Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Resource Not Found after Spring 4.1.2 Update when deploy with JRebel 6.0.0

Tags:

java

spring-mvc

spring

jrebel

Spring 4.1.2 (4.0.8 and 3.2.12) contains a Security Bugfix SPR-12354 that prevents the ResourceHttpRequestHandler (the thing behind <mvc:resources>) to load files from outside the the resource folder.

On the other hand: is JRebel (I use it with its default configuration). And it seams that JRebel do some magic to load the resources not from the wtp folder but directly form the "source" folder.

So after upgrading from Spring 3.2.11 to 3.2.12 (and an other similar Application from 4.0.7 to 4.0.8) Springs ResourceHttpRequestHandler does not longer deliver the resource files that are "maintained" by JRebel. Instead is delivers a 404. The reason is that Spring compare the absolute file path of the configured resource folder with the absolute file path of the file that is going to be delivered. If the ResourceHttpRequestHandler perceived that the file is outside of configured resource folder, then it assume that the url that was used to select the file is malicious. Therefore the ResourceHttpRequestHandler and response with a 404 resource not found.

I expect that JRebel can been configured not to "maintain" js, png and css files, but I don't know how. And this is the question: How to configure JRebel that a Spring MVC Application (v 4.0.8) still deliver Resources with ResourceHttpRequestHandler?

(I expect that almost every JRebel User is facing this problem after upgrading to Spring 4.1.2, 4.0.8 or 3.2.12).

(don't get me wrong, this is NOT a question how to manipulate Spring not to check that the files are outside of the configures resource folder. I have had a look at the source code and the observed behaviour is the behaviour that is intended by the authors of the Bug fix. - This question is about configuring JRebel)

like image 614
Ralph Avatar asked Nov 12 '14 21:11

Ralph

1 Answers

Thank you for very good problem description!

Looks like this Spring change introduced the incompatibility into the JRebel. I am from JRebel team and will make sure this will be fixed!

As a workaround you can use <exclude> tag in your rebel.xml <web> element to tell JRebel not to touch these specific files. Here is more info of how to configure it http://manuals.zeroturnaround.com/jrebel/standalone/config.html#exclude

Other easier workaround is just removing the <web> element altogether.

like image 50
Margus Pala Avatar answered Sep 19 '22 10:09

Margus Pala
Sign in to Comment

Related questions

How to reduce the number of threads used by the jvm
Could not initialize class com.amazonaws.services.sqs.AmazonSQSClient
How to ensure replaceAll will replace a whole word and not a subString
Saving an EMF Model
Java Nio absolute path to relative path
Could not obtain transaction-synchronized Session for current thread
Java8 Lambda performance vs public functions
MongoDB: insert documents with specific id instead of auto generated ObjectID
How do I force mkdir to overwrite existing directory?
Error retrieving parent for item: No resource found that matches the given name '@android:style/Theme.AppCompat.Light.DarkActionBar'
Insert Column Label into pivot table by using Apache POI?
Need to extract filename from URL [duplicate]
Spring Boot use SystemTray Icons
NavigationDrawerFragment not working with AppCompat Toolbar
While sorting the map based on value, some values are missing. What causes this weird behaviour?
What is more idiomatic: setters taking an Optional<T> or just T?
Java Mail Formatting a table sent in an e-mail using CSS?
Finding the longest string in an array of Strings
MySQL loop through every row (big table)
How do I print out all keys in hashmap? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!