343277 – Webapp Servlet Context White List

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 343277 - Webapp Servlet Context White List

Summary: Webapp Servlet Context White List

Status:	RESOLVED FIXED

Alias:	None

Product:	Jetty
Classification:	RT
Component:	server (show other bugs)
Version:	7.4.1
Hardware:	Macintosh Mac OS X

Importance:	P3 normal (vote)
Target Milestone:	---
Assignee:	Greg Wilkins
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-04-19 11:25 EDT by Jesse McConnell
Modified:	2011-04-19 11:28 EDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jesse McConnell

2011-04-19 11:25:00 EDT

In certain circumstances you want may want to deny access of one webapp from another when you may not fully trust the webapp.  Setting this white list will enable a check when a servlet called getContext(String), validating that the uriInPath for the given webapp has been declaratively allows access to the context.

Comment 1 Jesse McConnell

2011-04-19 11:28:24 EDT

commit -m "Bug 343277 add support for an optional context white list" /Users/jesse/src/eclipse/trunks/jetty/VERSION.txt /Users/jesse/src/eclipse/trunks/jetty/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java /Users/jesse/src/eclipse/trunks/jetty/jetty-webapp/src/test/java/org/eclipse/jetty/webapp/WebAppContextTest.java
    Sending        /Users/jesse/src/eclipse/trunks/jetty/VERSION.txt
    Sending        /Users/jesse/src/eclipse/trunks/jetty/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java
    Sending        /Users/jesse/src/eclipse/trunks/jetty/jetty-webapp/src/test/java/org/eclipse/jetty/webapp/WebAppContextTest.java
    Transmitting file data ...
    Committed revision 3022.