resources - provided extension point on ResourcesRoute constructor al…

…lowing to override behaviour forbidding usage of / baseResourcePath, in case someone would like to serve resources from root classpath, even if this is not advised from a security standpoint
restx · Aug 28, 2017 · 16a49510b1a89eaa7c5c36c7b21eeeaf16e4f72f · 16a4951
1 parent 9effdfd
commit 16a49510b1a89eaa7c5c36c7b21eeeaf16e4f72f
Unified Split

Showing with 14 additions and 5 deletions.

+14 −5 restx-core/src/main/java/restx/ResourcesRoute.java
diff --git a/restx-core/src/main/java/restx/ResourcesRoute.java b/restx-core/src/main/java/restx/ResourcesRoute.java
@@ -91,15 +91,24 @@ public ResourcesRoute(String name, String baseRestPath, String baseResourcePath,
    public ResourcesRoute(String name, String baseRestPath, String baseResourcePath, ImmutableMap<String, String> aliases, List<CachedResourcePolicy> cachedResourcePolicies) {
        this.name = checkNotNull(name);
        this.baseRestPath = ("/" + checkNotNull(baseRestPath) + "/").replaceAll("/+", "/");
-        this.baseResourcePath = checkNotNull(baseResourcePath)
-                .replace('.', '/').replaceAll("^/", "").replaceAll("/$", "") + "/";
-        if("/".equals(this.baseResourcePath)){
-            throw new IllegalArgumentException("Please, avoid using '/' as ResourcesRoute's baseResourcePath as it represents serious security flaws (people will be able to read your classpath configuration files)");
-        }
+        this.baseResourcePath = this.ensureBaseResourcePathValid(baseResourcePath);
        this.aliases = checkNotNull(aliases);
        this.cachedResourcePolicies = ImmutableList.copyOf(cachedResourcePolicies);
    }

+    protected String ensureBaseResourcePathValid(String baseResourcePath) {
+        String escapedBaseResourcePath = checkNotNull(baseResourcePath)
+                .replace('.', '/')
+                .replaceAll("^/", "")
+                .replaceAll("/$", "") + "/";
+
+        if("/".equals(escapedBaseResourcePath)){
+            throw new IllegalArgumentException("Please, avoid using '/' as ResourcesRoute's baseResourcePath as it represents serious security flaws (people will be able to read your classpath configuration files)");
+        }
+
+        return escapedBaseResourcePath;
+    }
+
    @Override
    public Optional<RestxHandlerMatch> match(RestxRequest req) {
        if (req.getHttpMethod().equals("GET") && req.getRestxPath().startsWith(baseRestPath)) {