0

I use jetty 9.3.11 and in my web.xml I have the following code to use jetty default servlet for providing static content (images, txt files etc).

    <servlet>
        <servlet-name>DefaultServlet</servlet-name>
        <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
        <init-param>
            <param-name>resourceBase</param-name>
            <param-value>/home/User/data/</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>DefaultServlet</servlet-name>
        <url-pattern>/static/*</url-pattern>
    </servlet-mapping>

Is it safe to use default servlet of jetty this way? I mean - can I be sure that no one will get data from /home/User/,/home/User/temp/, /home/ folders?

Pavel_K
  • 10,748
  • 13
  • 73
  • 186

1 Answers1

2

Yes, use as many DefaultServlet instances as you wish.

Just be aware of the behavior of the actual "default" DefaultServlet vs the additional ones. Also what it means for your ServletContext and what it can see.

The prior answer for information.

eg: If you are using a traditional webapp, then the "default" (this is the <servlet-name>default</servlet-name> instance created by Jetty as part of the Servlet spec) will use the webapp itself as the Resource Base.

Any additional DefaultServlet instances will not participate in the ServletContext rules. If you have additional <url-pattern> segments, you'll want to be aware of the pathInfoOnly init-param.

Community
  • 1
  • 1
Joakim Erdfelt
  • 46,896
  • 7
  • 86
  • 136