How to disable directory listing for Jetty's WebAppContext?
Solution 1
You can set org.eclipse.jetty.servlet.Default.dirAllowed instead of dirAllowed:
webAppContext.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
Tested for Jetty 7.4.5.v20110725, 8.1.4.v20120524, 9.0.2.v20130417 and 9.2.0.v20140526.
Solution 2
For anyone using web.xml, you can also disallow it there. Find the default servlet (the one with Jetty's DefaultServlet), and set the dirAllowed parameter to false:
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
<init-param>
<param-name>dirAllowed</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
Solution 3
This works for me on Jetty v9.4.3:
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<context-param>
<param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
<param-value>false</param-value>
</context-param>
</web-app>
Solution 4
If anyone happens across this looking for the equivalent in Jetty 6:
<bean id="webAppContext" class="org.mortbay.jetty.webapp.WebAppContext">
.
.
<property name="initParams">
<map>
<entry key="org.mortbay.jetty.servlet.Default.dirAllowed" value="false" />
</map>
</property>
phatypus
Updated on July 16, 2022Comments
-
phatypus almost 2 years
I'm embedding Jetty (version 7.4.5.v20110725) into a java application. I'm serving JSP pages in ./webapps/jsp/ using Jetty's WebAppContext, but if I visit localhost:8080/jsp/ I get Jetty's directory listing for the entire contents of ./webapps/jsp/. I've tried setting the dirAllowed parameter to false on the WebAppContext and it does not change the directory listing behavior.
Disabling the directory listing on a ResourceHandler is simply done be passing false to setDirectoriesListed, works as expected. Can someone tell me how to do this for the WebAppContext?
import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.server.handler.HandlerList; import org.eclipse.jetty.server.handler.ResourceHandler; import org.eclipse.jetty.server.nio.SelectChannelConnector; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.webapp.WebAppContext; public class Test { public static void main(String[] args) throws Exception { Server server = new Server(); SelectChannelConnector connector = new SelectChannelConnector(); connector.setHost("127.0.0.1"); connector.setPort(8080); server.addConnector(connector); // Create a resource handler for static content. ResourceHandler staticResourceHandler = new ResourceHandler(); staticResourceHandler.setResourceBase("./webapps/static/"); staticResourceHandler.setDirectoriesListed(false); // Create context handler for static resource handler. ContextHandler staticContextHandler = new ContextHandler(); staticContextHandler.setContextPath("/static"); staticContextHandler.setHandler(staticResourceHandler); // Create WebAppContext for JSP files. WebAppContext webAppContext = new WebAppContext(); webAppContext.setContextPath("/jsp"); webAppContext.setResourceBase("./webapps/jsp/"); // ??? THIS DOES NOT STOP DIR LISTING OF ./webapps/jsp/ ??? webAppContext.setInitParameter("dirAllowed", "false"); // Create a handler list to store our static and servlet context handlers. HandlerList handlers = new HandlerList(); handlers.setHandlers(new Handler[] { staticContextHandler, webAppContext }); // Add the handlers to the server and start jetty. server.setHandler(handlers); server.start(); server.join(); } }