All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.eclipse.jetty.ee10.webapp.WebAppContext Maven / Gradle / Ivy

The newest version!
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//

package org.eclipse.jetty.ee10.webapp;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.file.Path;
import java.security.PermissionCollection;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.EventListener;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletRegistration.Dynamic;
import jakarta.servlet.ServletSecurityElement;
import jakarta.servlet.http.HttpSessionActivationListener;
import jakarta.servlet.http.HttpSessionAttributeListener;
import jakarta.servlet.http.HttpSessionBindingListener;
import jakarta.servlet.http.HttpSessionIdListener;
import jakarta.servlet.http.HttpSessionListener;
import org.eclipse.jetty.ee.WebAppClassLoading;
import org.eclipse.jetty.ee10.servlet.ErrorHandler;
import org.eclipse.jetty.ee10.servlet.ErrorPageErrorHandler;
import org.eclipse.jetty.ee10.servlet.ServletContextHandler;
import org.eclipse.jetty.ee10.servlet.ServletHandler;
import org.eclipse.jetty.ee10.servlet.SessionHandler;
import org.eclipse.jetty.ee10.servlet.security.ConstraintAware;
import org.eclipse.jetty.ee10.servlet.security.ConstraintMapping;
import org.eclipse.jetty.ee10.servlet.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Deployable;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.util.ClassMatcher;
import org.eclipse.jetty.util.ExceptionUtil;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.annotation.ManagedAttribute;
import org.eclipse.jetty.util.annotation.ManagedObject;
import org.eclipse.jetty.util.component.ClassLoaderDump;
import org.eclipse.jetty.util.component.DumpableCollection;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.resource.ResourceFactory;
import org.eclipse.jetty.util.resource.Resources;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Web Application Context Handler.
 * 

* The WebAppContext handler is an extension of ContextHandler that * coordinates the construction and configuration of nested handlers: * {@link ConstraintSecurityHandler}, {@link org.eclipse.jetty.ee10.servlet.SessionHandler} * and {@link ServletHandler}. * The handlers are configured by pluggable configuration classes, with * the default being {@link WebXmlConfiguration} and * {@link JettyWebXmlConfiguration}. *

*

The class implements {@link WebAppClassLoader.Context} and thus the {@link org.eclipse.jetty.util.ClassVisibilityChecker} * API, which is used by any {@link WebAppClassLoader} to control visibility of classes to the context.

*/ @ManagedObject("Web Application ContextHandler") public class WebAppContext extends ServletContextHandler implements WebAppClassLoader.Context, Deployable { static final Logger LOG = LoggerFactory.getLogger(WebAppContext.class); public static final String WEB_DEFAULTS_XML = "org/eclipse/jetty/ee10/webapp/webdefault-ee10.xml"; /** * @deprecated use {@link WebAppClassLoading#PROTECTED_CLASSES_ATTRIBUTE} instead. */ @Deprecated(forRemoval = true, since = "12.0.9") public static final String SERVER_SYS_CLASSES = WebAppClassLoading.PROTECTED_CLASSES_ATTRIBUTE; /** * @deprecated use {@link WebAppClassLoading#HIDDEN_CLASSES_ATTRIBUTE} instead. */ @Deprecated(forRemoval = true, since = "12.0.9") public static final String SERVER_SRV_CLASSES = WebAppClassLoading.HIDDEN_CLASSES_ATTRIBUTE; private static final String[] __dftProtectedTargets = {"/WEB-INF", "/META-INF"}; /** * @deprecated use {@link WebAppClassLoading#DEFAULT_PROTECTED_CLASSES} */ @Deprecated (forRemoval = true, since = "12.0.9") public static final org.eclipse.jetty.ee10.webapp.ClassMatcher __dftSystemClasses = org.eclipse.jetty.ee10.webapp.ClassMatcher.wrap(WebAppClassLoading.DEFAULT_PROTECTED_CLASSES); /** * @deprecated use {@link WebAppClassLoading#DEFAULT_HIDDEN_CLASSES} */ @Deprecated (forRemoval = true, since = "12.0.9") public static final org.eclipse.jetty.ee10.webapp.ClassMatcher __dftServerClasses = org.eclipse.jetty.ee10.webapp.ClassMatcher.wrap(WebAppClassLoading.DEFAULT_HIDDEN_CLASSES); private final ClassMatcher _protectedClasses = new ClassMatcher(WebAppClassLoading.getProtectedClasses(ServletContextHandler.ENVIRONMENT)); private final ClassMatcher _hiddenClasses = new ClassMatcher(WebAppClassLoading.getHiddenClasses(ServletContextHandler.ENVIRONMENT)); private Configurations _configurations; private String _defaultsDescriptor = WEB_DEFAULTS_XML; private String _descriptor = null; private final List _overrideDescriptors = new ArrayList<>(); private boolean _distributable = false; private boolean _extractWAR = true; private boolean _copyDir = false; private boolean _copyWebInf = false; private boolean _logUrlOnStart = false; private boolean _parentLoaderPriority = Boolean.getBoolean("org.eclipse.jetty.server.webapp.parentLoaderPriority"); private PermissionCollection _permissions; private boolean _defaultContextPath = true; private String[] _contextWhiteList = null; private String _war; private List _extraClasspath; private Throwable _unavailableException; private Map _resourceAliases; private ClassLoader _initialClassLoader; private boolean _configurationDiscovered = true; private boolean _allowDuplicateFragmentNames = false; private boolean _throwUnavailableOnStartupException = false; private MetaData _metadata = new MetaData(); public static WebAppContext getCurrentWebAppContext() { ServletContextHandler handler = ServletContextHandler.getCurrentServletContextHandler(); if (handler != null) { if (handler instanceof WebAppContext) return (WebAppContext)handler; } return