List of usage examples for org.springframework.web.util WebUtils FORWARD_PATH_INFO_ATTRIBUTE
String FORWARD_PATH_INFO_ATTRIBUTE
To view the source code for org.springframework.web.util WebUtils FORWARD_PATH_INFO_ATTRIBUTE.
Click Source Link
From source file:arena.utils.ServletUtils.java
public static String canonicalizeURI(String uri, String webrootPath, HttpServletRequest request, boolean isPublicURI) { boolean isInclude = WebUtils.isIncludeRequest(request); boolean isForward = (request.getAttribute(WebUtils.FORWARD_PATH_INFO_ATTRIBUTE) != null); // Check it's not an illegal URL File webroot = new File(webrootPath); File configFile = new File(webroot, uri); // build a canonical version if we can String canonicalURI = FileUtils.constructOurCanonicalVersion(configFile, webroot); if (!FileUtils.isDescendant(webroot, configFile, webroot)) { return null; // illegal } else if (isPublicURI && !isInclude && !isForward && FileUtils.isDescendant(new File(webroot, "WEB-INF"), configFile, webroot)) { return null; // don't allow direct access to web-inf } else if (isPublicURI && !isInclude && !isForward && FileUtils.isDescendant(new File(webroot, "META-INF"), configFile, webroot)) { return null; // don't allow direct access to meta-inf } else {/* ww w .java 2 s. c o m*/ return canonicalURI; } }