From 01ccb271d34258872b859c0fc1d253cc81341917 Mon Sep 17 00:00:00 2001
From: David Benson <david@draw.io>
Date: Sun, 15 May 2022 11:13:37 +0100
Subject: [PATCH] Limit wellknown servlet to serve single file

---
 .../com/mxgraph/online/WellKnownServlet.java  | 50 +++++++++++--------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/src/main/java/com/mxgraph/online/WellKnownServlet.java b/src/main/java/com/mxgraph/online/WellKnownServlet.java
index be0f0f25c6..c702cecffe 100644
--- a/src/main/java/com/mxgraph/online/WellKnownServlet.java
+++ b/src/main/java/com/mxgraph/online/WellKnownServlet.java
@@ -14,7 +14,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * Servlet to fake a .well-known directory
+ * Servlet to fake a .well-known directory, GAE does not directly support . prefixed directories
  */
 @SuppressWarnings("serial")
 public class WellKnownServlet extends HttpServlet
@@ -38,31 +38,41 @@ protected void doGet(HttpServletRequest request,
 	{
         // GAE can't serve dot prefixed folders
         String uri = request.getRequestURI().replace("/.", "/");
-
-        if (uri.toLowerCase().contains(".json"))
-        {
-        	response.setContentType("application/json");
-        }
-
-        // Serve whatever was requested from .well-known
-        try (InputStream in = getServletContext().getResourceAsStream(uri))
+        
+        // Currently, there is only one file that this servlet serves. This is only
+        // needed if you want OneDrive integration. 
+        if (uri != null && uri.equals("/well-known/microsoft-identity-association.json"))
         {
-            if (in == null)
+            if (uri.toLowerCase().contains(".json"))
             {
-            	response.sendError(404);
-                return;
+                response.setContentType("application/json");
             }
-            
-            byte[] buffer = new byte[8192];
-            int count;
 
-            while ((count = in.read(buffer)) > 0)
+            // Serve whatever was requested from .well-known
+            try (InputStream in = getServletContext().getResourceAsStream(uri))
             {
-            	response.getOutputStream().write(buffer, 0, count);
+                if (in == null)
+                {
+                    response.sendError(404);
+                    return;
+                }
+                
+                byte[] buffer = new byte[8192];
+                int count;
+
+                while ((count = in.read(buffer)) > 0)
+                {
+                    response.getOutputStream().write(buffer, 0, count);
+                }
+                
+                response.getOutputStream().flush();
+                response.getOutputStream().close();
             }
-            
-            response.getOutputStream().flush();
-            response.getOutputStream().close();
+        }
+        else
+        {
+            response.sendError(404);
+            return;
         }
     }
 }