Servlet context document root not found when running as exploded WAR

* Added additional search in AbstractEmbeddedServletContainerFactory.getValidDocumentRoot() to detect a /WEB-INF/ directory in the code archive * If the code archive is in /WEB-INF/** then we assume it is safe to serve content from / (exposes the loader classes but nothing sensitive from the app) [Fixes #54345578]

Servlet context document root not found when running as exploded WAR
* Added additional search in AbstractEmbeddedServletContainerFactory.getValidDocumentRoot() to detect a /WEB-INF/ directory in the code archive * If the code archive is in /WEB-INF/** then we assume it is safe to serve content from / (exposes the loader classes but nothing sensitive from the app) [Fixes #54345578]
39425c81 · Dave Syer · b65625be · b65625be · 39425c81
Commit 39425c81 authored Jul 31, 2013 by Dave Syer
Showing with 18 additions and 11 deletions

foo.html ...g-boot-samples/spring-boot-sample-jetty/src/main/foo.html +0 -10

AbstractEmbeddedServletContainerFactory.java ...ext/embedded/AbstractEmbeddedServletContainerFactory.java +18 -1

No files found.
--- a/spring-boot-samples/spring-boot-sample-jetty/src/main/foo.html
+++ b/spring-boot-samples/spring-boot-sample-jetty/src/main/foo.html
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<title>Insert title here</title>
-</head>
-<body>
-
-</body>
-</html>
\ No newline at end of file
--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactory.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactory.java
@@ -303,7 +303,11 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
 	 */
 	protected final File getValidDocumentRoot() {
 		File file = getDocumentRoot();
+		// If document root not explicitly set see if we are running from a war archive
 		file = file != null ? file : getWarFileDocumentRoot();
+		// If not a war archive maybe it is an exploded war
+		file = file != null ? file : getExplodedWarFileDocumentRoot();
+		// Or maybe there is a document root in a well-known location
 		file = file != null ? file : getCommonDocumentRoot();
 		if (file == null && this.logger.isWarnEnabled()) {
 			this.logger.debug("None of the document roots "
@@ -316,12 +320,25 @@ public abstract class AbstractEmbeddedServletContainerFactory implements
 		return file;
 	}

+	private File getExplodedWarFileDocumentRoot() {
+		File file = getCodeSourceArchive();
+		if (this.logger.isDebugEnabled()) {
+			this.logger.debug("Code archive: " + file);
+		}
+		if (file != null && file.exists() && file.getAbsolutePath().contains("/WEB-INF/")) {
+			String path = file.getAbsolutePath();
+			path = path.substring(0, path.indexOf("/WEB-INF/"));
+			return new File(path);
+		}
+		return null;
+	}
+
 	private File getArchiveFileDocumentRoot(String extension) {
 		File file = getCodeSourceArchive();
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("Code archive: " + file);
 		}
-		if (file.exists() && !file.isDirectory()
+		if (file != null && file.exists() && !file.isDirectory()
 				&& file.getName().toLowerCase().endsWith(extension)) {
 			return file.getAbsoluteFile();
 		}