null; } public WebAppContext() { this(null, null, null, null, new ErrorPageErrorHandler(), SESSIONS | SECURITY); } /** * @param contextPath The context path * @param webApp The URL or filename of the webapp directory or war file. */ public WebAppContext(String webApp, String contextPath) { this(contextPath, null, null, null, new ErrorPageErrorHandler(), SESSIONS | SECURITY); setWar(webApp); } /** * @param contextPath The context path * @param webApp The URL or filename of the webapp directory or war file. */ public WebAppContext(Resource webApp, String contextPath) { this(contextPath, null, null, null, new ErrorPageErrorHandler(), SESSIONS | SECURITY); setWarResource(webApp); } /** * @param sessionHandler SessionHandler for this web app * @param securityHandler SecurityHandler for this web app * @param servletHandler ServletHandler for this web app * @param errorHandler ErrorHandler for this web app */ public WebAppContext(SessionHandler sessionHandler, SecurityHandler securityHandler, ServletHandler servletHandler, ErrorHandler errorHandler) { this(null, sessionHandler, securityHandler, servletHandler, errorHandler, 0); } /** * @param contextPath the context path * @param sessionHandler SessionHandler for this web app * @param securityHandler SecurityHandler for this web app * @param servletHandler ServletHandler for this web app * @param errorHandler ErrorHandler for this web app * @param options the options ({@link ServletContextHandler#SESSIONS} and/or {@link ServletContextHandler#SECURITY}) */ public WebAppContext(String contextPath, SessionHandler sessionHandler, SecurityHandler securityHandler, ServletHandler servletHandler, ErrorHandler errorHandler, int options) { // always pass parent as null and then set below, so that any resulting setServer call // is done after this instance is constructed. super(contextPath, sessionHandler, securityHandler, servletHandler, errorHandler, options); setErrorHandler(errorHandler != null ? errorHandler : new ErrorPageErrorHandler()); setProtectedTargets(__dftProtectedTargets); } @Override public void initializeDefaults(Map properties) { for (String property : properties.keySet()) { String value = properties.get(property); if (LOG.isDebugEnabled()) LOG.debug("init {}: {}", property, value); switch (property) { case Deployable.WAR -> { if (getWar() == null) setWar(value); } case Deployable.TEMP_DIR -> setTempDirectory(IO.asFile(value)); case Deployable.CONFIGURATION_CLASSES -> setConfigurationClasses(value == null ? null : value.split(",")); case Deployable.CONTAINER_SCAN_JARS -> setAttribute(MetaInfConfiguration.CONTAINER_JAR_PATTERN, value); case Deployable.EXTRACT_WARS -> setExtractWAR(Boolean.parseBoolean(value)); case Deployable.PARENT_LOADER_PRIORITY -> setParentLoaderPriority(Boolean.parseBoolean(value)); case Deployable.WEBINF_SCAN_JARS -> setAttribute(MetaInfConfiguration.WEBINF_JAR_PATTERN, value); case Deployable.DEFAULTS_DESCRIPTOR -> setDefaultsDescriptor(value); case Deployable.SCI_EXCLUSION_PATTERN -> setAttribute("org.eclipse.jetty.containerInitializerExclusionPattern", value); case Deployable.SCI_ORDER -> setAttribute("org.eclipse.jetty.containerInitializerOrder", value); default -> { if (LOG.isDebugEnabled() && StringUtil.isNotBlank(value)) LOG.debug("unknown property {}={}", property, value); } } } _defaultContextPath = true; } public boolean isContextPathDefault() { return _defaultContextPath; } @Override public void setContextPath(String contextPath) { super.setContextPath(contextPath); _defaultContextPath = false; } public void setDefaultContextPath(String contextPath) { super.setContextPath(contextPath); _defaultContextPath = true; } /** * @param servletContextName The servletContextName to set. */ @Override public void setDisplayName(String servletContextName) { super.setDisplayName(servletContextName); ClassLoader cl = getClassLoader(); if (servletContextName != null && cl instanceof WebAppClassLoader webAppClassLoader) webAppClassLoader.setName(servletContextName); } /** * Get an exception that caused the webapp to be unavailable * * @return A throwable if the webapp is unavailable or null */ public Throwable getUnavailableException() { return _unavailableException; } /** * Set Resource Alias. * Resource aliases map resource uri's within a context. * They may optionally be used by a handler when looking for * a resource. * * @param alias the alias for a resource * @param uri the uri for the resource */ public void setResourceAlias(String alias, String uri) { if (_resourceAliases == null) _resourceAliases = new HashMap<>(5); _resourceAliases.put(alias, uri); } public Map getResourceAliases() { if (_resourceAliases == null) return null; return _resourceAliases; } public void setResourceAliases(Map map) { _resourceAliases = map; } public String getResourceAlias(String path) { if (_resourceAliases == null) return null; String alias = _resourceAliases.get(path); int slash = path.length(); while (alias == null) { slash = path.lastIndexOf("/", slash - 1); if (slash < 0) break; String match = _resourceAliases.get(path.substring(0, slash + 1)); if (match != null) alias = match + path.substring(slash + 1); } return alias; } public String removeResourceAlias(String alias) { if (_resourceAliases == null) return null; return _resourceAliases.remove(alias); } @Override public void setClassLoader(ClassLoader classLoader) { super.setClassLoader(classLoader); String name = getDisplayName(); if (name == null) name = getContextPath(); if (classLoader instanceof WebAppClassLoader webAppClassLoader && getDisplayName() != null) webAppClassLoader.setName(name); } public