How do I prevent directory listing in Jetty?

2019-07-29 14:31发布

站内文章 / Java
17 0 0

问题:

Basically I have this jetty server running at my local. But I can't access my index.jsp file I see like that

this is my web.xml file, You see I use Apache CXF, and also use Spring, Hibernate and Jetty

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                             http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">  

    <context-param>

        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml,classpath:Spring-Security.xml</param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Spring Security Start -->
    <listener>
        <listener-class>
            org.springframework.web.context.request.RequestContextListener
        </listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>
    <!-- Projenin ana url'inden itibaren spring security aktif ediliyor -->
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- Spring Security End -->
    <servlet>
        <servlet-name>CXFServlet</servlet-name>
        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>

        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>CXFServlet</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

</web-app>

How can I resolve it. Where I am doing wrong ?

回答1:

This has been answered in a few places on StackOverflow. You simply need to set the dirAllowed parameter to false on the default servlet. This can be done either in the WEB-INF/web.xml of the servlet descriptor or by providing a modified etc/webdefault.xml file (via the deploy module in Jetty, for example) which is loaded before any of the contexts.

In either file this would look like:

<servlet>
    <servlet-name>default</servlet-name>
    <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
    ....
    <init-param>
        <param-name>dirAllowed</param-name>
        <param-value>false</param-value>
    </init-param>
    ....
</servlet>

As user Eng.Fouad points out this can also be defined as a context parameter:

<context-param>
    <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
    <param-value>false</param-value>
</context-param>


标签: java spring hibernate Jetty
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~