myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lof...@apache.org
Subject svn commit: r377228 - /incubator/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java
Date Sun, 12 Feb 2006 19:57:36 GMT
Author: lofwyr
Date: Sun Feb 12 11:57:34 2006
New Revision: 377228

URL: http://svn.apache.org/viewcvs?rev=377228&view=rev
Log:
insert buffering + only deliver supported content-types

Modified:
    incubator/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java

Modified: incubator/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java
URL: http://svn.apache.org/viewcvs/incubator/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java?rev=377228&r1=377227&r2=377228&view=diff
==============================================================================
--- incubator/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java
(original)
+++ incubator/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java
Sun Feb 12 11:57:34 2006
@@ -21,6 +21,7 @@
 import org.apache.myfaces.tobago.context.Theme;
 
 import javax.servlet.ServletException;
+import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -29,7 +30,7 @@
 
 /**
  * User: lofwyr
- * Date: 10.11.2005 21:36:20
+ * @since 1.0.7
  *
  * XXX This class is in development. Please don't use it in
  * production environment!
@@ -37,6 +38,7 @@
 public class ResourceServlet extends HttpServlet {
 
   private static final Log LOG = LogFactory.getLog(ResourceServlet.class);
+  private static final int BUFFER_SIZE = 1024;
 
   protected void service(
       HttpServletRequest request, HttpServletResponse response)
@@ -52,9 +54,7 @@
 
     LOG.info("L " + resource);
 
-    InputStream is
-        = Theme.class.getClassLoader().getResourceAsStream(resource);
-
+    // todo: maybe support more extensions (configurable?)
     if (requestURI.endsWith(".gif")) {
       response.setContentType("image/gif");
     } else if (requestURI.endsWith(".png")) {
@@ -65,11 +65,20 @@
       response.setContentType("text/javascript");
     } else if (requestURI.endsWith(".css")) {
       response.setContentType("text/css");
+    } else {
+      LOG.warn("Unsupported file extension, will be ignored for security " +
+          "reasons. resource='" + resource + "'");
+      response.setStatus(403); // todo: is there a constant in servlet API for "forbidden"?
     }
 
-    int c;
-    while (-1 != (c = is.read())) {
-      response.getOutputStream().write(c);
+    InputStream inputStream
+        = Theme.class.getClassLoader().getResourceAsStream(resource);
+    ServletOutputStream outputStream = response.getOutputStream();
+
+    byte[] buffer = new byte[BUFFER_SIZE];
+    int number;
+    while (-1 != (number = inputStream.read(buffer))) {
+      outputStream.write(buffer, 0, number);
     }
   }
 }



Mime
View raw message