diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/org/traccar/api/MediaFilter.java | 41 | ||||
-rw-r--r-- | src/org/traccar/web/WebServer.java | 24 |
2 files changed, 23 insertions, 42 deletions
diff --git a/src/org/traccar/api/MediaFilter.java b/src/org/traccar/api/MediaFilter.java index c07175d40..b3dcbbd66 100644 --- a/src/org/traccar/api/MediaFilter.java +++ b/src/org/traccar/api/MediaFilter.java @@ -36,24 +36,8 @@ import org.traccar.model.Device; public class MediaFilter implements Filter { - private boolean dirAllowed; - @Override public void init(FilterConfig filterConfig) throws ServletException { - dirAllowed = Context.getConfig().getBoolean("media.dirAllowed"); - } - - private static void formatError(HttpServletResponse response, Exception e) throws IOException { - if (e instanceof SecurityException) { - response.setStatus(HttpServletResponse.SC_FORBIDDEN); - } else if (e instanceof IllegalArgumentException) { - response.setStatus(HttpServletResponse.SC_NOT_FOUND); - } else if (e instanceof NotAuthorizedException) { - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - } else { - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - } - response.getWriter().println(Log.exceptionStack(e)); } @Override @@ -73,15 +57,10 @@ public class MediaFilter implements Filter { throw new NotAuthorizedException("Not authorized"); } - String[] parts = ((HttpServletRequest) request).getPathInfo().split("/"); - if (parts.length < 2) { - if (dirAllowed) { - Context.getPermissionsManager().checkAdmin(userId); - } else { - throw new SecurityException("Wrong path"); - } - } else if (parts.length == 2 && !dirAllowed) { - throw new SecurityException("Wrong path"); + String path = ((HttpServletRequest) request).getPathInfo(); + String[] parts = path.split("/"); + if (parts.length < 2 || parts.length == 2 && !path.endsWith("/")) { + Context.getPermissionsManager().checkAdmin(userId); } else { Device device = Context.getIdentityManager().getByUniqueId(parts[1]); if (device != null) { @@ -93,7 +72,17 @@ public class MediaFilter implements Filter { chain.doFilter(request, response); } catch (Exception e) { - formatError((HttpServletResponse) response, e); + HttpServletResponse httpResponse = (HttpServletResponse) response; + if (e instanceof SecurityException) { + httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); + } else if (e instanceof IllegalArgumentException) { + httpResponse.setStatus(HttpServletResponse.SC_NOT_FOUND); + } else if (e instanceof NotAuthorizedException) { + httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } else { + httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST); + } + response.getWriter().println(Log.exceptionStack(e)); } } diff --git a/src/org/traccar/web/WebServer.java b/src/org/traccar/web/WebServer.java index 8b0696081..88b38c1ab 100644 --- a/src/org/traccar/web/WebServer.java +++ b/src/org/traccar/web/WebServer.java @@ -1,5 +1,5 @@ /* - * Copyright 2012 - 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2012 - 2018 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -84,7 +84,6 @@ public class WebServer { } initServer(); - initMedia(); initApi(); if (config.getBoolean("web.console")) { initConsole(); @@ -161,19 +160,6 @@ public class WebServer { handlers.addHandler(app); } - private void initMedia() { - ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS); - servletHandler.setContextPath("/api/media"); - servletHandler.getSessionHandler().setSessionManager(sessionManager); - - ServletHolder servletHolder = new ServletHolder("media", DefaultServlet.class); - servletHolder.setInitParameter("resourceBase", config.getString("media.path")); - servletHolder.setInitParameter("dirAllowed", config.getString("media.dirAllowed", "false")); - servletHandler.addServlet(servletHolder, "/*"); - servletHandler.addFilter(MediaFilter.class, "/*", EnumSet.of(DispatcherType.INCLUDE, DispatcherType.REQUEST)); - handlers.addHandler(servletHandler); - } - private void initApi() { ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS); servletHandler.setContextPath("/api"); @@ -181,11 +167,17 @@ public class WebServer { servletHandler.addServlet(new ServletHolder(new AsyncSocketServlet()), "/socket"); + ServletHolder servletHolder = new ServletHolder("media", DefaultServlet.class); + servletHolder.setInitParameter("resourceBase", config.getString("media.path")); + servletHolder.setInitParameter("dirAllowed", config.getString("media.directoryAllow", "false")); + servletHolder.setInitParameter("pathInfoOnly", "true"); + servletHandler.addServlet(servletHolder, "/media/*"); + servletHandler.addFilter(MediaFilter.class, "/media/*", EnumSet.allOf(DispatcherType.class)); + ResourceConfig resourceConfig = new ResourceConfig(); resourceConfig.registerClasses(JacksonFeature.class, ObjectMapperProvider.class, ResourceErrorHandler.class); resourceConfig.registerClasses(SecurityRequestFilter.class, CorsResponseFilter.class); resourceConfig.packages(ServerResource.class.getPackage().getName()); - servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/*"); handlers.addHandler(servletHandler); |