ResourceFactory getResourceFactory() { return ResourceFactory.of(this); } @Override public Resource getResource(String pathInContext) throws MalformedURLException { if (pathInContext == null || !pathInContext.startsWith("/")) throw new MalformedURLException(pathInContext); MalformedURLException mue = null; Resource resource = null; int loop = 0; while (pathInContext != null && loop++ < 100) { try { resource = super.getResource(pathInContext); if (Resources.exists(resource)) return resource; pathInContext = getResourceAlias(pathInContext); } catch (MalformedURLException e) { LOG.trace("IGNORED", e); if (mue == null) mue = e; } } if (mue != null) throw mue; return resource; } /** * Is the context Automatically configured. * * @return true if configuration discovery. */ public boolean isConfigurationDiscovered() { return _configurationDiscovered; } /** * Set the configuration discovery mode. * If configuration discovery is set to true, then the JSR315 * servlet 3.0 discovered configuration features are enabled. * These are:
    *
  • Web Fragments
  • *
  • META-INF/resource directories
  • *
* * @param discovered true if configuration discovery is enabled for automatic configuration from the context */ public void setConfigurationDiscovered(boolean discovered) { _configurationDiscovered = discovered; } /** * Pre configure the web application. *

* The method is normally called from {@link #start()}. It performs * the discovery of the configurations to be applied to this context, * specifically: *

    *
  • Instantiate the {@link Configuration} instances with a call to {@link #loadConfigurations()}. *
  • Instantiates a classloader (if one is not already set) *
  • Calls the {@link Configuration#preConfigure(WebAppContext)} method of all * Configuration instances. *
* * @throws Exception if unable to pre configure */ public void preConfigure() throws Exception { // Add the known server class inclusions for all known configurations for (Configuration configuration : Configurations.getKnown()) { _hiddenClasses.include(configuration.getHiddenClasses().getInclusions()); } // Setup Configuration classes for this webapp! loadConfigurations(); _configurations.sort(); for (Configuration configuration : _configurations) { _protectedClasses.add(configuration.getProtectedClasses().getPatterns()); _hiddenClasses.exclude(configuration.getHiddenClasses().getExclusions()); } // Configure classloader _initialClassLoader = getClassLoader(); ClassLoader loader = configureClassLoader(_initialClassLoader); if (loader != _initialClassLoader) setClassLoader(loader); if (LOG.isDebugEnabled()) { LOG.debug("Thread Context classloader {}", loader); loader = loader.getParent(); while (loader != null) { LOG.debug("Parent class loader: {} ", loader); loader = loader.getParent(); } } _configurations.preConfigure(this); } /** * Configure the context {@link ClassLoader}, potentially wrapping it. * @param loader The loader initially set on this context by {@link #setClassLoader(ClassLoader)} * @return Either the configured loader, or a new {@link ClassLoader} that uses the loader. */ protected ClassLoader configureClassLoader(ClassLoader loader) { if (loader instanceof WebAppClassLoader) return loader; return new WebAppClassLoader(loader, this); } @Override protected void createTempDirectory() { super.createTempDirectory(); } public boolean configure() throws Exception { return _configurations.configure(this); } public void postConfigure() throws Exception { _configurations.postConfigure(this); } @Override protected void doStart() throws Exception { ClassLoader old = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(ServletContextHandler.ENVIRONMENT.getClassLoader()); try { _metadata.setAllowDuplicateFragmentNames(isAllowDuplicateFragmentNames()); Boolean validate = (Boolean)getAttribute(MetaData.VALIDATE_XML); _metadata.setValidateXml((validate != null && validate)); preConfigure(); super.doStart(); postConfigure(); if (isLogUrlOnStart()) dumpUrl(); } catch (Throwable t) { // start up of the webapp context failed, make sure it is not started LOG.warn("Failed startup of context {}", this, t); _unavailableException = t; setAvailable(false); // webapp cannot be accessed (results in status code 503) if (isThrowUnavailableOnStartupException()) throw t; } finally { Thread.currentThread().setContextClassLoader(old); } } @Override public void destroy() { // Prepare for configuration Throwable multiException = null; if (_configurations != null) { for (Configuration configuration : _configurations) { try { configuration.destroy(this); } catch (Exception e) { multiException = ExceptionUtil.combine(multiException, e); } } } _configurations = null; super.destroy(); ExceptionUtil.ifExceptionThrowUnchecked(multiException); } /* * Dumps the current web app name and URL to the log */ private void dumpUrl() { Connector[] connectors = getServer().getConnectors(); for (Connector connector : connectors) { String displayName = getDisplayName(); if (displayName == null) displayName = "WebApp@" + Arrays.hashCode(connectors); LOG.info("{} at http://{}{}", displayName, connector.toString(), getContextPath()); } } /** * @return Returns the configurations. */ @ManagedAttribute(value = "configuration classes used to configure webapp", readonly = true) public String[] getConfigurationClasses() { loadConfigurations(); return _configurations.toStringArray(); } /** * @return Returns the configurations. */ public Configurations getConfigurations() { loadConfigurations(); return _configurations; } /** * The default descriptor