when requesting a directory, it's better to serve a 404 rather than a…

… 403, since we give up less info
lightbody · Nov 22, 2011 · 8f1edc9 · 8f1edc9
1 parent 9070ecf
commit 8f1edc9
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 3 deletions.
diff --git a/able-example/src/main/webapp/index.html b/able-example/src/main/webapp/index.html
diff --git a/able-jetty/src/main/java/net/lightbody/able/jetty/EmbeddedJettyWebAppProvider.java b/able-jetty/src/main/java/net/lightbody/able/jetty/EmbeddedJettyWebAppProvider.java
@@ -9,6 +9,7 @@
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.servlet.DefaultServlet;
 import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.webapp.WebAppContext;
 
@@ -32,11 +33,13 @@ public EmbeddedJettyWebAppProvider(@Named("port") int port, @AnchorClass Class a
 
         ServletContextHandler context = new WebAppContext();
         context.setContextPath("/");
-        context.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
 
         context.addFilter(DisableURLRewritingFilter.class, "/*", 0);
         context.addFilter(GuiceFilter.class, "/*", 0);
-        context.addServlet(DefaultServlet.class, "/");
+        context.addServlet(NoDirectoryDefaultServlet.class, "/");
+        ServletHolder holder = new ServletHolder(new NoDirectoryDefaultServlet());
+        holder.setName("default");
+        context.addServlet(holder, "/");
 
         File webappDir = Able.findWebAppDir(anchorClass);
         LOG.info("Using webapp directory " + webappDir.getPath());

diff --git a/able-jetty/src/main/java/net/lightbody/able/jetty/NoDirectoryDefaultServlet.java b/able-jetty/src/main/java/net/lightbody/able/jetty/NoDirectoryDefaultServlet.java
@@ -0,0 +1,29 @@
+package net.lightbody.able.jetty;
+
+import org.eclipse.jetty.servlet.DefaultServlet;
+import org.eclipse.jetty.util.resource.Resource;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class NoDirectoryDefaultServlet extends DefaultServlet {
+    @Override
+    public String getInitParameter(String name) {
+        if ("dirAllowed".equals(name)) {
+            return "true";
+        }
+
+        return super.getInitParameter(name);
+    }
+
+    @Override
+    public String getServletName() {
+        return "default";
+    }
+
+    @Override
+    protected void sendDirectory(HttpServletRequest request, HttpServletResponse response, Resource resource, String pathInContext) throws IOException {
+        response.sendError(HttpServletResponse.SC_NOT_FOUND);
+    }
+}