aboutsummaryrefslogtreecommitdiff
path: root/src/org
diff options
context:
space:
mode:
Diffstat (limited to 'src/org')
-rw-r--r--src/org/traccar/api/MediaFilter.java41
-rw-r--r--src/org/traccar/web/WebServer.java24
2 files changed, 23 insertions, 42 deletions
diff --git a/src/org/traccar/api/MediaFilter.java b/src/org/traccar/api/MediaFilter.java
index c07175d40..b3dcbbd66 100644
--- a/src/org/traccar/api/MediaFilter.java
+++ b/src/org/traccar/api/MediaFilter.java
@@ -36,24 +36,8 @@ import org.traccar.model.Device;
public class MediaFilter implements Filter {
- private boolean dirAllowed;
-
@Override
public void init(FilterConfig filterConfig) throws ServletException {
- dirAllowed = Context.getConfig().getBoolean("media.dirAllowed");
- }
-
- private static void formatError(HttpServletResponse response, Exception e) throws IOException {
- if (e instanceof SecurityException) {
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- } else if (e instanceof IllegalArgumentException) {
- response.setStatus(HttpServletResponse.SC_NOT_FOUND);
- } else if (e instanceof NotAuthorizedException) {
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- } else {
- response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
- }
- response.getWriter().println(Log.exceptionStack(e));
}
@Override
@@ -73,15 +57,10 @@ public class MediaFilter implements Filter {
throw new NotAuthorizedException("Not authorized");
}
- String[] parts = ((HttpServletRequest) request).getPathInfo().split("/");
- if (parts.length < 2) {
- if (dirAllowed) {
- Context.getPermissionsManager().checkAdmin(userId);
- } else {
- throw new SecurityException("Wrong path");
- }
- } else if (parts.length == 2 && !dirAllowed) {
- throw new SecurityException("Wrong path");
+ String path = ((HttpServletRequest) request).getPathInfo();
+ String[] parts = path.split("/");
+ if (parts.length < 2 || parts.length == 2 && !path.endsWith("/")) {
+ Context.getPermissionsManager().checkAdmin(userId);
} else {
Device device = Context.getIdentityManager().getByUniqueId(parts[1]);
if (device != null) {
@@ -93,7 +72,17 @@ public class MediaFilter implements Filter {
chain.doFilter(request, response);
} catch (Exception e) {
- formatError((HttpServletResponse) response, e);
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ if (e instanceof SecurityException) {
+ httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ } else if (e instanceof IllegalArgumentException) {
+ httpResponse.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ } else if (e instanceof NotAuthorizedException) {
+ httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ } else {
+ httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ }
+ response.getWriter().println(Log.exceptionStack(e));
}
}
diff --git a/src/org/traccar/web/WebServer.java b/src/org/traccar/web/WebServer.java
index 8b0696081..88b38c1ab 100644
--- a/src/org/traccar/web/WebServer.java
+++ b/src/org/traccar/web/WebServer.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2012 - 2016 Anton Tananaev (anton@traccar.org)
+ * Copyright 2012 - 2018 Anton Tananaev (anton@traccar.org)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -84,7 +84,6 @@ public class WebServer {
}
initServer();
- initMedia();
initApi();
if (config.getBoolean("web.console")) {
initConsole();
@@ -161,19 +160,6 @@ public class WebServer {
handlers.addHandler(app);
}
- private void initMedia() {
- ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
- servletHandler.setContextPath("/api/media");
- servletHandler.getSessionHandler().setSessionManager(sessionManager);
-
- ServletHolder servletHolder = new ServletHolder("media", DefaultServlet.class);
- servletHolder.setInitParameter("resourceBase", config.getString("media.path"));
- servletHolder.setInitParameter("dirAllowed", config.getString("media.dirAllowed", "false"));
- servletHandler.addServlet(servletHolder, "/*");
- servletHandler.addFilter(MediaFilter.class, "/*", EnumSet.of(DispatcherType.INCLUDE, DispatcherType.REQUEST));
- handlers.addHandler(servletHandler);
- }
-
private void initApi() {
ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
servletHandler.setContextPath("/api");
@@ -181,11 +167,17 @@ public class WebServer {
servletHandler.addServlet(new ServletHolder(new AsyncSocketServlet()), "/socket");
+ ServletHolder servletHolder = new ServletHolder("media", DefaultServlet.class);
+ servletHolder.setInitParameter("resourceBase", config.getString("media.path"));
+ servletHolder.setInitParameter("dirAllowed", config.getString("media.directoryAllow", "false"));
+ servletHolder.setInitParameter("pathInfoOnly", "true");
+ servletHandler.addServlet(servletHolder, "/media/*");
+ servletHandler.addFilter(MediaFilter.class, "/media/*", EnumSet.allOf(DispatcherType.class));
+
ResourceConfig resourceConfig = new ResourceConfig();
resourceConfig.registerClasses(JacksonFeature.class, ObjectMapperProvider.class, ResourceErrorHandler.class);
resourceConfig.registerClasses(SecurityRequestFilter.class, CorsResponseFilter.class);
resourceConfig.packages(ServerResource.class.getPackage().getName());
-
servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/*");
handlers.addHandler(servletHandler);