is a web.xml format file that is applied to the context before the standard WEB-INF/web.xml * * @return Returns the defaultsDescriptor. */ @ManagedAttribute(value = "default web.xml deascriptor applied before standard web.xml", readonly = true) public String getDefaultsDescriptor() { return _defaultsDescriptor; } /** * The override descriptor is a web.xml format file that is applied to the context after the standard WEB-INF/web.xml * * @return Returns the Override Descriptor. */ public String getOverrideDescriptor() { if (_overrideDescriptors.size() != 1) return null; return _overrideDescriptors.get(0); } /** * An override descriptor is a web.xml format file that is applied to the context after the standard WEB-INF/web.xml * * @return Returns the Override Descriptor list */ @ManagedAttribute(value = "web.xml deascriptors applied after standard web.xml", readonly = true) public List getOverrideDescriptors() { return Collections.unmodifiableList(_overrideDescriptors); } /** * @return Returns the permissions. */ @Override public PermissionCollection getPermissions() { return _permissions; } /** * Set the hidden (server) classes patterns. *

* This {@link ClassMatcher} is used to implement the {@link org.eclipse.jetty.util.ClassVisibilityChecker} contract * for the context by determining which classes and resources from the server and environment classloader are hidden * from the context. The context may have its own copy of these classes/resources in WEB-INF/lib or WEB-INF/classes. * * @param hiddenClasses the server classes pattern */ public void setHiddenClassMatcher(ClassMatcher hiddenClasses) { _hiddenClasses.clear(); _hiddenClasses.add(hiddenClasses.getPatterns()); } /** * Set the protected (system) classes patterns. *

* * This {@link ClassMatcher} is used to implement the {@link org.eclipse.jetty.util.ClassVisibilityChecker} contract * for the context by determining which classes and resources from the server and environment classloader may not be * overridden by the context. The context may not have its own copy of these classes/resources. * * @param protectedClasses the system classes pattern */ public void setProtectedClassMatcher(ClassMatcher protectedClasses) { _protectedClasses.clear(); _protectedClasses.add(protectedClasses.getPatterns()); } /** * Add a ClassMatcher for hidden (server) classes by combining with * any existing matcher. * * @param hiddenClasses The class matcher of patterns to add to the server ClassMatcher * @see org.eclipse.jetty.util.ClassVisibilityChecker * @see #setHiddenClassMatcher(ClassMatcher) */ public void addHiddenClassMatcher(ClassMatcher hiddenClasses) { _hiddenClasses.add(hiddenClasses.getPatterns()); } /** * Add a ClassMatcher for protected (system) classes by combining with * any existing matcher. * * @param protectedClasses The class matcher of patterns to add to the system ClassMatcher * @see org.eclipse.jetty.util.ClassVisibilityChecker * @see #setProtectedClassMatcher(ClassMatcher) */ public void addProtectedClassMatcher(ClassMatcher protectedClasses) { _protectedClasses.add(protectedClasses.getPatterns()); } /** * @return The ClassMatcher used to match System (protected) classes to implement the * {@link org.eclipse.jetty.util.ClassVisibilityChecker} contract. * @see #setProtectedClassMatcher(ClassMatcher) */ public ClassMatcher getProtectedClassMatcher() { return _protectedClasses; } /** * @return The ClassMatcher used to match Server (hidden) classes to implement the * {@link org.eclipse.jetty.util.ClassVisibilityChecker} contract. * @see #setHiddenClassMatcher(ClassMatcher) */ public ClassMatcher getHiddenClassMatcher() { return _hiddenClasses; } @ManagedAttribute(value = "classes and packages protected by context classloader", readonly = true) public String[] getProtectedClasses() { return _protectedClasses.getPatterns(); } @ManagedAttribute(value = "classes and packages hidden by the context classloader", readonly = true) public String[] getHiddenClasses() { return _hiddenClasses.getPatterns(); } @Override public boolean isHiddenClass(Class clazz) { return _hiddenClasses.match(clazz); } @Override public boolean isProtectedClass(Class clazz) { return _protectedClasses.match(clazz); } @Override public boolean isHiddenResource(String name, URL url) { return _hiddenClasses.match(name, url); } @Override public boolean isProtectedResource(String name, URL url) { return _protectedClasses.match(name, url); } /** * @deprecated use {@link #setHiddenClassMatcher(ClassMatcher)} */ @Deprecated(since = "12.0.8", forRemoval = true) public void setServerClassMatcher(org.eclipse.jetty.ee10.webapp.ClassMatcher serverClasses) { setHiddenClassMatcher(serverClasses); } /** * @deprecated use {@link #setProtectedClassMatcher(ClassMatcher)} */ @Deprecated(since = "12.0.8", forRemoval = true) public void setSystemClassMatcher(org.eclipse.jetty.ee10.webapp.ClassMatcher systemClasses) { setProtectedClassMatcher(systemClasses); } /** * @deprecated use {@link #addHiddenClassMatcher(ClassMatcher)} */ @Deprecated(since = "12.0.8", forRemoval = true) public void addServerClassMatcher(org.eclipse.jetty.ee10.webapp.ClassMatcher serverClasses) { addHiddenClassMatcher(serverClasses); } /** * @deprecated use {@link #addProtectedClassMatcher(ClassMatcher)} */ @Deprecated(since = "12.0.8", forRemoval = true) public void addSystemClassMatcher(org.eclipse.jetty.ee10.webapp.ClassMatcher systemClasses) { addProtectedClassMatcher(systemClasses); } /** * @deprecated use {@link #getProtectedClassMatcher()} */ @Deprecated(since = "12.0.8", forRemoval = true) public