Package com.atlassian.confluence.impl.webapp

Class FourOhFourServlet

java.lang.Object

javax.servlet.GenericServlet

com.atlassian.confluence.impl.webapp.FourOhFourServlet

All Implemented Interfaces:

Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class FourOhFourServlet
extends javax.servlet.GenericServlet

Servlet that always returns a 404.

Introduced with the purpose of taking precedence over any container-default JSP-handling servlet, effectively disabling it. This saves needing container-specific XML configuration that is prone to regression.

Disabling the JSP-handling servlet prevents JSPs from being compiled and served directly at runtime, which can lead to an instant RCE if even a single file or disk write is compromised. Instead, all JSPs must be compiled to Servlet classes at build-time and registered in Servlets.

Since:

8.8.0

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor	Description
FourOhFourServlet()

Method Summary

Modifier and Type	Method	Description
void	service(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FourOhFourServlet

public FourOhFourServlet()

Method Detail

service

public void service(javax.servlet.ServletRequest req,
                    javax.servlet.ServletResponse res)
             throws javax.servlet.ServletException,
                    IOException

Specified by:

service in interface javax.servlet.Servlet

Specified by:

service in class javax.servlet.GenericServlet

Throws:

javax.servlet.ServletException

IOException