From a23b01e766516f8b2f645e9c8177e874e6ffb148 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Fri, 16 Oct 2020 10:14:38 -0500 Subject: [PATCH 1/4] Issue #5451 - Setting ServletContext temp dir to user private Signed-off-by: Joakim Erdfelt --- .../main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java index c91bc65aa508..357bb241244d 100644 --- a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java +++ b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java @@ -508,7 +508,7 @@ public void makeTempDirectory(File parent, WebAppContext context) else { //ensure file will always be unique by appending random digits - tmpDir = Files.createTempDirectory(parent.toPath(), temp).toFile(); + tmpDir = Files.createTempDirectory(parent.toPath(), temp, IO.getUserOnlyFileAttribute(parent.toPath())).toFile(); } configureTempDirectory(tmpDir, context); From 74d14738a8f4d0b33a1a094bc31225a096f2df17 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Fri, 16 Oct 2020 10:17:27 -0500 Subject: [PATCH 2/4] Issue #5451 - Setting ServletContext temp dir to user private Signed-off-by: Joakim Erdfelt --- .../org/eclipse/jetty/http/MultiPartFormInputStream.java | 5 ++--- jetty-util/src/main/java/org/eclipse/jetty/util/IO.java | 2 +- .../org/eclipse/jetty/util/MultiPartInputStreamParser.java | 4 ++-- .../java/org/eclipse/jetty/webapp/WebInfConfiguration.java | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/MultiPartFormInputStream.java b/jetty-http/src/main/java/org/eclipse/jetty/http/MultiPartFormInputStream.java index badefa3e6f1b..03f54590320c 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/MultiPartFormInputStream.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/MultiPartFormInputStream.java @@ -42,7 +42,6 @@ import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.ByteArrayOutputStream2; -import org.eclipse.jetty.util.IO; import org.eclipse.jetty.util.LazyList; import org.eclipse.jetty.util.MultiException; import org.eclipse.jetty.util.MultiMap; @@ -152,8 +151,8 @@ protected void write(byte[] bytes, int offset, int length) throws IOException protected void createFile() throws IOException { - Path parent = MultiPartFormInputStream.this._tmpDir.toPath(); - Path tempFile = Files.createTempFile(parent, "MultiPart", "", IO.getUserOnlyFileAttribute(parent)); + // Create temp file in Context tempDir (which is user private already) + Path tempFile = Files.createTempFile(MultiPartFormInputStream.this._tmpDir.toPath(), "MultiPart", ""); _file = tempFile.toFile(); OutputStream fos = Files.newOutputStream(tempFile, StandardOpenOption.WRITE); diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/IO.java b/jetty-util/src/main/java/org/eclipse/jetty/util/IO.java index a4cb3a3cb8ac..9c0c71a065b8 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/IO.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/IO.java @@ -474,7 +474,7 @@ public static void close(Writer writer) * For Windows / Dos, that means {@link java.nio.file.attribute.DosFileAttributes} *

