I'm embedding Jetty (version 7.4.5.v20110725) into a java application. I'm serving JSP pages in ./webapps/jsp/ using Jetty's WebAppContext, but if I visit localhost:8080/jsp/ I get Jetty's directory listing for the entire contents of ./webapps/jsp/. I've tried setting the dirAllowed parameter to false on the WebAppContext and it does not change the directory listing behavior.
Disabling the directory listing on a ResourceHandler is simply done be passing false to setDirectoriesListed, works as expected. Can someone tell me how to do this for the WebAppContext?
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.ResourceHandler;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.webapp.WebAppContext;
public class Test {
public static void main(String[] args) throws Exception {
Server server = new Server();
SelectChannelConnector connector = new SelectChannelConnector();
connector.setHost("127.0.0.1");
connector.setPort(8080);
server.addConnector(connector);
// Create a resource handler for static content.
ResourceHandler staticResourceHandler = new ResourceHandler();
staticResourceHandler.setResourceBase("./webapps/static/");
staticResourceHandler.setDirectoriesListed(false);
// Create context handler for static resource handler.
ContextHandler staticContextHandler = new ContextHandler();
staticContextHandler.setContextPath("/static");
staticContextHandler.setHandler(staticResourceHandler);
// Create WebAppContext for JSP files.
WebAppContext webAppContext = new WebAppContext();
webAppContext.setContextPath("/jsp");
webAppContext.setResourceBase("./webapps/jsp/");
// ??? THIS DOES NOT STOP DIR LISTING OF ./webapps/jsp/ ???
webAppContext.setInitParameter("dirAllowed", "false");
// Create a handler list to store our static and servlet context handlers.
HandlerList handlers = new HandlerList();
handlers.setHandlers(new Handler[] { staticContextHandler, webAppContext });
// Add the handlers to the server and start jetty.
server.setHandler(handlers);
server.start();
server.join();
}
}
This works for me on Jetty v9.4.3:
web.xml:
If anyone happens across this looking for the equivalent in Jetty 6:
I found the following page on the net which describes the same problem:
jetty-users-How-can-I-prevent-Directory-Listing-in-WebAppContext
I quote what is mentioned in one of the entries in that post as reason for the problem:
and following is the code that was used to overcome the problem:
I hope it will solve the issue for you.
For anyone using
web.xml
, you can also disallow it there. Find the default servlet (the one with Jetty'sDefaultServlet
), and set thedirAllowed
parameter tofalse
:The alternative solution not mentioned so far is to add the index.html file. Probably this is not a very universal solution but it fitted my needs. The added value is that this is more user friendly - a user who accidentally enters your application URL will get human readable description of your choice instead of some generic error page from Jetty.
For me this worked with embedded Jetty ver. 9.4.5.
I've put index.html next to WEB-INF directory.
In Linux with Jetty 9.2 (but i think it's the same with 9.x) to apply to all Jetty and Jetty based instances.
You can change in file
/etc/jetty9/webdefault.xml
:I've also changed: