Disable support of Tomcat WebSocket and JSP

author Simon Brandhof <simon.brandhof@sonarsource.com>

Thu, 6 Jul 2017 10:29:03 +0000 (12:29 +0200)

committer Simon Brandhof <simon.brandhof@sonarsource.com>

Fri, 7 Jul 2017 09:36:41 +0000 (11:36 +0200)
author Simon Brandhof <simon.brandhof@sonarsource.com>
Thu, 6 Jul 2017 10:29:03 +0000 (12:29 +0200)
committer Simon Brandhof <simon.brandhof@sonarsource.com>
Fri, 7 Jul 2017 09:36:41 +0000 (11:36 +0200)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/app/TomcatContexts.java b/server/sonar-server/src/main/java/org/sonar/server/app/TomcatContexts.java

index 3c567346f16400e23b0d8b63f49336c25935ff0f..98145d83e469a8364081fca7457c33861ea26f0c 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/app/TomcatContexts.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/app/TomcatContexts.java
@@ -106,6 +106,8 @@ public class TomcatContexts {
        context.setJarScanner(new NullJarScanner());
        context.setAllowCasualMultipartParsing(true);
        context.setCookies(false);
+      // disable JSP and WebSocket support
+      context.setContainerSciFilter("org.apache.tomcat.websocket.server.WsSci|org.apache.jasper.servlet.JasperInitializer");
        return context;
      } catch (ServletException e) {
        throw new IllegalStateException("Fail to configure webapp from " + dir, e);
author	Simon Brandhof <simon.brandhof@sonarsource.com>
	Thu, 6 Jul 2017 10:29:03 +0000 (12:29 +0200)
committer	Simon Brandhof <simon.brandhof@sonarsource.com>
	Fri, 7 Jul 2017 09:36:41 +0000 (11:36 +0200)