an XML representation of the contents this
* directory.
*
* @param request The HttpServletRequest being served
* @param contextPath Context path to which our internal paths are relative
* @param resource The associated resource
* @param xsltSource The XSL stylesheet
* @param encoding The encoding to use to process the readme (if any)
*
* @return the XML data
*
* @throws IOException an IO error occurred
* @throws ServletException rendering error
*/
protected InputStream renderXml(HttpServletRequest request, String contextPath, WebResource resource, Source xsltSource,
String encoding)
throws IOException, ServletException {
StringBuilder sb = new StringBuilder();
sb.append("<?xml version=\"1.0\"?>");
sb.append("<listing ");
sb.append(" contextPath='");
sb.append(contextPath);
sb.append('\'');
sb.append(" directory='");
sb.append(resource.getName());
sb.append("' ");
sb.append(" hasParent='").append(!resource.getName().equals("/"));
sb.append("'>");
sb.append("<entries>");
String[] entries = resources.list(resource.getWebappPath());
// rewriteUrl(contextPath) is expensive. cache result for later reuse
String rewrittenContextPath = rewriteUrl(contextPath);
String directoryWebappPath = resource.getWebappPath();
for (String entry : entries) {
if (entry.equalsIgnoreCase("WEB-INF") ||
entry.equalsIgnoreCase("META-INF") ||
entry.equalsIgnoreCase(localXsltFile))
continue;
if ((directoryWebappPath + entry).equals(contextXsltFile))
continue;
WebResource childResource =
resources.getResource(directoryWebappPath + entry);
if (!childResource.exists()) {
continue;
}
sb.append("<entry");
sb.append(" type='")
.append(childResource.isDirectory()?"dir":"file")
.append('\'');
sb.append(" urlPath='")
.append(rewrittenContextPath)
.append(rewriteUrl(directoryWebappPath + entry))
.append(childResource.isDirectory()?"/":"")
.append('\'');
if (childResource.isFile()) {
sb.append(" size='")
.append(renderSize(childResource.getContentLength()))
.append('\'');
}
sb.append(" date='")
.append(childResource.getLastModifiedHttp())
.append('\'');
sb.append('>');
sb.append(Escape.htmlElementContent(entry));
if (childResource.isDirectory())
sb.append('/');
sb.append("</entry>");
}
sb.append("</entries>");
String readme = getReadme(resource, encoding);
if (readme!=null) {
sb.append("<readme><![CDATA[");
sb.append(readme);
sb.append("]]></readme>");
}
sb.append("</listing>");
// Prevent possible memory leak. Ensure Transformer and
// TransformerFactory are not loaded from the web application.
ClassLoader original;
if (Globals.IS_SECURITY_ENABLED) {
PrivilegedGetTccl pa = new PrivilegedGetTccl();
original = AccessController.doPrivileged(pa);
} else {
original = Thread.currentThread().getContextClassLoader();
}
try {
if (Globals.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa =
new PrivilegedSetTccl(DefaultServlet.class.getClassLoader());
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(
DefaultServlet.class.getClassLoader());
}
TransformerFactory tFactory = TransformerFactory.newInstance();
Source xmlSource = new StreamSource(new StringReader(sb.toString()));
Transformer transformer = tFactory.newTransformer(xsltSource);
ByteArrayOutputStream stream = new ByteArrayOutputStream();
OutputStreamWriter osWriter = new OutputStreamWriter(stream, StandardCharsets.UTF_8);
StreamResult out = new StreamResult(osWriter);
transformer.transform(xmlSource, out);
osWriter.flush();
return new ByteArrayInputStream(stream.toByteArray());
} catch (TransformerException e) {
throw new ServletException(sm.getString("defaultServlet.xslError"), e);
} finally {
if (Globals.IS_SECURITY_ENABLED) {
PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
AccessController.doPrivileged(pa);
} else {
Thread.currentThread().setContextClassLoader(original);
}
}
}
Return an InputStream to an HTML representation of the contents of this
directory.
Params: - request – The HttpServletRequest being served
- contextPath – Context path to which our internal paths are relative
- resource – The associated resource
- encoding – The encoding to use to process the readme (if any)
Throws: - IOException – an IO error occurred
Returns: the HTML data
/**
* Return an InputStream to an HTML representation of the contents of this
* directory.
