Skip to content

Commit

Permalink
fixed security issue with application.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@cstarcher
cstarcher committed Nov 5, 2024
1 parent d97b1be commit 0b76d42
Showing 1 changed file with 26 additions and 0 deletions.
26 changes: 26 additions & 0 deletions src/main/java/org/tdl/vireo/config/AppWebMvcConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.AbstractHttp11Protocol;
import org.slf4j.Logger;
Expand All @@ -13,12 +15,15 @@
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.resource.ResourceResolver;
import org.springframework.web.servlet.resource.ResourceResolverChain;
import org.tdl.vireo.Application;
import org.tdl.vireo.model.User;
import org.tdl.vireo.model.repo.UserRepo;
Expand Down Expand Up @@ -65,6 +70,27 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**").addResourceLocations("classpath:/");

registry.addResourceHandler("/public/**").addResourceLocations("file:" + Application.getAssetsPath() + publicFolder + "/");
registry.addResourceHandler("/application.yml")
.setCachePeriod(0)
.addResourceLocations("classpath:/")
.resourceChain(true)
.addResolver(new ResourceResolver() {

@Override
public Resource resolveResource(HttpServletRequest request, String requestPath,
List<? extends Resource> locations, ResourceResolverChain chain) {
return null;
}

@Override
public String resolveUrlPath(String resourcePath, List<? extends Resource> locations,
ResourceResolverChain chain) {
return null;
}

})
.addTransformer((resource, requestPath, transformerChain) -> null);

registry.setOrder(Integer.MAX_VALUE - 2);

logger.info("/public/** -> file:" + Application.getAssetsPath() + publicFolder + "/");
Expand Down

0 comments on commit 0b76d42

Please sign in to comment.