*/ - public static FileAttribute[] getUserOnlyFileAttribute(Path path) + public static FileAttribute[] getUserPrivateFileAttribute(Path path) { FileStore fileStore = null; try diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/MultiPartInputStreamParser.java b/jetty-util/src/main/java/org/eclipse/jetty/util/MultiPartInputStreamParser.java index 97e5ec7563a4..4c2c685501a2 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/MultiPartInputStreamParser.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/MultiPartInputStreamParser.java @@ -190,8 +190,8 @@ protected void write(byte[] bytes, int offset, int length) protected void createFile() throws IOException { - Path parent = MultiPartInputStreamParser.this._tmpDir.toPath(); - Path tempFile = Files.createTempFile(parent, "MultiPart", "", IO.getUserOnlyFileAttribute(parent)); + // Create temp file in Context tempDir (which is user private already) + Path tempFile = Files.createTempFile(MultiPartInputStreamParser.this._tmpDir.toPath(), "MultiPart", ""); _file = tempFile.toFile(); OutputStream fos = Files.newOutputStream(tempFile, StandardOpenOption.WRITE); diff --git a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java index 357bb241244d..1cf5b756964f 100644 --- a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java +++ b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java @@ -508,7 +508,7 @@ public void makeTempDirectory(File parent, WebAppContext context) else { //ensure file will always be unique by appending random digits - tmpDir = Files.createTempDirectory(parent.toPath(), temp, IO.getUserOnlyFileAttribute(parent.toPath())).toFile(); + tmpDir = Files.createTempDirectory(parent.toPath(), temp, IO.getUserPrivateFileAttribute(parent.toPath())).toFile(); } configureTempDirectory(tmpDir, context); From 3cc549ca4f79435bf9af3bd99bedda250e51984b Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Fri, 16 Oct 2020 11:31:24 -0500 Subject: [PATCH 3/4] Issue #5451 - Adding configurable posix perms for ServletContext temp directory. Signed-off-by: Joakim Erdfelt --- .../java/org/eclipse/jetty/server/Server.java | 17 ++++ .../main/java/org/eclipse/jetty/util/IO.java | 78 ------------------- .../eclipse/jetty/webapp/WebAppContext.java | 24 ++++++ .../jetty/webapp/WebInfConfiguration.java | 18 ++++- 4 files changed, 57 insertions(+), 80 deletions(-) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Server.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Server.java index 404cc69815a5..55eb8a9b9cbf 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/Server.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Server.java @@ -80,6 +80,7 @@ public class Server extends HandlerWrapper implements Attributes private final ThreadPool _threadPool; private final List _connectors = new CopyOnWriteArrayList<>(); private SessionIdManager _sessionIdManager; + private String _tmpDirPosixPerms = "rwx------"; private boolean _stopAtShutdown; private boolean _dumpAfterStart = false; private boolean _dumpBeforeStop = false; @@ -210,6 +211,11 @@ public void setStopAtShutdown(boolean stop) _stopAtShutdown = stop; } + public String getTempDirectoryPosixPermissions() + { + return _tmpDirPosixPerms; + } + /** * @return Returns the connectors. */ @@ -583,6 +589,17 @@ public void setSessionIdManager(SessionIdManager sessionIdManager) _sessionIdManager = sessionIdManager; } + /** + * Set the POSIX permission string used for the Temp Directory creation for all webapps deployed on the server. + * + * @param perms the string for temp directory permissions + * @see java.nio.file.attribute.PosixFilePermissions#fromString(String) + */ + public void setTempDirectoryPosixPermissions(String perms) + { + _tmpDirPosixPerms = perms; + } + /* * @see org.eclipse.util.AttributesMap#clearAttributes() */ diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/IO.java b/jetty-util/src/main/java/org/eclipse/jetty/util/IO.java index 9c0c71a065b8..0ccd1ec969d3 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/IO.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/IO.java @@ -34,16 +34,8 @@ import java.nio.ByteBuffer; import java.nio.channels.GatheringByteChannel; import java.nio.charset.Charset; -import java.nio.file.FileStore; import java.nio.file.Files; import java.nio.file.Path; -import java.nio.file.attribute.DosFileAttributeView; -import java.nio.file.attribute.FileAttribute; -import java.nio.file.attribute.PosixFileAttributeView; -import java.nio.file.attribute.PosixFilePermission; -import java.nio.file.attribute.PosixFilePermissions; -import java.util.HashSet; -import java.util.Objects; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; @@ -57,24 +49,6 @@ public class IO { private static final Logger LOG = Log.getLogger(IO.class); - private static final FileAttribute[] NO_FILE_ATTRIBUTES = new FileAttribute[0]; - private static final FileAttribute[] USER_ONLY_POSIX_FILE_ATTRIBUTES = - new FileAttribute[]{ - PosixFilePermissions.asFileAttribute( - new HashSet() - { - { - add(PosixFilePermission.OWNER_EXECUTE); - add(PosixFilePermission.OWNER_READ); - add(PosixFilePermission.OWNER_WRITE); - // we don't add GROUP or OTHER write perms here. - add(PosixFilePermission.GROUP_READ); - add(PosixFilePermission.OTHERS_READ); - } - } - ) - }; - public static final String CRLF = "\r\n"; @@ -462,58 +436,6 @@ public static void close(Writer writer) close((Closeable)writer); } - /** - * Get the array of {@link FileAttribute} values for the provided path - * that will set the path to Full Read/Write for the user running Jetty, - * but Readonly for other users. - *

- * For Unix, that's means {@link java.nio.file.attribute.PosixFileAttributes} - * where the World and Other groups have their read / write flags removed. - *

- *

- * For Windows / Dos, that means {@link java.nio.file.attribute.DosFileAttributes} - *