*
* @param request The HttpServletRequest being served
* @param contextPath Context path to which our internal paths are relative
* @param resource The associated resource
* @param encoding The encoding to use to process the readme (if any)
*
* @return the HTML data
*
* @throws IOException an IO error occurred
*/
protected InputStream renderHtml(HttpServletRequest request, String contextPath, WebResource resource, String encoding)
throws IOException {
// Prepare a writer to a buffered area
ByteArrayOutputStream stream = new ByteArrayOutputStream();
OutputStreamWriter osWriter = new OutputStreamWriter(stream, StandardCharsets.UTF_8);
PrintWriter writer = new PrintWriter(osWriter);
StringBuilder sb = new StringBuilder();
String directoryWebappPath = resource.getWebappPath();
WebResource[] entries = resources.listResources(directoryWebappPath);
// rewriteUrl(contextPath) is expensive. cache result for later reuse
String rewrittenContextPath = rewriteUrl(contextPath);
// Render the page header
sb.append("<!doctype html><html>\r\n");
/* TODO Activate this as soon as we use smClient with the request locales
sb.append("<!doctype html><html lang=\"");
sb.append(smClient.getLocale().getLanguage()).append("\">\r\n");
*/
sb.append("<head>\r\n");
sb.append("<title>");
sb.append(sm.getString("directory.title", directoryWebappPath));
sb.append("</title>\r\n");
sb.append("<style>");
sb.append(org.apache.catalina.util.TomcatCSS.TOMCAT_CSS);
sb.append("</style> ");
sb.append("</head>\r\n");
sb.append("<body>");
sb.append("<h1>");
sb.append(sm.getString("directory.title", directoryWebappPath));
// Render the link to our parent (if required)
String parentDirectory = directoryWebappPath;
if (parentDirectory.endsWith("/")) {
parentDirectory =
parentDirectory.substring(0, parentDirectory.length() - 1);
}
int slash = parentDirectory.lastIndexOf('/');
if (slash >= 0) {
String parent = directoryWebappPath.substring(0, slash);
sb.append(" - <a href=\"");
sb.append(rewrittenContextPath);
if (parent.equals(""))
parent = "/";
sb.append(rewriteUrl(parent));
if (!parent.endsWith("/"))
sb.append('/');
sb.append("\">");
sb.append("<b>");
sb.append(sm.getString("directory.parent", parent));
sb.append("</b>");
sb.append("</a>");
}
sb.append("</h1>");
sb.append("<hr class=\"line\">");
sb.append("<table width=\"100%\" cellspacing=\"0\"" +
" cellpadding=\"5\" align=\"center\">\r\n");
SortManager.Order order;
if(sortListings && null != request)
order = sortManager.getOrder(request.getQueryString());
else
order = null;
// Render the column headings
sb.append("<tr>\r\n");
sb.append("<td align=\"left\"><font size=\"+1\"><strong>");
if(sortListings && null != request) {
sb.append("<a href=\"?C=N;O=");
sb.append(getOrderChar(order, 'N'));
sb.append("\">");
sb.append(sm.getString("directory.filename"));
sb.append("</a>");
} else {
sb.append(sm.getString("directory.filename"));
}
sb.append("</strong></font></td>\r\n");
sb.append("<td align=\"center\"><font size=\"+1\"><strong>");
if(sortListings && null != request) {
sb.append("<a href=\"?C=S;O=");
sb.append(getOrderChar(order, 'S'));
sb.append("\">");
sb.append(sm.getString("directory.size"));
sb.append("</a>");
} else {
sb.append(sm.getString("directory.size"));
}
sb.append("</strong></font></td>\r\n");
sb.append("<td align=\"right\"><font size=\"+1\"><strong>");
if(sortListings && null != request) {
sb.append("<a href=\"?C=M;O=");
sb.append(getOrderChar(order, 'M'));
sb.append("\">");
sb.append(sm.getString("directory.lastModified"));
sb.append("</a>");
} else {
sb.append(sm.getString("directory.lastModified"));
}
sb.append("</strong></font></td>\r\n");
sb.append("</tr>");
if(null != sortManager && null != request) {
sortManager.sort(entries, request.getQueryString());
}
boolean shade = false;
for (WebResource childResource : entries) {
String filename = childResource.getName();
if (filename.equalsIgnoreCase("WEB-INF") ||
filename.equalsIgnoreCase("META-INF"))
continue;
if (!childResource.exists()) {
continue;
}
sb.append("<tr");
if (shade)
sb.append(" bgcolor=\"#eeeeee\"");
sb.append(">\r\n");
shade = !shade;
sb.append("<td align=\"left\"> \r\n");
sb.append("<a href=\"");
sb.append(rewrittenContextPath);
sb.append(rewriteUrl(childResource.getWebappPath()));
if (childResource.isDirectory())
sb.append('/');
sb.append("\"><tt>");
sb.append(Escape.htmlElementContent(filename));
if (childResource.isDirectory())
sb.append('/');
sb.append("</tt></a></td>\r\n");
sb.append("<td align=\"right\"><tt>");
if (childResource.isDirectory())
sb.append(" ");
else
sb.append(renderSize(childResource.getContentLength()));
sb.append("</tt></td>\r\n");
sb.append("<td align=\"right\"><tt>");
sb.append(childResource.getLastModifiedHttp());
sb.append("</tt></td>\r\n");
sb.append("</tr>\r\n");
}
// Render the page footer
sb.append("</table>\r\n");
sb.append("<hr class=\"line\">");
String readme = getReadme(resource, encoding);
if (readme!=null) {
sb.append(readme);
sb.append("<hr class=\"line\">");
}
if (showServerInfo) {
sb.append("<h3>").append(ServerInfo.getServerInfo()).append("</h3>");
}
sb.append("</body>\r\n");
sb.append("</html>\r\n");
// Return an input stream to the underlying bytes
writer.write(sb.toString());
writer.flush();
return new ByteArrayInputStream(stream.toByteArray());
}
Render the specified file size (in bytes).
