diff --git a/csrfguard/src/main/java/org/owasp/csrfguard/CsrfGuardServletContextListener.java b/csrfguard/src/main/java/org/owasp/csrfguard/CsrfGuardServletContextListener.java index 954d6863..de42beb3 100644 --- a/csrfguard/src/main/java/org/owasp/csrfguard/CsrfGuardServletContextListener.java +++ b/csrfguard/src/main/java/org/owasp/csrfguard/CsrfGuardServletContextListener.java @@ -142,9 +142,14 @@ public void contextDestroyed(final ServletContextEvent event) { private InputStream getResourceStream(final String resourceName, final ServletContext context, final boolean failIfNotFound) throws IOException { InputStream inputStream; + + /* In case of Unexplored war, read file from the context path */ + inputStream = context.getResourceAsStream(resourceName); /* try classpath */ - inputStream = getClass().getClassLoader().getResourceAsStream(resourceName); + if (inputStream == null) { + inputStream = getClass().getClassLoader().getResourceAsStream(resourceName); + } /* try web context */ if (inputStream == null) { diff --git a/csrfguard/src/main/java/org/owasp/csrfguard/config/PropertiesConfigurationProvider.java b/csrfguard/src/main/java/org/owasp/csrfguard/config/PropertiesConfigurationProvider.java index addf35f4..9a5aa14d 100644 --- a/csrfguard/src/main/java/org/owasp/csrfguard/config/PropertiesConfigurationProvider.java +++ b/csrfguard/src/main/java/org/owasp/csrfguard/config/PropertiesConfigurationProvider.java @@ -46,7 +46,10 @@ import org.slf4j.LoggerFactory; import javax.servlet.ServletConfig; + import java.io.IOException; +import java.io.InputStream; +import java.net.MalformedURLException; import java.security.*; import java.time.Duration; import java.util.*; @@ -563,13 +566,28 @@ private void javascriptInitParamsIfNeeded() { } else if (servletConfig.getServletContext().getRealPath(this.javascriptSourceFile) != null) { this.javascriptTemplateCode = CsrfGuardUtils.readFileContent(servletConfig.getServletContext().getRealPath(this.javascriptSourceFile)); } else { - throw new IllegalStateException("getRealPath failed for file " + this.javascriptSourceFile); + try( final InputStream inputStream = getResourceStream(this.javascriptSourceFile, servletConfig)){ + this.javascriptTemplateCode = CsrfGuardUtils.readInputStreamContent(inputStream); + } catch (final Exception e) { + throw new IllegalStateException("getRealPath failed for file " + this.javascriptSourceFile); + } } this.javascriptParamsInitialized = true; } } } + + private InputStream getResourceStream(final String resourcePath, final ServletConfig servletConfig) throws MalformedURLException { + InputStream inputStream = null; + + if(servletConfig.getServletContext().getResource("/" + this.javascriptSourceFile) != null) { + inputStream = servletConfig.getServletContext().getResourceAsStream("/" + this.javascriptSourceFile); + } + + return inputStream; + } + private T getProperty(final JsConfigParameter jsConfigParameter, final ServletConfig servletConfig) { return jsConfigParameter.getProperty(servletConfig, this.propertiesCache); diff --git a/csrfguard/src/main/java/org/owasp/csrfguard/util/CsrfGuardUtils.java b/csrfguard/src/main/java/org/owasp/csrfguard/util/CsrfGuardUtils.java index 6e50ddbd..fdb3c3ff 100644 --- a/csrfguard/src/main/java/org/owasp/csrfguard/util/CsrfGuardUtils.java +++ b/csrfguard/src/main/java/org/owasp/csrfguard/util/CsrfGuardUtils.java @@ -138,7 +138,7 @@ public static String normalizeResourceURI(final String resourceURI) { return resourceURI.startsWith("/") ? resourceURI : '/' + resourceURI; } - private static String readInputStreamContent(final InputStream inputStream) { + public static String readInputStreamContent(final InputStream inputStream) { try { return IOUtils.toString(inputStream, Charset.defaultCharset()); } catch (final IOException ioe) {