org.eclipse.jetty.ee10.webapp.ClassMatcher getSystemClassMatcher() { return org.eclipse.jetty.ee10.webapp.ClassMatcher.wrap(getProtectedClassMatcher()); } /** * @deprecated use {@link #getHiddenClassMatcher()} */ @Deprecated(since = "12.0.8", forRemoval = true) public org.eclipse.jetty.ee10.webapp.ClassMatcher getServerClassMatcher() { return org.eclipse.jetty.ee10.webapp.ClassMatcher.wrap(getHiddenClassMatcher()); } /** * @deprecated use {@link #getProtectedClasses()} */ @Deprecated(since = "12.0.8", forRemoval = true) public String[] getSystemClasses() { return getProtectedClasses(); } /** * @deprecated use {@link #getHiddenClasses()} */ @Deprecated(since = "12.0.8", forRemoval = true) public String[] getServerClasses() { return getHiddenClasses(); } /** * @deprecated use {@link #isHiddenClass(Class)} */ @Deprecated(since = "12.0.8", forRemoval = true) public boolean isServerClass(Class clazz) { return isHiddenClass(clazz); } /** * @deprecated use {@link #isProtectedClass(Class)} */ @Deprecated(since = "12.0.8", forRemoval = true) public boolean isSystemClass(Class clazz) { return isProtectedClass(clazz); } @Override public void setServer(Server server) { super.setServer(server); if (server != null) { _protectedClasses.add(WebAppClassLoading.getProtectedClasses(server).getPatterns()); _hiddenClasses.add(WebAppClassLoading.getHiddenClasses(server).getPatterns()); } } /** * @return Returns the war as a file or URL string (Resource). * The war may be different to the @link {@link #getBaseResource()} * if the war has been expanded and/or copied. */ @ManagedAttribute(value = "war file location", readonly = true) public String getWar() { if (_war == null) { if (getBaseResource() != null) { Path warPath = getBaseResource().getPath(); if (warPath != null) _war = warPath.toUri().toASCIIString(); } } return _war; } public Resource getWebInf() throws IOException { if (getBaseResource() == null) return null; // Is there a WEB-INF directory anywhere in the Resource Base? // ResourceBase could be a CombinedResource // The result could be a CombinedResource with multiple WEB-INF directories // Can return from WEB-INF/lib/foo.jar!/WEB-INF // Can also never return from a META-INF/versions/#/WEB-INF location Resource webInf = getBaseResource().resolve("WEB-INF/"); if (Resources.isReadableDirectory(webInf)) return webInf; return null; } /** * @return Returns the distributable. */ @ManagedAttribute("web application distributable") public boolean isDistributable() { return _distributable; } /** * @return Returns the extractWAR. */ @ManagedAttribute(value = "extract war", readonly = true) public boolean isExtractWAR() { return _extractWAR; } /** * @return True if the webdir is copied (to allow hot replacement of jars on windows) */ @ManagedAttribute(value = "webdir copied on deploy (allows hot replacement on windows)", readonly = true) public boolean isCopyWebDir() { return _copyDir; } /** * @return True if the web-inf lib and classes directories are copied (to allow hot replacement of jars on windows) */ public boolean isCopyWebInf() { return _copyWebInf; } /** * @return True if the classloader should delegate first to the parent * classloader (standard java behaviour) or false if the classloader * should first try to load from WEB-INF/lib or WEB-INF/classes (servlet * spec recommendation). Default is false or can be set by the system * property org.eclipse.jetty.server.webapp.parentLoaderPriority */ @Override @ManagedAttribute(value = "parent classloader given priority", readonly = true) public boolean isParentLoaderPriority() { return _parentLoaderPriority; } protected void loadConfigurations() { //if the configuration instances have been set explicitly, use them if (_configurations != null) return; if (isStarted()) throw new IllegalStateException(); _configurations = newConfigurations(); } protected Configurations newConfigurations() { return new Configurations(Configurations.getServerDefault(getServer()).getConfigurations()); } @Override public ServletContextApi newServletContextApi() { return new WebAppContext.ServletApiContext(); } @Override public String toString() { if (_war != null) return super.toString() + "{" + _war + "}"; return super.toString(); } @Override public void dump(Appendable out, String indent) throws IOException { List systemClasses = null; if (_protectedClasses != null) { systemClasses = new ArrayList<>(_protectedClasses); Collections.sort(systemClasses); } List serverClasses = null; if (_hiddenClasses != null) { serverClasses = new ArrayList<>(_hiddenClasses); Collections.sort(serverClasses); } String name = getDisplayName(); if (name == null) { if (_war != null) { int webapps = _war.indexOf("/webapps/"); if (webapps >= 0) name = _war.substring(webapps + 8); else name = _war; } else if (getBaseResource() != null) { name = getBaseResource().getURI().toASCIIString(); int webapps = name.indexOf("/webapps/"); if (webapps >= 0) name = name.substring(webapps + 8); } else { name = this.getClass().getSimpleName(); } } name = String.format("%s@%x", name, hashCode()); dumpObjects(out, indent, new ClassLoaderDump(getClassLoader()), new DumpableCollection("Systemclasses " + name, systemClasses), new DumpableCollection("Serverclasses " + name, serverClasses), new DumpableCollection("Configurations " + name, _configurations), new DumpableCollection("Handler attributes " + name, asAttributeMap().entrySet()), new DumpableCollection("Context attributes " + name, getContext().asAttributeMap().entrySet()), new DumpableCollection("EventListeners " + this, getEventListeners()), new DumpableCollection("Initparams " + name, getInitParams().entrySet()) ); } /** * @param configurations The configuration class names. If setConfigurations is not called * these classes are used to create a configurations array. */ public void setConfigurationClasses(String[] configurations) { if (_configurations == null) _configurations = new Configurations(); _configurations.set(configurations); } public void setConfigurationClasses(List configurations) { setConfigurationClasses(configurations.toArray(new String[0])); } /** * @param configurations The configurations to set. */ public void setConfigurations(Configurations configurations) { _configurations = configurations == null ? new Configurations() : configurations; } /** * @param configurations The configurations to set. */ public void setConfigurations(Configuration[] configurations) { if (_configurations == null) _configurations = new Configurations(); _configurations.set(configurations); } public void addConfiguration(Configuration... configuration) { loadConfigurations(); _configurations.add(configuration); } public T getConfiguration(Class configClass) { loadConfigurations(); return _configurations.get(configClass); } public void removeConfiguration(Configuration... configurations) { if (_configurations != null) _configurations.remove(configurations); } public void removeConfiguration(Class... configurations) { if (_configurations != null) _configurations.remove(configurations); } /** * The default descriptor is a web.xml format file that is applied to the context before the standard WEB-INF/web.xml * * @param defaultsDescriptor The defaultsDescriptor to set. */ public void setDefaultsDescriptor(String defaultsDescriptor) { _defaultsDescriptor = defaultsDescriptor; } /** * The override descriptor is a web.xml format file that is applied to the context after the standard WEB-INF/web.xml * * @param overrideDescriptor The overrideDescritpor to set. */ public void setOverrideDescriptor(String overrideDescriptor) { _overrideDescriptors.clear(); _overrideDescriptors.add(overrideDescriptor); } /** * The override descriptor is a web.xml format file that is applied to the context after the standard WEB-INF/web.xml * * @param overrideDescriptors The overrideDescriptors (file or URL) to set. */ public void setOverrideDescriptors(List overrideDescriptors) { _overrideDescriptors.clear(); _overrideDescriptors.addAll(overrideDescriptors); } /** * The override descriptor is a web.xml format file that is applied to the context after the standard WEB-INF/web.xml * * @param overrideDescriptor The overrideDescriptor (file or URL) to add. */ public void addOverrideDescriptor(String overrideDescriptor) { _overrideDescriptors.add(overrideDescriptor); } /** * @return the web.xml descriptor to use. If set to null, WEB-INF/web.xml is used if it exists. */ @ManagedAttribute(value = "standard web.xml descriptor", readonly = true) public String getDescriptor() { return _descriptor; } /** * Set the web.xml descriptor to use. If set to null, WEB-INF/web.xml is used if it exists.. * @param descriptor the web.xml descriptor to use. If set to null, WEB-INF/web.xml is used if it exists. */ public void setDescriptor(String descriptor) { _descriptor = descriptor; } /** * @param distributable The distributable to set. */ public void setDistributable(boolean distributable) { this._distributable = distributable; } @Override public boolean removeEventListener(EventListener listener) { if (super.removeEventListener(listener)) { if ((listener instanceof HttpSessionActivationListener) || (listener instanceof HttpSessionAttributeListener) || (listener instanceof HttpSessionBindingListener) || (listener instanceof HttpSessionListener) || (listener instanceof HttpSessionIdListener)) { if (_sessionHandler != null) _sessionHandler.removeEventListener(listener); } return true; } return false; } /** * @param extractWAR True if war files are extracted */ public void setExtractWAR(boolean extractWAR) { _extractWAR = extractWAR; } /** * @param copy True if the webdir is copied (to allow hot replacement of jars) */ public void setCopyWebDir(boolean copy) { _copyDir = copy; } /** * @param copyWebInf True if the web-inf lib and classes directories are copied (to allow hot replacement of jars on windows) */ public void setCopyWebInf(boolean copyWebInf) { _copyWebInf = copyWebInf; } /** * @param java2compliant True if the classloader should delegate first to the parent * classloader (standard java behaviour) or false if the classloader * should first try to load from WEB-INF/lib or WEB-INF/classes (servlet * spec recommendation). Default is false or can be set by the system * property org.eclipse.jetty.server.webapp.parentLoaderPriority */ public void setParentLoaderPriority(boolean java2compliant) { _parentLoaderPriority = java2compliant; } /** * @param permissions The permissions to set. */ public void setPermissions(PermissionCollection permissions) { _permissions = permissions; } /** * Set the context white list *

