Allow relative paths within resource location path

Prior to this change, location paths used for resource handling would
not allow "non-cleaned, relative paths" such as
`file://home/user/static/../static/`. When checking if the resolved
resource's path starts with the location path, a mismatch would happen
when comparing for example:

* the location `file://home/user/static/../static/`
* and the resource `file://home/user/static/resource.txt`

This commit cleans the location path before comparing it to the resource
path.

Issue: SPR-12624

Author: bclozel

spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2015 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.UrlResource;
+import org.springframework.util.StringUtils;
 import org.springframework.web.context.support.ServletContextResource;
 
 /**
@@ -164,19 +165,19 @@ private boolean isResourceUnderLocation(Resource resource, Resource location) th
 		String locationPath;
 		if (resource instanceof UrlResource) {
 			resourcePath = resource.getURL().toExternalForm();
-			locationPath = location.getURL().toExternalForm();
+			locationPath = StringUtils.cleanPath(location.getURL().toString());
 		}
 		else if (resource instanceof ClassPathResource) {
 			resourcePath = ((ClassPathResource) resource).getPath();
-			locationPath = ((ClassPathResource) location).getPath();
+			locationPath = StringUtils.cleanPath(((ClassPathResource) location).getPath());
 		}
 		else if (resource instanceof ServletContextResource) {
 			resourcePath = ((ServletContextResource) resource).getPath();
-			locationPath = ((ServletContextResource) location).getPath();
+			locationPath = StringUtils.cleanPath(((ServletContextResource) location).getPath());
 		}
 		else {
 			resourcePath = resource.getURL().getPath();
-			locationPath = location.getURL().getPath();
+			locationPath = StringUtils.cleanPath(location.getURL().getPath());
 		}
 		locationPath = (locationPath.endsWith("/") || locationPath.isEmpty() ? locationPath : locationPath + "/");
 		if (!resourcePath.startsWith(locationPath)) {

spring-webmvc/src/test/java/org/springframework/web/servlet/resource/PathResourceResolverTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2015 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -108,4 +108,13 @@ public void checkServletContextResource() throws Exception {
 		assertTrue(this.resolver.checkResource(resource, servletContextLocation));
 	}
 
+	// SPR-12624
+	@Test
+	public void checkRelativeLocation() throws Exception {
+		String locationUrl= new UrlResource(getClass().getResource("./test/")).getURL().toExternalForm();
+		Resource location = new UrlResource(locationUrl.replace("/springframework","/../org/springframework"));
+
+		assertNotNull(this.resolver.resolveResource(null, "main.css", Arrays.asList(location), null));
+	}
+
 }