Package ninja

Class AssetsControllerHelper


  • public class AssetsControllerHelper
    extends Object
    • Constructor Detail

      • AssetsControllerHelper

        public AssetsControllerHelper()
    • Method Detail

      • normalizePathWithoutLeadingSlash

        public String normalizePathWithoutLeadingSlash​(String fileName,
                                                       boolean enforceUnixSeparator)
        If we get - for whatever reason - a relative URL like assets/../conf/application.conf we expand that to the "real" path. In the above case conf/application.conf. You should then add the assets prefix. Otherwise someone can create an attack and read all resources of our app. If we expand and normalize the incoming path this is no longer possible.
        Parameters:
        fileName - A potential "fileName"
        enforceUnixSeparator - If true it will force the usage of the unix separator '/' If false it will use the separator of the underlying system. usually '/' in case of unix and '\' in case of windows.
        Returns:
        A normalized fileName.
      • isDirectoryURL

        public boolean isDirectoryURL​(URL url)
        Check the URL is a directory. With war style deployment, AssetsController exposes the file list of assets directories. For example, a request to http://localhost:8080/assets/css/ displays the file list of css directory. So this method checks the URL is a directory.
        Parameters:
        url - A URL of assets
        Returns:
        true if the URL is a directory