Params: - size – File size (in bytes)
Returns: the formatted size
/**
* Render the specified file size (in bytes).
*
* @param size File size (in bytes)
* @return the formatted size
*/
protected String renderSize(long size) {
long leftSide = size / 1024;
long rightSide = (size % 1024) / 103; // Makes 1 digit
if ((leftSide == 0) && (rightSide == 0) && (size > 0))
rightSide = 1;
return ("" + leftSide + "." + rightSide + " kb");
}
Get the readme file as a string.
Params: - directory – The directory to search
- encoding – The readme encoding
Returns: the readme for the specified directory
/**
* Get the readme file as a string.
* @param directory The directory to search
* @param encoding The readme encoding
* @return the readme for the specified directory
*/
protected String getReadme(WebResource directory, String encoding) {
if (readmeFile != null) {
WebResource resource = resources.getResource(
directory.getWebappPath() + readmeFile);
if (resource.isFile()) {
StringWriter buffer = new StringWriter();
InputStreamReader reader = null;
try (InputStream is = resource.getInputStream()){
if (encoding != null) {
reader = new InputStreamReader(is, encoding);
} else {
reader = new InputStreamReader(is);
}
copyRange(reader, new PrintWriter(buffer));
} catch (IOException e) {
log(sm.getString("defaultServlet.readerCloseFailed"), e);
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException e) {
}
}
}
return buffer.toString();
} else {
if (debug > 10)
log("readme '" + readmeFile + "' not found");
return null;
}
}
return null;
}
Return a Source for the xsl template (if possible).
Params: - directory – The directory to search
Throws: - IOException – an IO error occurred
Returns: the source for the specified directory
/**
* Return a Source for the xsl template (if possible).
* @param directory The directory to search
* @return the source for the specified directory
* @throws IOException an IO error occurred
*/
protected Source findXsltSource(WebResource directory)
throws IOException {
if (localXsltFile != null) {
WebResource resource = resources.getResource(
directory.getWebappPath() + localXsltFile);
if (resource.isFile()) {
InputStream is = resource.getInputStream();
if (is != null) {
if (Globals.IS_SECURITY_ENABLED) {
return secureXslt(is);
} else {
return new StreamSource(is);
}
}
}
if (debug > 10) {
log("localXsltFile '" + localXsltFile + "' not found");
}
}
if (contextXsltFile != null) {
InputStream is =
getServletContext().getResourceAsStream(contextXsltFile);
if (is != null) {
if (Globals.IS_SECURITY_ENABLED) {
return secureXslt(is);
} else {
return new StreamSource(is);
}
}
if (debug > 10)
log("contextXsltFile '" + contextXsltFile + "' not found");
}
/* Open and read in file in one fell swoop to reduce chance
* chance of leaving handle open.
*/
if (globalXsltFile != null) {
File f = validateGlobalXsltFile();
if (f != null) {
long globalXsltFileSize = f.length();
if (globalXsltFileSize > Integer.MAX_VALUE) {
log("globalXsltFile [" + f.getAbsolutePath() + "] is too big to buffer");
} else {
try (FileInputStream fis = new FileInputStream(f)){
byte b[] = new byte[(int)f.length()];
IOTools.readFully(fis, b);
return new StreamSource(new ByteArrayInputStream(b));
}
}
}
}
return null;
}
private File validateGlobalXsltFile() {
Context context = resources.getContext();
File baseConf = new File(context.getCatalinaBase(), "conf");
File result = validateGlobalXsltFile(baseConf);
if (result == null) {
File homeConf = new File(context.getCatalinaHome(), "conf");
if (!baseConf.equals(homeConf)) {
result = validateGlobalXsltFile(homeConf);
}
}
return result;
}
private File validateGlobalXsltFile(File base) {
File candidate = new File(globalXsltFile);
if (!candidate.isAbsolute()) {
candidate = new File(base, globalXsltFile);
}
if (!candidate.isFile()) {
return null;
}
// First check that the resulting path is under the provided base
try {
if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) {
return null;
}
} catch (IOException ioe) {
return null;
}
// Next check that an .xsl or .xslt file has been specified
String nameLower = candidate.getName().toLowerCase(Locale.ENGLISH);
if (!nameLower.endsWith(".xslt") && !nameLower.endsWith(".xsl")) {
return null;
}
return candidate;
}
private Source secureXslt(InputStream is) {
// Need to filter out any external entities
Source result = null;
try {
DocumentBuilder builder = factory.newDocumentBuilder();
builder.setEntityResolver(secureEntityResolver);
Document document = builder.parse(is);
result = new DOMSource(document);
} catch (ParserConfigurationException | SAXException | IOException e) {
if (debug > 0) {
log(e.getMessage(), e);
}
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
// Ignore
}
}
}
return result;
}
// -------------------------------------------------------- protected Methods
Check if sendfile can be used.
