如何防止Jetty中的目录列表？ [英] How do I prevent directory listing in Jetty?

问题描述

基本上我有这个码头服务器在我的本地运行。但我无法访问我的index.jsp文件我明白了

这是我的web.xml文件，您看到我使用Apache CXF，并且还使用Spring，Hibernate和Jetty

 <？xml version =1.0encoding =UTF-8？> 
< web-app xmlns =http://xmlns.jcp.org/xml/ns/javaee
 xmlns：xsi =http://www.w3.org/2001/XMLSchema -instance
 xsi：schemaLocation =http://xmlns.jcp.org/xml/ns/javaee 
 http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1 .xsd
 version =3.1> 
 
< context-param> 
 
< param-name> contextConfigLocation< / param-name> 
< param-value> classpath：applicationContext.xml，classpath：Spring-Security.xml< / param-value> 
< / context-param> 
 
< listener> 
< listener-class> org.springframework.web.context.ContextLoaderListener< / listener-class> 
< / listener> 
 
 <！ -  Spring Security Start  - > 
< listener> 
< listener-class> 
 org.springframework.web.context.request.RequestContextListener 
< / listener-class> 
< / listener> 
 
< filter> 
< filter-name> springSecurityFilterChain< / filter-name> 
< filter-class> org.springframework.web.filter.DelegatingFilterProxy 
< / filter-class> 
< / filter> 
 <！ -  Projenin ana url'inden itibaren spring security aktif ediliyor  - > 
< filter-mapping> 
< filter-name> springSecurityFilterChain< / filter-name> 
< url-pattern> / *< / url-pattern> 
< / filter-mapping> 
<！ -  Spring Security End  - > 
< servlet> 
< servlet-name> CXFServlet< / servlet-name> 
< servlet-class> org.apache.cxf.transport.servlet.CXFServlet< / servlet-class> 
 
<加载启动> 1< /加载启动> 
< / servlet> 
 
< servlet-mapping> 
< servlet-name> CXFServlet< / servlet-name> 
< url-pattern> / *< / url-pattern> 
< / servlet-mapping> 
 
< / web-app> 
  

我该如何解决它。我在哪里做错了？

解决方案

这已在几个地方回答在StackOverflow上）。您只需在默认servlet上将 dirAllowed 参数设置为false即可。这可以在servlet描述符的 WEB-INF / web.xml 中完成，或者通过提供修改的 etc / webdefault.xml 文件（例如通过Jetty中的部署模块），它在任何上下文之前加载。

在任一文件中， p>

< servlet>
< servlet-name>默认< / servlet-name>
< servlet-class> org.eclipse.jetty.servlet.DefaultServlet< / servlet-class>
....
< init-param>
< param-name> dirAllowed< /参数名称>
< param-value> false< /参数值>
< / init-param>
....
< / servlet>


以用户Eng.Fouad 指出，这也可以定义为一个上下文参数：

 <的context-param> 
< param-name> org.eclipse.jetty.servlet.Default.dirAllowed< / param-name> 
< param-value> false< /参数值> 
< / context-param> 
  

Basically I have this jetty server running at my local. But I can't access my index.jsp file I see like that

this is my web.xml file, You see I use Apache CXF, and also use Spring, Hibernate and Jetty

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                             http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">  

    <context-param>

        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml,classpath:Spring-Security.xml</param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Spring Security Start -->
    <listener>
        <listener-class>
            org.springframework.web.context.request.RequestContextListener
        </listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>
    <!-- Projenin ana url'inden itibaren spring security aktif ediliyor -->
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- Spring Security End -->
    <servlet>
        <servlet-name>CXFServlet</servlet-name>
        <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>

        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>CXFServlet</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

</web-app>

How can I resolve it. Where I am doing wrong ?

解决方案

This has been answered in a few places on StackOverflow. You simply need to set the dirAllowed parameter to false on the default servlet. This can be done either in the WEB-INF/web.xml of the servlet descriptor or by providing a modified etc/webdefault.xml file (via the deploy module in Jetty, for example) which is loaded before any of the contexts.

In either file this would look like:

<servlet>
    <servlet-name>default</servlet-name>
    <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
    ....
    <init-param>
        <param-name>dirAllowed</param-name>
        <param-value>false</param-value>
    </init-param>
    ....
</servlet>

As user Eng.Fouad points out this can also be defined as a context parameter:

<context-param>
    <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
    <param-value>false</param-value>
</context-param>

这篇关于如何防止Jetty中的目录列表？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！