Hello
See the javadoc for javax.servlet.ServletContext.getResourceAsStream():
This method bypasses both implicit (no direct access to WEB-INF or META-INF) and explicit (defined by the web
application) security constraints. Care should be taken both when constructing the path (e.g. avoid unsanitized
user provided data) and when using the result not to create a security vulnerability in the application.
so you're right - you can get the class stream using SC.getResource().
In Pax Web you have 3 specifications (OSGi CMPN chapters):
- 102 - HttpService
- 128 - Web Applications
- 140 - Whiteboard
Also "102.10.3.1 public HttpContext createDefaultHttpContext()" says explicitly:
getResource - Assumes the named resource is in the context bundle; this method calls the context bundle's Bundle.getResource method, and returns the appropriate URL to access the resource
The getResource and getResourceAsStream methods of the ServletContext interface are used to access resources in the web application. For a WAB, these resources must be found according to the findEntries method, this method includes fragments. For the getResource and getResourceAsStream method, if multiple resources are found, then the first one must be used.
So Bundle.getResource() (classLoader-like access) in CMPN 102 vs. Bundle.FindEntries() (non-classLoader-like access) in CMPN 128.
getResource(String) – Backed by the ServletContextHelper
so org.osgi.service.http.context.ServletContextHelper#getResource() is used - this time (differently than in CMPN 102) there'a actual default implementation (instead of just JavaDoc):
public URL getResource(String name) {
if ((name != null) && (bundle != null)) {
if (name.startsWith("/")) {
name = name.substring(1);
}
return bundle.getEntry(name);
}
return null;
}
So this time - Bundle.getEntry() (non-classLoader-like access).
I hope this helps and gives you right context (sic!).
regards
Grzegorz Grzybek