Params: - request – The Servlet request
- response – The Servlet response
- resource – The resource
- length – The length which will be written (will be used only if
range is null)
- range – The range that will be written
Returns: true
if sendfile should be used (writing is then
delegated to the endpoint)
/**
* Check if sendfile can be used.
* @param request The Servlet request
* @param response The Servlet response
* @param resource The resource
* @param length The length which will be written (will be used only if
* range is null)
* @param range The range that will be written
* @return <code>true</code> if sendfile should be used (writing is then
* delegated to the endpoint)
*/
protected boolean checkSendfile(HttpServletRequest request,
HttpServletResponse response,
WebResource resource,
long length, Ranges.Entry range) {
String canonicalPath;
if (sendfileSize > 0
&& length > sendfileSize
&& (Boolean.TRUE.equals(request.getAttribute(Globals.SENDFILE_SUPPORTED_ATTR)))
&& (request.getClass().getName().equals("org.apache.catalina.connector.RequestFacade"))
&& (response.getClass().getName().equals("org.apache.catalina.connector.ResponseFacade"))
&& resource.isFile()
&& ((canonicalPath = resource.getCanonicalPath()) != null)
) {
request.setAttribute(Globals.SENDFILE_FILENAME_ATTR, canonicalPath);
if (range == null) {
request.setAttribute(Globals.SENDFILE_FILE_START_ATTR, Long.valueOf(0L));
request.setAttribute(Globals.SENDFILE_FILE_END_ATTR, Long.valueOf(length));
} else {
request.setAttribute(Globals.SENDFILE_FILE_START_ATTR, Long.valueOf(getStart(range, length)));
request.setAttribute(Globals.SENDFILE_FILE_END_ATTR, Long.valueOf(getEnd(range, length) + 1));
}
return true;
}
return false;
}
Check if the if-match condition is satisfied.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
- resource – The resource
Throws: - IOException – an IO error occurred
Returns: true
if the resource meets the specified condition,
and false
if the condition is not satisfied, in which case
request processing is stopped
/**
* Check if the if-match condition is satisfied.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param resource The resource
* @return <code>true</code> if the resource meets the specified condition,
* and <code>false</code> if the condition is not satisfied, in which case
* request processing is stopped
* @throws IOException an IO error occurred
*/
protected boolean checkIfMatch(HttpServletRequest request, HttpServletResponse response, WebResource resource)
throws IOException {
String headerValue = request.getHeader("If-Match");
if (headerValue != null) {
boolean conditionSatisfied;
if (!headerValue.equals("*")) {
String resourceETag = generateETag(resource);
if (resourceETag == null) {
conditionSatisfied = false;
} else {
// RFC 7232 requires strong comparison for If-Match headers
Boolean matched = EntityTag.compareEntityTag(new StringReader(headerValue), false, resourceETag);
if (matched == null) {
if (debug > 10) {
log("DefaultServlet.checkIfMatch: Invalid header value [" + headerValue + "]");
}
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return false;
}
conditionSatisfied = matched.booleanValue();
}
} else {
conditionSatisfied = true;
}
if (!conditionSatisfied) {
response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED);
return false;
}
}
return true;
}
Check if the if-modified-since condition is satisfied.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
- resource – The resource
Returns: true
if the resource meets the specified condition,
and false
if the condition is not satisfied, in which case
request processing is stopped
/**
* Check if the if-modified-since condition is satisfied.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param resource The resource
* @return <code>true</code> if the resource meets the specified condition,
* and <code>false</code> if the condition is not satisfied, in which case
* request processing is stopped
*/
protected boolean checkIfModifiedSince(HttpServletRequest request,
HttpServletResponse response, WebResource resource) {
try {
long headerValue = request.getDateHeader("If-Modified-Since");
long lastModified = resource.getLastModified();
if (headerValue != -1) {
// If an If-None-Match header has been specified, if modified since
// is ignored.
if ((request.getHeader("If-None-Match") == null)
&& (lastModified < headerValue + 1000)) {
// The entity has not been modified since the date
// specified by the client. This is not an error case.
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
response.setHeader("ETag", generateETag(resource));
return false;
}
}
} catch (IllegalArgumentException illegalArgument) {
return true;
}
return true;
}
Check if the if-none-match condition is satisfied.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
- resource – The resource
Throws: - IOException – an IO error occurred
Returns: true
if the resource meets the specified condition,
and false
if the condition is not satisfied, in which case
request processing is stopped
/**
* Check if the if-none-match condition is satisfied.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param resource The resource
* @return <code>true</code> if the resource meets the specified condition,
* and <code>false</code> if the condition is not satisfied, in which case
* request processing is stopped
* @throws IOException an IO error occurred
*/
protected boolean checkIfNoneMatch(HttpServletRequest request, HttpServletResponse response, WebResource resource)
throws IOException {
String headerValue = request.getHeader("If-None-Match");
if (headerValue != null) {
boolean conditionSatisfied;
String resourceETag = generateETag(resource);
if (!headerValue.equals("*")) {
if (resourceETag == null) {
conditionSatisfied = false;
} else {
// RFC 7232 requires weak comparison for If-None-Match headers
Boolean matched = EntityTag.compareEntityTag(new StringReader(headerValue), true, resourceETag);
if (matched == null) {
if (debug > 10) {
log("DefaultServlet.checkIfNoneMatch: Invalid header value [" + headerValue + "]");
}
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return false;
}
conditionSatisfied = matched.booleanValue();
}
} else {
conditionSatisfied = true;
}
if (conditionSatisfied) {
// For GET and HEAD, we should respond with
// 304 Not Modified.
