How to disable directory listing for Jetty's W

2019-01-17 07:30发布

I'm embedding Jetty (version 7.4.5.v20110725) into a java application. I'm serving JSP pages in ./webapps/jsp/ using Jetty's WebAppContext, but if I visit localhost:8080/jsp/ I get Jetty's directory listing for the entire contents of ./webapps/jsp/. I've tried setting the dirAllowed parameter to false on the WebAppContext and it does not change the directory listing behavior.

Disabling the directory listing on a ResourceHandler is simply done be passing false to setDirectoriesListed, works as expected. Can someone tell me how to do this for the WebAppContext?

import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.ResourceHandler;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.webapp.WebAppContext;

public class Test {

    public static void main(String[] args) throws Exception {
        Server server = new Server();
        SelectChannelConnector connector = new SelectChannelConnector();
        connector.setHost("127.0.0.1");
        connector.setPort(8080);
        server.addConnector(connector);

        // Create a resource handler for static content.
        ResourceHandler staticResourceHandler = new ResourceHandler();
        staticResourceHandler.setResourceBase("./webapps/static/");
        staticResourceHandler.setDirectoriesListed(false);

        // Create context handler for static resource handler.
        ContextHandler staticContextHandler = new ContextHandler();
        staticContextHandler.setContextPath("/static");
        staticContextHandler.setHandler(staticResourceHandler);

        // Create WebAppContext for JSP files.
        WebAppContext webAppContext = new WebAppContext();
        webAppContext.setContextPath("/jsp");
        webAppContext.setResourceBase("./webapps/jsp/");
        // ??? THIS DOES NOT STOP DIR LISTING OF ./webapps/jsp/ ???
        webAppContext.setInitParameter("dirAllowed", "false");

        // Create a handler list to store our static and servlet context handlers.
        HandlerList handlers = new HandlerList();
        handlers.setHandlers(new Handler[] { staticContextHandler, webAppContext });

        // Add the handlers to the server and start jetty.
        server.setHandler(handlers);
        server.start();
        server.join();
    }

}

7条回答
时光不老,我们不散
2楼-- · 2019-01-17 07:35

This works for me on Jetty v9.4.3:

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
         http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

    <context-param>
        <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
        <param-value>false</param-value>
    </context-param>

</web-app>
查看更多
姐就是有狂的资本
3楼-- · 2019-01-17 07:36

If anyone happens across this looking for the equivalent in Jetty 6:

    <bean id="webAppContext" class="org.mortbay.jetty.webapp.WebAppContext">
    .
    .
    <property name="initParams">
        <map>               
            <entry key="org.mortbay.jetty.servlet.Default.dirAllowed" value="false" />
        </map>
    </property>
查看更多
We Are One
4楼-- · 2019-01-17 07:37

I found the following page on the net which describes the same problem:

jetty-users-How-can-I-prevent-Directory-Listing-in-WebAppContext

I quote what is mentioned in one of the entries in that post as reason for the problem:

the problem is that for some reason Jetty does not merge the webdefault.xml with user web.xml properly when embedded mode is used

and following is the code that was used to overcome the problem:

HashMap hmap = new HashMap<String, String>();
   hmap.put("dirAllowed", "false");
   hmap.put("redirectWelcome", "false");
   hmap.put("aliases", "false");
   ServletHolder []svh = wc.getServletHandler().getServlets();
   if(svh != null && svh.length > 0)
   {
           for(int j = 0; j < svh.length; j++)
      {
              ServletHolder svh1 = svh[j];
            if(svh1.getClassName() != null && svh1.getClassName().endsWith(DEFAULT_SERVLET))
            {
               svh1.setInitParameters(hmap);
             }
       }
   } 

I hope it will solve the issue for you.

查看更多
叼着烟拽天下
5楼-- · 2019-01-17 07:47

For anyone using web.xml, you can also disallow it there. Find the default servlet (the one with Jetty's DefaultServlet), and set the dirAllowed parameter to false:

<servlet>
    <servlet-name>default</servlet-name>
    <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
    <init-param>
        <param-name>dirAllowed</param-name>
        <param-value>false</param-value>
    </init-param>
</servlet>
查看更多
走好不送
6楼-- · 2019-01-17 07:47

The alternative solution not mentioned so far is to add the index.html file. Probably this is not a very universal solution but it fitted my needs. The added value is that this is more user friendly - a user who accidentally enters your application URL will get human readable description of your choice instead of some generic error page from Jetty.

For me this worked with embedded Jetty ver. 9.4.5.

I've put index.html next to WEB-INF directory.

查看更多
地球回转人心会变
7楼-- · 2019-01-17 07:51

In Linux with Jetty 9.2 (but i think it's the same with 9.x) to apply to all Jetty and Jetty based instances.

You can change in file /etc/jetty9/webdefault.xml:

<init-param>
  <param-name>dirAllowed</param-name>
  <param-value>false</param-value>
</init-param>

I've also changed:

<init-param>
     <param-name>welcomeServlets</param-name>
     <param-value>true</param-value>
  </init-param>
  <init-param>
     <param-name>redirectWelcome</param-name>
     <param-value>true</param-value>
  </init-param>
查看更多
登录 后发表回答