WebletConfig webConfig = weblet.getWebletConfig(); if (pathInfo != null) { String mimeType = webConfig.getMimeType(pathInfo); WebletConfig webConfig = weblet.getWebletConfig(); Set allowedResources = webConfig.getAllowedResources();
public void service( WebletRequest request, WebletResponse response) throws IOException, WebletException { Weblet weblet = getWeblet(request); String pathInfo = request.getPathInfo(); //enhanced security check if (pathInfo != null && SandboxGuard.isJailBreak(pathInfo)) { throw new WebletException("Security Exception, the " + pathInfo + " breaks out of the resource jail, no resource is served!"); } WebletConfig webConfig = weblet.getWebletConfig(); String mimeType = null; if(!StringUtils.isBlank(pathInfo)) { mimeType = webConfig.getMimeType(pathInfo); } if(mimeType == null) { mimeType = response.getDefaultContentType(); } response.setContentType(mimeType); Set allowedResources = webConfig.getAllowedResources(); if (allowedResources != null) { String filetype = StringUtils.getExtension(pathInfo); if (!allowedResources.contains(filetype.toLowerCase())) { throw new WebletException("Security Exception, the " + pathInfo + " resource cannot be served!"); /* not allowed no content delivered */ } } weblet.service(request, response); }