// For every other method, 412 Precondition Failed is sent
// back.
if ("GET".equals(request.getMethod()) || "HEAD".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
response.setHeader("ETag", resourceETag);
} else {
response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED);
}
return false;
}
}
return true;
}
Check if the if-unmodified-since condition is satisfied.
Params: - request – The servlet request we are processing
- response – The servlet response we are creating
- resource – The resource
Throws: - IOException – an IO error occurred
Returns: true
if the resource meets the specified condition,
and false
if the condition is not satisfied, in which case
request processing is stopped
/**
* Check if the if-unmodified-since condition is satisfied.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param resource The resource
* @return <code>true</code> if the resource meets the specified condition,
* and <code>false</code> if the condition is not satisfied, in which case
* request processing is stopped
* @throws IOException an IO error occurred
*/
protected boolean checkIfUnmodifiedSince(HttpServletRequest request,
HttpServletResponse response, WebResource resource)
throws IOException {
try {
long lastModified = resource.getLastModified();
long headerValue = request.getDateHeader("If-Unmodified-Since");
if (headerValue != -1) {
if ( lastModified >= (headerValue + 1000)) {
// The entity has not been modified since the date
// specified by the client. This is not an error case.
response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED);
return false;
}
}
} catch(IllegalArgumentException illegalArgument) {
return true;
}
return true;
}
Provides the entity tag (the ETag header) for the given resource.
Intended to be over-ridden by custom DefaultServlet implementations that
wish to use an alternative format for the entity tag.
Params: - resource – The resource for which an entity tag is required.
Returns: The result of calling WebResource.getETag()
on the given resource
/**
* Provides the entity tag (the ETag header) for the given resource.
* Intended to be over-ridden by custom DefaultServlet implementations that
* wish to use an alternative format for the entity tag.
*
* @param resource The resource for which an entity tag is required.
*
* @return The result of calling {@link WebResource#getETag()} on the given
* resource
*/
protected String generateETag(WebResource resource) {
return resource.getETag();
}
Copy the contents of the specified input stream to the specified
output stream, and ensure that both streams are closed before returning
(even in the face of an exception).
Params: - is – The input stream to read the source resource from
- ostream – The output stream to write to
Throws: - IOException – if an input/output error occurs
/**
* Copy the contents of the specified input stream to the specified
* output stream, and ensure that both streams are closed before returning
* (even in the face of an exception).
*
* @param is The input stream to read the source resource from
* @param ostream The output stream to write to
*
* @exception IOException if an input/output error occurs
*/
protected void copy(InputStream is, ServletOutputStream ostream) throws IOException {
IOException exception = null;
InputStream istream = new BufferedInputStream(is, input);
// Copy the input stream to the output stream
exception = copyRange(istream, ostream);
// Clean up the input stream
istream.close();
// Rethrow any exception that has occurred
if (exception != null)
throw exception;
}
Copy the contents of the specified input stream to the specified
output stream, and ensure that both streams are closed before returning
(even in the face of an exception).
Params: - is – The input stream to read the source resource from
- writer – The writer to write to
- encoding – The encoding to use when reading the source input stream
Throws: - IOException – if an input/output error occurs
/**
* Copy the contents of the specified input stream to the specified
* output stream, and ensure that both streams are closed before returning
* (even in the face of an exception).
*
* @param is The input stream to read the source resource from
* @param writer The writer to write to
* @param encoding The encoding to use when reading the source input stream
*
* @exception IOException if an input/output error occurs
*/
protected void copy(InputStream is, PrintWriter writer, String encoding) throws IOException {
IOException exception = null;
Reader reader;
if (encoding == null) {
reader = new InputStreamReader(is);
} else {
reader = new InputStreamReader(is, encoding);
}
// Copy the input stream to the output stream
exception = copyRange(reader, writer);
// Clean up the reader
reader.close();
// Rethrow any exception that has occurred
if (exception != null) {
throw exception;
}
}
Copy the contents of the specified input stream to the specified
output stream, and ensure that both streams are closed before returning
(even in the face of an exception).
Params: - resource – The source resource
- length – the resource length
- ostream – The output stream to write to
- range – Range the client wanted to retrieve
Throws: - IOException – if an input/output error occurs
/**
* Copy the contents of the specified input stream to the specified
* output stream, and ensure that both streams are closed before returning
* (even in the face of an exception).