* In certain circumstances you want may want to deny access of one webapp from another * when you may not fully trust the webapp. Setting this white list will enable a * check when a servlet called ServletContextHandler.Context#getContext(String), * validating that the uriInPath for the given webapp has been declaratively allows access to the context. * * @param contextWhiteList the whitelist of contexts */ public void setContextWhiteList(String... contextWhiteList) { _contextWhiteList = contextWhiteList; } /** * Set the war of the webapp. From this value a {@link #setBaseResource(Resource)} * value is computed by {@link WebInfConfiguration}, which may be changed from * the war URI by unpacking and/or copying. * * @param war The war to set as a file name or URL. */ public void setWar(String war) { _war = war; } /** * Set the war of the webapp as a {@link Resource}. * * @param war The war to set as a Resource. * @see #setWar(String) */ public void setWarResource(Resource war) { setWar(war == null ? null : war.toString()); } /** * @return Comma or semicolon separated path of filenames or URLs * pointing to directories or jar files. Directories should end * with '/'. */ @Override @ManagedAttribute(value = "extra classpath for context classloader", readonly = true) public List getExtraClasspath() { return _extraClasspath == null ? Collections.emptyList() : _extraClasspath; } /** * Set the Extra ClassPath via delimited String. *

* This is a convenience method for {@link #setExtraClasspath(List)} *

* * @param extraClasspath Comma or semicolon separated path of filenames or URLs * pointing to directories or jar files. Directories should end * with '/'. * @see #setExtraClasspath(List) */ public void setExtraClasspath(String extraClasspath) { setExtraClasspath(getResourceFactory().split(extraClasspath)); } public void setExtraClasspath(List extraClasspath) { _extraClasspath = extraClasspath; } public boolean isLogUrlOnStart() { return _logUrlOnStart; } /** * Sets whether or not the web app name and URL is logged on startup * * @param logOnStart whether or not the log message is created */ public void setLogUrlOnStart(boolean logOnStart) { this._logUrlOnStart = logOnStart; } public boolean isAllowDuplicateFragmentNames() { return _allowDuplicateFragmentNames; } public void setAllowDuplicateFragmentNames(boolean allowDuplicateFragmentNames) { _allowDuplicateFragmentNames = allowDuplicateFragmentNames; } public void setThrowUnavailableOnStartupException(boolean throwIfStartupException) { _throwUnavailableOnStartupException = throwIfStartupException; } public boolean isThrowUnavailableOnStartupException() { return _throwUnavailableOnStartupException; } public void resolveMetaData() throws Exception { LOG.debug("metadata resolve {}", this); //Ensure origins is fresh _metadata._origins.clear(); // Set the ordered lib attribute List orderedWebInfJars; if (_metadata.isOrdered()) { orderedWebInfJars = _metadata.getWebInfResources(true); List orderedLibs = new ArrayList<>(); for (Resource jar: orderedWebInfJars) { URI uri = URIUtil.unwrapContainer(jar.getURI()); orderedLibs.add(uri.getPath()); } setAttribute(ServletContext.ORDERED_LIBS, Collections.unmodifiableList(orderedLibs)); } // set the webxml version if (_metadata._webXmlRoot != null) { getContext().getServletContext().setEffectiveMajorVersion(_metadata._webXmlRoot.getMajorVersion()); getContext().getServletContext().setEffectiveMinorVersion(_metadata._webXmlRoot.getMinorVersion()); } //process web-defaults.xml, web.xml and override-web.xmls for (DescriptorProcessor p : _metadata._descriptorProcessors) { p.process(this, _metadata.getDefaultsDescriptor()); p.process(this, _metadata.getWebDescriptor()); for (WebDescriptor wd : _metadata.getOverrideDescriptors()) { LOG.debug("process {} {} {}", this, p, wd); p.process(this, wd); } } List resources = new ArrayList<>(); resources.add(null); //always apply annotations with no resource first resources.addAll(_metadata._orderedContainerResources); //next all annotations from container path resources.addAll(_metadata._webInfClasses); //next everything from web-inf classes resources.addAll(_metadata.getWebInfResources(_metadata.isOrdered())); //finally annotations (in order) from webinf path for (Resource r : resources) { //Process the web-fragment.xml before applying annotations from a fragment. //Note that some fragments, or resources that aren't fragments won't have //a descriptor. FragmentDescriptor fd = _metadata._webFragmentResourceMap.get(r); if (fd != null) { for (DescriptorProcessor p : _metadata._descriptorProcessors) { LOG.debug("process {} {}", this, fd); p.process(this, fd); } } //Then apply the annotations - note that if metadata is complete //either overall or for a fragment, those annotations won't have //been discovered. List annotations = _metadata._annotations.get(r); if (annotations != null) { for (DiscoveredAnnotation a : annotations) { LOG.debug("apply {}", a); a.apply(); } } } } @Override protected void startContext() throws Exception { if (configure()) { resolveMetaData(); startWebapp(); } } @Override protected void stopContext() throws Exception { stopWebapp(); try { for (int i = _configurations.size(); i-- > 0; ) { _configurations.get(i).deconfigure(this); } if (_metadata != null) _metadata.clear(); _metadata = new MetaData(); } finally { ClassLoader loader = getClassLoader(); if (loader != _initialClassLoader) { if (loader instanceof URLClassLoader urlClassLoader) urlClassLoader.close(); setClassLoader(_initialClassLoader); } _unavailableException = null; super.cleanupAfterStop(); } } /** * Continue the {@link #startContext()} before calling {@code super.startContext()}. * @throws Exception If there was a problem starting */ protected void startWebapp() throws Exception { super.startContext(); } /** * Continue the {@link #stopContext()} before calling {@code super.stopContext()}. * @throws Exception If there was a problem stopping */ protected void stopWebapp() throws Exception { super.stopContext(); } /** * Prevent the temp directory from being deleted during the normal stop sequence, and require that * {@link ContextHandler#cleanupAfterStop()} is explicitly called after the webapp classloader is