PathResourceResolver.java 文件源码

java
阅读 18 收藏 0 点赞 0 评论 0
项目:spring4-understanding 作者: 
private boolean isResourceUnderLocation(Resource resource, Resource location) throws IOException {
    if (resource.getClass() != location.getClass()) {
        return false;
    }

    String resourcePath;
    String locationPath;

    if (resource instanceof UrlResource) {
        resourcePath = resource.getURL().toExternalForm();
        locationPath = StringUtils.cleanPath(location.getURL().toString());
    }
    else if (resource instanceof ClassPathResource) {
        resourcePath = ((ClassPathResource) resource).getPath();
        locationPath = StringUtils.cleanPath(((ClassPathResource) location).getPath());
    }
    else if (resource instanceof ServletContextResource) {
        resourcePath = ((ServletContextResource) resource).getPath();
        locationPath = StringUtils.cleanPath(((ServletContextResource) location).getPath());
    }
    else {
        resourcePath = resource.getURL().getPath();
        locationPath = StringUtils.cleanPath(location.getURL().getPath());
    }

    if (locationPath.equals(resourcePath)) {
        return true;
    }
    locationPath = (locationPath.endsWith("/") || locationPath.isEmpty() ? locationPath : locationPath + "/");
    if (!resourcePath.startsWith(locationPath)) {
        return false;
    }

    if (resourcePath.contains("%")) {
        // Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars...
        if (URLDecoder.decode(resourcePath, "UTF-8").contains("../")) {
            if (logger.isTraceEnabled()) {
                logger.trace("Resolved resource path contains \"../\" after decoding: " + resourcePath);
            }
            return false;
        }
    }

    return true;
}
您未登录,请先登录后再评论
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号