*
* @param resource The source resource
* @param length the resource length
* @param ostream The output stream to write to
* @param range Range the client wanted to retrieve
* @exception IOException if an input/output error occurs
*/
protected void copy(WebResource resource, long length, ServletOutputStream ostream,
Ranges.Entry range)
throws IOException {
IOException exception = null;
InputStream resourceInputStream = resource.getInputStream();
InputStream istream =
new BufferedInputStream(resourceInputStream, input);
exception = copyRange(istream, ostream, getStart(range, length), getEnd(range, length));
// Clean up the input stream
istream.close();
// Rethrow any exception that has occurred
if (exception != null)
throw exception;
}
Copy the contents of the specified input stream to the specified
output stream, and ensure that both streams are closed before returning
(even in the face of an exception).
Params: - resource – The source resource
- length – the resource length
- ostream – The output stream to write to
- ranges – Enumeration of the ranges the client wanted to
retrieve
- contentType – Content type of the resource
Throws: - IOException – if an input/output error occurs
/**
* Copy the contents of the specified input stream to the specified
* output stream, and ensure that both streams are closed before returning
* (even in the face of an exception).
*
* @param resource The source resource
* @param length the resource length
* @param ostream The output stream to write to
* @param ranges Enumeration of the ranges the client wanted to
* retrieve
* @param contentType Content type of the resource
* @exception IOException if an input/output error occurs
*/
protected void copy(WebResource resource, long length, ServletOutputStream ostream,
Ranges ranges, String contentType)
throws IOException {
IOException exception = null;
for (Ranges.Entry range : ranges.getEntries()) {
if (exception != null) {
break;
}
InputStream resourceInputStream = resource.getInputStream();
try (InputStream istream = new BufferedInputStream(resourceInputStream, input)) {
// Writing MIME header.
ostream.println();
ostream.println("--" + mimeSeparation);
if (contentType != null)
ostream.println("Content-Type: " + contentType);
long start = getStart(range, length);
long end = getEnd(range, length);
ostream.println("Content-Range: bytes " + start
+ "-" + end + "/"
+ (end - start));
ostream.println();
// Printing content
exception = copyRange(istream, ostream, start, end);
}
}
ostream.println();
ostream.print("--" + mimeSeparation + "--");
// Rethrow any exception that has occurred
if (exception != null)
throw exception;
}
Copy the contents of the specified input stream to the specified
output stream, and ensure that both streams are closed before returning
(even in the face of an exception).
Params: - istream – The input stream to read from
- ostream – The output stream to write to
Returns: Exception which occurred during processing
/**
* Copy the contents of the specified input stream to the specified
* output stream, and ensure that both streams are closed before returning
* (even in the face of an exception).
*
* @param istream The input stream to read from
* @param ostream The output stream to write to
* @return Exception which occurred during processing
*/
protected IOException copyRange(InputStream istream,
ServletOutputStream ostream) {
// Copy the input stream to the output stream
IOException exception = null;
byte buffer[] = new byte[input];
int len = buffer.length;
while (true) {
try {
len = istream.read(buffer);
if (len == -1)
break;
ostream.write(buffer, 0, len);
} catch (IOException e) {
exception = e;
len = -1;
break;
}
}
return exception;
}
Copy the contents of the specified input stream to the specified
output stream, and ensure that both streams are closed before returning
(even in the face of an exception).
Params: - reader – The reader to read from
- writer – The writer to write to
Returns: Exception which occurred during processing
/**
* Copy the contents of the specified input stream to the specified
* output stream, and ensure that both streams are closed before returning
* (even in the face of an exception).
*
* @param reader The reader to read from
* @param writer The writer to write to
* @return Exception which occurred during processing
*/
protected IOException copyRange(Reader reader, PrintWriter writer) {
// Copy the input stream to the output stream
IOException exception = null;
char buffer[] = new char[input];
int len = buffer.length;
while (true) {
try {
len = reader.read(buffer);
if (len == -1)
break;
writer.write(buffer, 0, len);
} catch (IOException e) {
exception = e;
len = -1;
break;
}
}
return exception;
}
Copy the contents of the specified input stream to the specified
output stream, and ensure that both streams are closed before returning
(even in the face of an exception).
Params: - istream – The input stream to read from
- ostream – The output stream to write to
- start – Start of the range which will be copied
- end – End of the range which will be copied
Returns: Exception which occurred during processing
/**
* Copy the contents of the specified input stream to the specified
* output stream, and ensure that both streams are closed before returning
* (even in the face of an exception).