closed */ @Override protected void cleanupAfterStop() throws Exception { //intentionally left blank } @Override public Set setServletSecurity(Dynamic registration, ServletSecurityElement servletSecurityElement) { Set unchangedURLMappings = new HashSet<>(); //From javadoc for ServletSecurityElement: /* If a URL pattern of this ServletRegistration is an exact target of a security-constraint that was established via the portable deployment descriptor, then this method does not change the security-constraint for that pattern, and the pattern will be included in the return value. If a URL pattern of this ServletRegistration is an exact target of a security constraint that was established via the ServletSecurity annotation or a previous call to this method, then this method replaces the security constraint for that pattern. If a URL pattern of this ServletRegistration is neither the exact target of a security constraint that was established via the ServletSecurity annotation or a previous call to this method, nor the exact target of a security-constraint in the portable deployment descriptor, then this method establishes the security constraint for that pattern from the argument ServletSecurityElement. */ java.util.Collection pathMappings = registration.getMappings(); if (pathMappings != null && getSecurityHandler() instanceof ConstraintAware constraintAware) { ConstraintSecurityHandler.createConstraint(registration.getName(), servletSecurityElement); for (String pathSpec : pathMappings) { Origin origin = getMetaData().getOrigin("constraint.url." + pathSpec); switch (origin) { case NotSet: { //No mapping for this url already established List mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m : mappings) { constraintAware.addConstraintMapping(m); } constraintAware.checkPathsWithUncoveredHttpMethods(); getMetaData().setOriginAPI("constraint.url." + pathSpec); break; } case WebXml: case WebDefaults: case WebOverride: case WebFragment: { //a mapping for this url was created in a descriptor, which overrides everything unchangedURLMappings.add(pathSpec); break; } case Annotation: case API: { //mapping established via an annotation or by previous call to this method, //replace the security constraint for this pattern List constraintMappings = ConstraintSecurityHandler.removeConstraintMappingsForPath(pathSpec, constraintAware.getConstraintMappings()); List freshMappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); constraintMappings.addAll(freshMappings); ((ConstraintSecurityHandler)getSecurityHandler()).setConstraintMappings(constraintMappings); constraintAware.checkPathsWithUncoveredHttpMethods(); break; } default: throw new IllegalStateException(origin.toString()); } } } return unchangedURLMappings; } public class ServletApiContext extends ServletContextHandler.ServletContextApi { @Override public jakarta.servlet.ServletContext getContext(String path) { jakarta.servlet.ServletContext servletContext = super.getContext(path); if (servletContext != null && _contextWhiteList != null) { for (String context : _contextWhiteList) { if (context.equals(path)) { return servletContext; } } return null; } else { return servletContext; } } @Override public URL getResource(String path) throws MalformedURLException { if (path == null) return null; // Assumption is that the resource base has been properly setup. // Spec requirement is that the WAR file is interrogated first. // If a WAR file is mounted, or is extracted to a temp directory, // then the first entry of the resource base must be the WAR file. Resource resource = WebAppContext.this.getResource(path); if (Resources.missing(resource)) return null; for (Resource r: resource) { // return first entry return r.getURI().toURL(); } // A Resource was returned, but did not exist return null; } } public MetaData getMetaData() { return _metadata; } @Override protected void makeTempDirectory() throws Exception { super.makeTempDirectory(); } @Override protected String getCanonicalNameForTmpDir() { return super.getCanonicalNameForTmpDir(); } /** * If the webapp has no baseresource yet, use * the war to make the temp directory name. * * @return the baseresource if non null, or the war */ @Override protected Resource getResourceForTempDirName() { Resource resource = super.getResourceForTempDirName(); if (resource == null) { if (getWar() == null || getWar().length() == 0) throw new IllegalStateException("No resourceBase or war set for context"); // Use name of given resource in the temporary dirname resource = newResource(getWar()); } return resource; } /** * Add a Server Class pattern to use for all WebAppContexts. * @param server The {@link Server} instance to add classes to * @param patterns the patterns to use * @see #getHiddenClassMatcher() * @see #getHiddenClasses() * @deprecated use {@link WebAppClassLoading#addProtectedClasses(Server, String...)} */ @Deprecated(since = "12.0.8", forRemoval = true) public static void addServerClasses(Server server, String... patterns) { WebAppClassLoading.addHiddenClasses(server, patterns); } /** * Add a System Class pattern to use for all WebAppContexts. * @param server The {@link Server} instance to add classes to * @param patterns the patterns to use * @see #getProtectedClassMatcher() * @see #getProtectedClasses() * @deprecated use {@link WebAppClassLoading#addHiddenClasses(Server, String...)} */ @Deprecated(since = "12.0.8", forRemoval = true) public static void addSystemClasses(Server server, String... patterns) { WebAppClassLoading.addProtectedClasses(server, patterns); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy