如何防止Jetty中的目录列表? [英] How do I prevent directory listing in Jetty?
问题描述
这是我的web.xml文件,您看到我使用Apache CXF,并且还使用Spring,Hibernate和Jetty
<?xml version =1.0encoding =UTF-8?>
< web-app xmlns =http://xmlns.jcp.org/xml/ns/javaee
xmlns:xsi =http://www.w3.org/2001/XMLSchema -instance
xsi:schemaLocation =http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1 .xsd
version =3.1>
< context-param>
< param-name> contextConfigLocation< / param-name>
< param-value> classpath:applicationContext.xml,classpath:Spring-Security.xml< / param-value>
< / context-param>
< listener>
< listener-class> org.springframework.web.context.ContextLoaderListener< / listener-class>
< / listener>
<! - Spring Security Start - >
< listener>
< listener-class>
org.springframework.web.context.request.RequestContextListener
< / listener-class>
< / listener>
< filter>
< filter-name> springSecurityFilterChain< / filter-name>
< filter-class> org.springframework.web.filter.DelegatingFilterProxy
< / filter-class>
< / filter>
<! - Projenin ana url'inden itibaren spring security aktif ediliyor - >
< filter-mapping>
< filter-name> springSecurityFilterChain< / filter-name>
< url-pattern> / *< / url-pattern>
< / filter-mapping>
<! - Spring Security End - >
< servlet>
< servlet-name> CXFServlet< / servlet-name>
< servlet-class> org.apache.cxf.transport.servlet.CXFServlet< / servlet-class>
<加载启动> 1< /加载启动>
< / servlet>
< servlet-mapping>
< servlet-name> CXFServlet< / servlet-name>
< url-pattern> / *< / url-pattern>
< / servlet-mapping>
< / web-app>
我该如何解决它。我在哪里做错了?
在任一文件中, p>
< servlet>
< servlet-name>默认< / servlet-name>
< servlet-class> org.eclipse.jetty.servlet.DefaultServlet< / servlet-class>
....
< init-param>
< param-name> dirAllowed< /参数名称>
< param-value> false< /参数值>
< / init-param>
....
< / servlet>
以用户Eng.Fouad 指出,这也可以定义为一个上下文参数:
<的context-param>
< param-name> org.eclipse.jetty.servlet.Default.dirAllowed< / param-name>
< param-value> false< /参数值>
< / context-param>
Basically I have this jetty server running at my local. But I can't access my index.jsp file I see like that
this is my web.xml file, You see I use Apache CXF, and also use Spring, Hibernate and Jetty
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml,classpath:Spring-Security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring Security Start -->
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<!-- Projenin ana url'inden itibaren spring security aktif ediliyor -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security End -->
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
How can I resolve it. Where I am doing wrong ?
This has been answered in a few places on StackOverflow. You simply need to set the dirAllowed
parameter to false on the default servlet. This can be done either in the WEB-INF/web.xml
of the servlet descriptor or by providing a modified etc/webdefault.xml
file (via the deploy module in Jetty, for example) which is loaded before any of the contexts.
In either file this would look like:
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
....
<init-param>
<param-name>dirAllowed</param-name>
<param-value>false</param-value>
</init-param>
....
</servlet>
As user Eng.Fouad points out this can also be defined as a context parameter:
<context-param>
<param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
<param-value>false</param-value>
</context-param>
这篇关于如何防止Jetty中的目录列表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!