*
* @param istream The input stream to read from
* @param ostream The output stream to write to
* @param start Start of the range which will be copied
* @param end End of the range which will be copied
* @return Exception which occurred during processing
*/
protected IOException copyRange(InputStream istream,
ServletOutputStream ostream,
long start, long end) {
if (debug > 10)
log("Serving bytes:" + start + "-" + end);
long skipped = 0;
try {
skipped = istream.skip(start);
} catch (IOException e) {
return e;
}
if (skipped < start) {
return new IOException(sm.getString("defaultServlet.skipfail",
Long.valueOf(skipped), Long.valueOf(start)));
}
IOException exception = null;
long bytesToRead = end - start + 1;
byte buffer[] = new byte[input];
int len = buffer.length;
while ( (bytesToRead > 0) && (len >= buffer.length)) {
try {
len = istream.read(buffer);
if (bytesToRead >= len) {
ostream.write(buffer, 0, len);
bytesToRead -= len;
} else {
ostream.write(buffer, 0, (int) bytesToRead);
bytesToRead = 0;
}
} catch (IOException e) {
exception = e;
len = -1;
}
if (len < buffer.length)
break;
}
return exception;
}
protected static class CompressionFormat implements Serializable {
private static final long serialVersionUID = 1L;
public final String extension;
public final String encoding;
public CompressionFormat(String extension, String encoding) {
this.extension = extension;
this.encoding = encoding;
}
}
private static class PrecompressedResource {
public final WebResource resource;
public final CompressionFormat format;
private PrecompressedResource(WebResource resource, CompressionFormat format) {
this.resource = resource;
this.format = format;
}
}
This is secure in the sense that any attempt to use an external entity
will trigger an exception.
/**
* This is secure in the sense that any attempt to use an external entity
* will trigger an exception.
*/
private static class SecureEntityResolver implements EntityResolver2 {
@Override
public InputSource resolveEntity(String publicId, String systemId)
throws SAXException, IOException {
throw new SAXException(sm.getString("defaultServlet.blockExternalEntity",
publicId, systemId));
}
@Override
public InputSource getExternalSubset(String name, String baseURI)
throws SAXException, IOException {
throw new SAXException(sm.getString("defaultServlet.blockExternalSubset",
name, baseURI));
}
@Override
public InputSource resolveEntity(String name, String publicId,
String baseURI, String systemId) throws SAXException,
IOException {
throw new SAXException(sm.getString("defaultServlet.blockExternalEntity2",
name, publicId, baseURI, systemId));
}
}
Gets the ordering character to be used for a particular column.
Params: - order – The order that is currently being applied
- column – The column that will be rendered.
Returns: Either 'A' or 'D', to indicate "ascending" or "descending" sort
order.
/**
* Gets the ordering character to be used for a particular column.
*
* @param order The order that is currently being applied
* @param column The column that will be rendered.
*
* @return Either 'A' or 'D', to indicate "ascending" or "descending" sort
* order.
*/
private char getOrderChar(SortManager.Order order, char column) {
if(column == order.column) {
if(order.ascending) {
return 'D';
} else {
return 'A';
}
} else {
return 'D';
}
}
A class encapsulating the sorting of resources.
/**
* A class encapsulating the sorting of resources.
*/
private static class SortManager
{
The default sort.
/**
* The default sort.
*/
protected Comparator<WebResource> defaultResourceComparator;
Comparator to use when sorting resources by name.
/**
* Comparator to use when sorting resources by name.
*/
protected Comparator<WebResource> resourceNameComparator;
Comparator to use when sorting files by name, ascending (reverse).
/**
* Comparator to use when sorting files by name, ascending (reverse).
*/
protected Comparator<WebResource> resourceNameComparatorAsc;
Comparator to use when sorting resources by size.
/**
* Comparator to use when sorting resources by size.
*/
protected Comparator<WebResource> resourceSizeComparator;
Comparator to use when sorting files by size, ascending (reverse).
/**
* Comparator to use when sorting files by size, ascending (reverse).
*/
protected Comparator<WebResource> resourceSizeComparatorAsc;
Comparator to use when sorting resources by last-modified date.
/**
* Comparator to use when sorting resources by last-modified date.
*/
protected Comparator<WebResource> resourceLastModifiedComparator;
Comparator to use when sorting files by last-modified date, ascending (reverse).
/**
* Comparator to use when sorting files by last-modified date, ascending (reverse).
*/
protected Comparator<WebResource> resourceLastModifiedComparatorAsc;
public SortManager(boolean directoriesFirst) {
resourceNameComparator = new ResourceNameComparator();
resourceNameComparatorAsc = Collections.reverseOrder(resourceNameComparator);
resourceSizeComparator = new ResourceSizeComparator(resourceNameComparator);
resourceSizeComparatorAsc = Collections.reverseOrder(resourceSizeComparator);
resourceLastModifiedComparator = new ResourceLastModifiedDateComparator(resourceNameComparator);
resourceLastModifiedComparatorAsc = Collections.reverseOrder(resourceLastModifiedComparator);
if(directoriesFirst) {
resourceNameComparator = new DirsFirstComparator(resourceNameComparator);
resourceNameComparatorAsc = new DirsFirstComparator(resourceNameComparatorAsc);
resourceSizeComparator = new DirsFirstComparator(resourceSizeComparator);
resourceSizeComparatorAsc = new DirsFirstComparator(resourceSizeComparatorAsc);
resourceLastModifiedComparator = new DirsFirstComparator(resourceLastModifiedComparator);
resourceLastModifiedComparatorAsc = new DirsFirstComparator(resourceLastModifiedComparatorAsc);
}
defaultResourceComparator = resourceNameComparator;
}
Sorts an array of resources according to an ordering string.
