Package com.atlassian.confluence.impl.webapp

Class FourOhFourServlet

java.lang.Object
javax.servlet.GenericServlet
com.atlassian.confluence.impl.webapp.FourOhFourServlet
All Implemented Interfaces:
Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
public class FourOhFourServlet extends javax.servlet.GenericServlet

Servlet that always returns a 404.

Introduced with the purpose of taking precedence over any container-default JSP-handling servlet, effectively disabling it. This saves needing container-specific XML configuration that is prone to regression.

Disabling the JSP-handling servlet prevents JSPs from being compiled and served directly at runtime, which can lead to an instant RCE if even a single file or disk write is compromised. Instead, all JSPs must be compiled to Servlet classes at build-time and registered in Servlets.

Since:
8.8.0
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    FourOhFourServlet()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    service(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)
     

    Methods inherited from class javax.servlet.GenericServlet

    destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • FourOhFourServlet

      public FourOhFourServlet()

  • Method Details

    • service

      public void service(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res) throws javax.servlet.ServletException, IOException
      Specified by:
      service in interface javax.servlet.Servlet
      Specified by:
      service in class javax.servlet.GenericServlet
      Throws:
      javax.servlet.ServletException
      IOException