Adding support for un-exploded deployments (#99)

Co-authored-by: Lav Mishra <[email protected]>

Author: lav023

csrfguard/src/main/java/org/owasp/csrfguard/CsrfGuardServletContextListener.java

@@ -142,9 +142,14 @@ public void contextDestroyed(final ServletContextEvent event) {
 
 	private InputStream getResourceStream(final String resourceName, final ServletContext context, final boolean failIfNotFound) throws IOException {
 		InputStream inputStream;
+		
+		/* In case of Unexplored war, read file from the context path */
+		inputStream = context.getResourceAsStream(resourceName);
 
 		/* try classpath */
-		inputStream = getClass().getClassLoader().getResourceAsStream(resourceName);
+		if (inputStream == null) {
+			inputStream = getClass().getClassLoader().getResourceAsStream(resourceName);
+		}
 
 		/* try web context */
 		if (inputStream == null) {

csrfguard/src/main/java/org/owasp/csrfguard/config/PropertiesConfigurationProvider.java

@@ -46,7 +46,10 @@
 import org.slf4j.LoggerFactory;
 
 import javax.servlet.ServletConfig;
+
 import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
 import java.security.*;
 import java.time.Duration;
 import java.util.*;
@@ -563,13 +566,28 @@ private void javascriptInitParamsIfNeeded() {
 				} else if (servletConfig.getServletContext().getRealPath(this.javascriptSourceFile) != null) {
 					this.javascriptTemplateCode = CsrfGuardUtils.readFileContent(servletConfig.getServletContext().getRealPath(this.javascriptSourceFile));
 				} else {
-					throw new IllegalStateException("getRealPath failed for file " + this.javascriptSourceFile);
+					try( final InputStream inputStream = getResourceStream(this.javascriptSourceFile, servletConfig)){
+						this.javascriptTemplateCode = CsrfGuardUtils.readInputStreamContent(inputStream);	
+					} catch (final Exception e) {
+						throw new IllegalStateException("getRealPath failed for file " + this.javascriptSourceFile);
+					}
 				}
 
 				this.javascriptParamsInitialized = true;
 			}
 		}
 	}
+	
+	private InputStream getResourceStream(final String resourcePath, final ServletConfig servletConfig) throws MalformedURLException  {
+		InputStream inputStream = null;
+		
+		if(servletConfig.getServletContext().getResource("/" + this.javascriptSourceFile) != null) {
+			inputStream = servletConfig.getServletContext().getResourceAsStream("/" + this.javascriptSourceFile);
+		}
+		
+		return inputStream;
+	}
+
 
 	private <T> T getProperty(final JsConfigParameter<T> jsConfigParameter, final ServletConfig servletConfig) {
 		return jsConfigParameter.getProperty(servletConfig, this.propertiesCache);

csrfguard/src/main/java/org/owasp/csrfguard/util/CsrfGuardUtils.java

@@ -138,7 +138,7 @@ public static String normalizeResourceURI(final String resourceURI) {
         return resourceURI.startsWith("/") ? resourceURI : '/' + resourceURI;
     }
 
-    private static String readInputStreamContent(final InputStream inputStream) {
+    public static String readInputStreamContent(final InputStream inputStream) {
         try {
             return IOUtils.toString(inputStream, Charset.defaultCharset());
         } catch (final IOException ioe) {