I'm embedding Jetty (version 7.4.5.v20110725) into a java application. I'm serving JSP pages in ./webapps/jsp/ using Jetty's WebAppContext, but if I visit localhost:8080/jsp/ I get Jetty's directory listing for the entire contents of ./webapps/jsp/. I've tried setting the dirAllowed parameter to false on the WebAppContext and it does not change the directory listing behavior.
Disabling the directory listing on a ResourceHandler is simply done be passing false to setDirectoriesListed, works as expected. Can someone tell me how to do this for the WebAppContext?
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.ResourceHandler;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.webapp.WebAppContext;
public class Test {
public static void main(String[] args) throws Exception {
Server server = new Server();
SelectChannelConnector connector = new SelectChannelConnector();
connector.setHost("127.0.0.1");
connector.setPort(8080);
server.addConnector(connector);
// Create a resource handler for static content.
ResourceHandler staticResourceHandler = new ResourceHandler();
staticResourceHandler.setResourceBase("./webapps/static/");
staticResourceHandler.setDirectoriesListed(false);
// Create context handler for static resource handler.
ContextHandler staticContextHandler = new ContextHandler();
staticContextHandler.setContextPath("/static");
staticContextHandler.setHandler(staticResourceHandler);
// Create WebAppContext for JSP files.
WebAppContext webAppContext = new WebAppContext();
webAppContext.setContextPath("/jsp");
webAppContext.setResourceBase("./webapps/jsp/");
// ??? THIS DOES NOT STOP DIR LISTING OF ./webapps/jsp/ ???
webAppContext.setInitParameter("dirAllowed", "false");
// Create a handler list to store our static and servlet context handlers.
HandlerList handlers = new HandlerList();
handlers.setHandlers(new Handler[] { staticContextHandler, webAppContext });
// Add the handlers to the server and start jetty.
server.setHandler(handlers);
server.start();
server.join();
}
}
You can set org.eclipse.jetty.servlet.Default.dirAllowed instead of dirAllowed:
webAppContext.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
Tested for Jetty 7.4.5.v20110725, 8.1.4.v20120524, 9.0.2.v20130417 and 9.2.0.v20140526.
For anyone using web.xml, you can also disallow it there. Find the default servlet (the one with Jetty's DefaultServlet), and set the dirAllowed parameter to false:
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
<init-param>
<param-name>dirAllowed</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
This works for me on Jetty v9.4.3:
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<context-param>
<param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
<param-value>false</param-value>
</context-param>
</web-app>
If anyone happens across this looking for the equivalent in Jetty 6:
<bean id="webAppContext" class="org.mortbay.jetty.webapp.WebAppContext">
.
.
<property name="initParams">
<map>
<entry key="org.mortbay.jetty.servlet.Default.dirAllowed" value="false" />
</map>
</property>
I found the following page on the net which describes the same problem:
jetty-users-How-can-I-prevent-Directory-Listing-in-WebAppContext
I quote what is mentioned in one of the entries in that post as reason for the problem:
the problem is that for some reason Jetty does not merge the webdefault.xml with user web.xml properly when embedded mode is used
and following is the code that was used to overcome the problem:
HashMap hmap = new HashMap<String, String>();
hmap.put("dirAllowed", "false");
hmap.put("redirectWelcome", "false");
hmap.put("aliases", "false");
ServletHolder []svh = wc.getServletHandler().getServlets();
if(svh != null && svh.length > 0)
{
for(int j = 0; j < svh.length; j++)
{
ServletHolder svh1 = svh[j];
if(svh1.getClassName() != null && svh1.getClassName().endsWith(DEFAULT_SERVLET))
{
svh1.setInitParameters(hmap);
}
}
}
I hope it will solve the issue for you.
The alternative solution not mentioned so far is to add the index.html file. Probably this is not a very universal solution but it fitted my needs. The added value is that this is more user friendly - a user who accidentally enters your application URL will get human readable description of your choice instead of some generic error page from Jetty.
For me this worked with embedded Jetty ver. 9.4.5.
I've put index.html next to WEB-INF directory.
In Linux with Jetty 9.2 (but i think it's the same with 9.x) to apply to all Jetty and Jetty based instances.
You can change in file /etc/jetty9/webdefault.xml:
<init-param>
<param-name>dirAllowed</param-name>
<param-value>false</param-value>
</init-param>
I've also changed:
<init-param>
<param-name>welcomeServlets</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>redirectWelcome</param-name>
<param-value>true</param-value>
</init-param>
Yet another method that works is applying this configuration to jetty-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Call name="setInitParameter">
<Arg>org.eclipse.jetty.servlet.Default.dirAllowed</Arg>
<Arg type="boolean">False</Arg>
</Call>
</Configure>
来源:https://stackoverflow.com/questions/7217969/how-to-disable-directory-listing-for-jettys-webappcontext