Don't use redirect-query-check with the static resource list (#1034)

apache · Nov 23, 2022 · b18d792 · b18d792
1 parent 4feb163
commit b18d792
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 4 deletions.
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
@@ -284,14 +284,14 @@ public void service(ServletRequest req, ServletResponse res)
     protected void handleRequest(HttpServletRequest request, HttpServletResponse response)
         throws ServletException {
         if ((dispatcherServletPath != null || dispatcherServletName != null)
-            && (redirectList != null && matchPath(redirectList, request)
+            && (redirectList != null && matchPath(redirectQueryCheck, redirectList, request)
                 || redirectList == null)) {
             // if no redirectList is provided then this servlet is redirecting only
             redirect(request, response, request.getPathInfo());
             return;
         }
         boolean staticResourcesMatch = staticResourcesList != null
-            && matchPath(staticResourcesList, request);
+            && matchPath(false, staticResourcesList, request);
         boolean staticWelcomeFileMatch = staticWelcomeFile != null
             && (StringUtils.isEmpty(request.getPathInfo()) || "/".equals(request.getPathInfo()));
         if (staticResourcesMatch || staticWelcomeFileMatch) {
@@ -328,12 +328,12 @@ protected HttpServletRequest checkXForwardedHeaders(HttpServletRequest request)
     }
 
 
-    private boolean matchPath(List<Pattern> values, HttpServletRequest request) {
+    private static boolean matchPath(boolean checkRedirect, List<Pattern> values, HttpServletRequest request) {
         String path = request.getPathInfo();
         if (path == null) {
             path = "/";
         }
-        if (redirectQueryCheck) {
+        if (checkRedirect) {
             String queryString = request.getQueryString();
             if (queryString != null && !queryString.isEmpty()) {
                 path += "?" + queryString;

diff --git a/...sts/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerSpringBookTest.java b/...sts/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerSpringBookTest.java
@@ -147,6 +147,7 @@ public void testGetServicesPageWithServletPatternMatchOnly() throws Exception {
         assertFalse(s.contains(";a=b"));
         assertTrue(s.contains("<a href=\"http://localhost:" + PORT + "/the/"));
     }
+
     @Test
     public void testGetServicesPageWithServletPatternMatchOnly2() throws Exception {
         final String address = "http://localhost:" + PORT + "/services;a=b;/list;a=b/;a=b";
@@ -158,6 +159,15 @@ public void testGetServicesPageWithServletPatternMatchOnly2() throws Exception {
         assertTrue(s.contains("<a href=\"http://localhost:" + PORT + "/services/list/"));
     }
 
+    @Test
+    public void testStaticResourcesWithRedirectQueryCheck() throws Exception {
+        final String address = "http://localhost:" + PORT + "/services/?.html";
+        WebClient wc = WebClient.create(address).accept("text/*");
+        String s = wc.get(String.class);
+        // Check we don't have a directory listing
+        assertFalse(s.contains("META-INF"));
+    }
+
     @Test
     public void testEchoBookForm() throws Exception {
         String address = "http://localhost:" + PORT + "/bus/thebooksform/bookform";

diff --git a/systests/jaxrs/src/test/resources/jaxrs/WEB-INF/web.xml b/systests/jaxrs/src/test/resources/jaxrs/WEB-INF/web.xml
@@ -60,6 +60,22 @@
                 </servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
+    <servlet>
+        <servlet-name>CXFServlet4</servlet-name>
+        <display-name>CXF Servlet4</display-name>
+        <servlet-class>
+                        org.apache.cxf.transport.servlet.CXFServlet
+                </servlet-class>
+        <init-param>
+            <param-name>static-resources-list</param-name>
+            <param-value>.*\.html</param-value>
+        </init-param>
+        <init-param>
+            <param-name>redirect-query-check</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
     <servlet-mapping>
         <servlet-name>CXFServlet</servlet-name>
         <url-pattern>/the/*</url-pattern>
@@ -72,5 +88,9 @@
         <servlet-name>CXFServlet3</servlet-name>
         <url-pattern>/services/list/*</url-pattern>
     </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>CXFServlet4</servlet-name>
+        <url-pattern>/services/*</url-pattern>
+    </servlet-mapping>
 </web-app>
 <!-- END SNIPPET: webxml -->