- */ - public static FileAttribute[] getUserPrivateFileAttribute(Path path) - { - FileStore fileStore = null; - try - { - // Obtain a reference to the FileStore to know what kind of read-only we are capable of. - fileStore = Files.getFileStore(Objects.requireNonNull(path)); - - if (fileStore == null) - { - // Not on a properly implemented FileStore (seen with 3rd party FileStore implementations) - // We cannot do anything in this case, so just return. - return NO_FILE_ATTRIBUTES; - } - - if (fileStore.supportsFileAttributeView(DosFileAttributeView.class)) - { - // We are on a Windows / DOS filesystem. - // It might support ACL, but we don't attempt to support that here. - return NO_FILE_ATTRIBUTES; - } - - if (fileStore.supportsFileAttributeView(PosixFileAttributeView.class)) - { - // We are on a Unix / Linux / OSX system - return USER_ONLY_POSIX_FILE_ATTRIBUTES; - } - - // If we reached this point, we have a Path on a FileSystem / FileStore that we cannot control. - // So skip the attempt to set readable. - } - catch (IOException e) - { - if (LOG.isDebugEnabled()) - LOG.debug("Unable to determine attribute types on path: {}", path, e); - } - - return NO_FILE_ATTRIBUTES; - } - public static byte[] readBytes(InputStream in) throws IOException { diff --git a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java index 97f388710ec3..75da54536c6f 100644 --- a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java +++ b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java @@ -60,6 +60,7 @@ import org.eclipse.jetty.util.AttributesMap; import org.eclipse.jetty.util.Loader; import org.eclipse.jetty.util.MultiException; +import org.eclipse.jetty.util.StringUtil; import org.eclipse.jetty.util.URIUtil; import org.eclipse.jetty.util.annotation.ManagedAttribute; import org.eclipse.jetty.util.annotation.ManagedObject; @@ -177,6 +178,7 @@ public class WebAppContext extends ServletContextHandler implements WebAppClassL private File _tmpDir; private boolean _persistTmpDir = false; + private String _tmpDirPosixPerms; private String _war; private String _extraClasspath; @@ -517,6 +519,11 @@ protected void doStart() throws Exception { try { + if (StringUtil.isBlank(_tmpDirPosixPerms)) + { + _tmpDirPosixPerms = getServer().getTempDirectoryPosixPermissions(); + } + _metadata.setAllowDuplicateFragmentNames(isAllowDuplicateFragmentNames()); Boolean validate = (Boolean)getAttribute(MetaData.VALIDATE_XML); _metadata.setValidateXml((validate != null && validate)); @@ -1298,12 +1305,29 @@ public void setTempDirectory(File dir) setAttribute(TEMPDIR, _tmpDir); } + /** + * Set the POSIX permission string used for the Temp Directory for this specific webapp. + * + * @param perms the string for temp directory permissions + * @see java.nio.file.attribute.PosixFilePermissions#fromString(String) + */ + public void setTempDirectoryPosixPermissions(String perms) + { + this._tmpDirPosixPerms = perms; + } + @ManagedAttribute(value = "temporary directory location", readonly = true) public File getTempDirectory() { return _tmpDir; } + @ManagedAttribute(value = "temporary directory perms", readonly = true) + public String getTempDirectoryPosixPermissions() + { + return _tmpDirPosixPerms; + } + /** * If true the temp directory for this * webapp will be kept when the webapp stops. Otherwise, diff --git a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java index 1cf5b756964f..d81885c220e1 100644 --- a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java +++ b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java @@ -24,8 +24,12 @@ import java.net.URISyntaxException; import java.net.URL; import java.net.URLClassLoader; +import java.nio.file.FileStore; import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.PosixFilePermissions; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -507,8 +511,18 @@ public void makeTempDirectory(File parent, WebAppContext context) } else { - //ensure file will always be unique by appending random digits - tmpDir = Files.createTempDirectory(parent.toPath(), temp, IO.getUserPrivateFileAttribute(parent.toPath())).toFile(); + Path parentPath = parent.toPath(); + FileStore fileStore = Files.getFileStore(parentPath); + if (fileStore.supportsFileAttributeView(PosixFileAttributeView.class)) + { + String workDirPerms = context.getTempDirectoryPosixPermissions(); + Set permSet = PosixFilePermissions.fromString(workDirPerms); + tmpDir = Files.createTempDirectory(parentPath, temp, PosixFilePermissions.asFileAttribute(permSet)).toFile(); + } + else + { + tmpDir = Files.createTempDirectory(parentPath, temp).toFile(); + } } configureTempDirectory(tmpDir, context); From 75e6aaf8857d4537c949313445957ee63703b089 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Fri, 16 Oct 2020 11:44:48 -0500 Subject: [PATCH 4/4] Issue #5451 - Allowing inversion of ${jetty.base}/work/ persistence Signed-off-by: Joakim Erdfelt --- .../main/java/org/eclipse/jetty/server/Server.java | 11 +++++++++++ .../org/eclipse/jetty/webapp/WebInfConfiguration.java | 5 ++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Server.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Server.java index 55eb8a9b9cbf..1cfa49967dd5 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/Server.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Server.java @@ -81,6 +81,7 @@ public class Server extends HandlerWrapper implements Attributes private final List _connectors = new CopyOnWriteArrayList<>(); private SessionIdManager _sessionIdManager; private String _tmpDirPosixPerms = "rwx------"; + private boolean _workDirPersistent = true; private boolean _stopAtShutdown; private boolean _dumpAfterStart = false; private boolean _dumpBeforeStop = false; @@ -216,6 +217,11 @@ public String getTempDirectoryPosixPermissions() return _tmpDirPosixPerms; } + public boolean isWorkDirectoryPersistent() + { + return _workDirPersistent; + } + /** * @return Returns the connectors. */ @@ -600,6 +606,11 @@ public void setTempDirectoryPosixPermissions(String perms) _tmpDirPosixPerms = perms; } + public void setWorkDirectoryPersistent(boolean flag) + { + _workDirPersistent = flag; + } + /* * @see org.eclipse.util.AttributesMap#clearAttributes() */ diff --git a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java index d81885c220e1..b49202393b87 100644 --- a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java +++ b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java @@ -460,7 +460,10 @@ public void resolveTempDirectory(WebAppContext context) File work = new File(jettyBase, "work"); if (work.exists() && work.isDirectory() && work.canWrite()) { - context.setPersistTempDirectory(true); + if (context.getServer().isWorkDirectoryPersistent()) + { + context.setPersistTempDirectory(true); + } makeTempDirectory(work, context); return; }