Welcome to “Algorithms and the Beauty of Programming” ↑ pay attention to us!
This article was first published on the wechat official account “Beauty of Algorithms and Programming”. Welcome to follow and learn more about this series of blogs in time.
1 goal
The goal of this source code analysis is to understand what client requests do in StandardContextValve.
2 Analysis Methods
According to the first stack information, combined with Intellij Idea stack view, breakpoints, single step debugging and other means of source analysis.
10. atorg.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
3 Analysis Process
As you can see from the figure above, the client request goes through a series of valves before reaching the filter, and in this presentation we will focus on the StandardContextValve.
The invoke() method does the following:
1) Check whether the request path prefix is ‘/ meta-INF /’,’/ web-INF /’ or ‘/ meta-INF ‘,’/ web-INF ‘.
// Disallow any direct access to resources under WEB-INF orMETA-INF
MessageBytesrequestPathMB = request.getRequestPathMB();
if ((requestPathMB.startsWithIgnoreCase("/META-INF/".0))
||(requestPathMB.equalsIgnoreCase("/META-INF"))
||(requestPathMB.startsWithIgnoreCase("/WEB-INF/".0))
||(requestPathMB.equalsIgnoreCase("/WEB-INF"))) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
Copy the code
2) Get the StandardWrapperValve from the Request object and call its invoke() method to start the next Valve processing.
Wrapperwrapper = request.getWrapper();
wrapper.getPipeline().getFirst().invoke(request, response);
Copy the code
4 summarizes
The StandardContextValve component checks the path information of the request when it arrives, and disallows requests prefixed with ‘/META-INF/’,’/ web-INF /’ to ensure server security. Next, get the next component, StandardWrapperValve, and call its invoke method.
At the beginning of learning JavaWeb, we know that the files in the/web-inf/folder are not directly accessible and forbidden. We used to know this, but we didn’t know why. In this lecture, we analyze the reasons from the perspective of Tomcat source code.
In the next lecture we will examine the StandardHostValve component.
To know what will happen next, please continue to follow the “Beauty of Algorithms and programming” wechat public account, timely learn more exciting articles.
More source code analysis highlights:
My.oschina.net/gschen/blog…
DoGet method for Tomcat source Code Analysis (2)
DoGet method for Tomcat source Code Analysis (1)
Append method for StringBuffer source analysis