JSPSourceServletpublic class JSPSourceServlet extends HttpServlet | This servlet is intended only for learning about JSP. It returns
the JSP file corresponding to the path passed as pathInfo in a form
that shows the unprocessed JSP and HTML elements. If it wasn't for
Internet Explorer, all this servlet would have to do would be to
set the Content-Type to "text/plain" and send the file. But Internet
Explorer believes it knows better than the application developer,
so it bluntantly ignores this header and treats any response that
contains HTML elements as "text/html", and therefore renders all
HTML elements and ignores the JSP pages. To work around this, the
servlet sends the response as "text/html", with all special HTML
characters converted to the corresponding HTML character entities.
Note! Do not install this servlet on a production server. Doing so
may be a security risk, since the source of any file can be delivered
to the client revealing things like database account names and passwords. |
| Methods Summary |
|---|
| private void | copyFile(java.io.BufferedReader in, java.io.PrintWriter out)Copies the "in" reader to the "out" writer.
int chars;
char[] buf = new char[4096];
while ((chars = in.read(buf, 0, buf.length)) != -1) {
out.write(buf, 0, chars);
out.flush();
}
| | public void | doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)Handles a GET request by sending the contents of the resource
specified by the servlet path to the client.
// Get the pathInfo
String path = req.getPathInfo();
// Check for invalid characters in the path
if (path.indexOf("..") != -1 || path.toUpperCase().indexOf("WEB-INF") != -1) {
res.sendError(HttpServletResponse.SC_FORBIDDEN,
"Illegal characters found in path " + path);
return;
}
sendFile(path, res);
| | private void | sendFile(java.lang.String path, javax.servlet.http.HttpServletResponse res)Sends the contents of a file to the client.
String fileName = getServletContext().getRealPath(path);
if (fileName == null) {
res.sendError(HttpServletResponse.SC_NOT_FOUND,
path + " not found.");
return;
}
File file = new File(fileName);
if (file.isDirectory() || !file.canRead()) {
res.sendError(HttpServletResponse.SC_FORBIDDEN,
"No read access to " + file.getAbsolutePath());
return;
}
res.setStatus(HttpServletResponse.SC_OK);
// Use "text/html" and convert HTML characters to
// character entities, to fool IE as explained above
res.setContentType("text/html");
long lastMod = file.lastModified();
if (lastMod != 0) {
res.setDateHeader("Last-modified", lastMod);
}
PrintWriter out = res.getWriter();
// Add HTML header
out.println("<html><head><title>" + path + "</title></head>");
out.println("<body><pre>");
// Read the file and convert it
BufferedReader in = new BufferedReader(new FileReader(file));
StringWriter rawText = new StringWriter();
copyFile(in, new PrintWriter(rawText));
in.close();
out.write(StringFormat.toHTMLString(rawText.toString()));
// Add HTML footer
out.println("</pre></body></html>");
out.close();
|
|