Params: - resources – The array to sort.
- order – The ordering string.
See Also:
/**
* Sorts an array of resources according to an ordering string.
*
* @param resources The array to sort.
* @param order The ordering string.
*
* @see #getOrder(String)
*/
public void sort(WebResource[] resources, String order) {
Comparator<WebResource> comparator = getComparator(order);
if(null != comparator)
Arrays.sort(resources, comparator);
}
public Comparator<WebResource> getComparator(String order) {
return getComparator(getOrder(order));
}
public Comparator<WebResource> getComparator(Order order) {
if(null == order)
return defaultResourceComparator;
if('N' == order.column) {
if(order.ascending) {
return resourceNameComparatorAsc;
} else {
return resourceNameComparator;
}
}
if('S' == order.column) {
if(order.ascending) {
return resourceSizeComparatorAsc;
} else {
return resourceSizeComparator;
}
}
if('M' == order.column) {
if(order.ascending) {
return resourceLastModifiedComparatorAsc;
} else {
return resourceLastModifiedComparator;
}
}
return defaultResourceComparator;
}
Gets the Order to apply given an ordering-string. This
ordering-string matches a subset of the ordering-strings
supported by
Apache httpd.
Params: - order – The ordering-string provided by the client.
Returns: An Order specifying the column and ascending/descending to
be applied to resources.
/**
* Gets the Order to apply given an ordering-string. This
* ordering-string matches a subset of the ordering-strings
* supported by
* <a href="https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html#query">Apache httpd</a>.
*
* @param order The ordering-string provided by the client.
*
* @return An Order specifying the column and ascending/descending to
* be applied to resources.
*/
public Order getOrder(String order) {
if(null == order || 0 == order.trim().length())
return Order.DEFAULT;
String[] options = order.split(";");
if(0 == options.length)
return Order.DEFAULT;
char column = '\0';
boolean ascending = false;
for(String option : options) {
option = option.trim();
if(2 < option.length()) {
char opt = option.charAt(0);
if('C' == opt)
column = option.charAt(2);
else if('O' == opt)
ascending = ('A' == option.charAt(2));
}
}
if('N' == column) {
if(ascending) {
return Order.NAME_ASC;
} else {
return Order.NAME;
}
}
if('S' == column) {
if(ascending) {
return Order.SIZE_ASC;
} else {
return Order.SIZE;
}
}
if('M' == column) {
if(ascending) {
return Order.LAST_MODIFIED_ASC;
} else {
return Order.LAST_MODIFIED;
}
}
return Order.DEFAULT;
}
public static class Order {
final char column;
final boolean ascending;
public Order(char column, boolean ascending) {
this.column = column;
this.ascending = ascending;
}
public static final Order NAME = new Order('N', false);
public static final Order NAME_ASC = new Order('N', true);
public static final Order SIZE = new Order('S', false);
public static final Order SIZE_ASC = new Order('S', true);
public static final Order LAST_MODIFIED = new Order('M', false);
public static final Order LAST_MODIFIED_ASC = new Order('M', true);
public static final Order DEFAULT = NAME;
}
}
private static class DirsFirstComparator
implements Comparator<WebResource>
{
private final Comparator<WebResource> base;
public DirsFirstComparator(Comparator<WebResource> core) {
this.base = core;
}
@Override
public int compare(WebResource r1, WebResource r2) {
if(r1.isDirectory()) {
if(r2.isDirectory()) {
return base.compare(r1, r2);
} else {
return -1; // r1, directory, first
}
} else if(r2.isDirectory()) {
return 1; // r2, directory, first
} else {
return base.compare(r1, r2);
}
}
}
private static class ResourceNameComparator
implements Comparator<WebResource>
{
@Override
public int compare(WebResource r1, WebResource r2) {
return r1.getName().compareTo(r2.getName());
}
}
private static class ResourceSizeComparator
implements Comparator<WebResource>
{
private Comparator<WebResource> base;
public ResourceSizeComparator(Comparator<WebResource> base) {
this.base = base;
}
@Override
public int compare(WebResource r1, WebResource r2) {
int c = Long.compare(r1.getContentLength(), r2.getContentLength());
if(0 == c)
return base.compare(r1, r2);
else
return c;
}
}
private static class ResourceLastModifiedDateComparator
implements Comparator<WebResource>
{
private Comparator<WebResource> base;
public ResourceLastModifiedDateComparator(Comparator<WebResource> base) {
this.base = base;
}
@Override
public int compare(WebResource r1, WebResource r2) {
int c = Long.compare(r1.getLastModified(), r2.getLastModified());
if(0 == c)
return base.compare(r1, r2);
else
return c;
}
}
}