Class FileTemplateLoader
- All Implemented Interfaces:
TemplateLoader
TemplateLoader that uses files inside a specified directory as the source of templates. By default it does
security checks on the canonical path that will prevent it serving templates outside that specified
directory. If you want symbolic links that point outside the template directory to work, you need to disable this
feature by using FileTemplateLoader(File, boolean) with true second argument, but before that, check
the security implications there!-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic StringBy setting this Java system property totrue, you can change the default of#getEmulateCaseSensitiveFileSystem(). -
Constructor Summary
ConstructorsConstructorDescriptionDeprecated.FileTemplateLoader(File baseDir)Creates a new file template loader that will use the specified directory as the base directory for loading templates.FileTemplateLoader(File baseDir, boolean disableCanonicalPathCheck)Creates a new file template loader that will use the specified directory as the base directory for loading templates. -
Method Summary
Modifier and TypeMethodDescriptionvoidcloseTemplateSource(Object templateSource)Closes the template source, releasing any resources held that are only required for reading the template and/or its metadata.findTemplateSource(String name)Finds the template in the backing storage and returns an object that identifies the storage location where the template can be loaded from.Returns the base directory in which the templates are searched.booleanGetter pair ofsetEmulateCaseSensitiveFileSystem(boolean).protected booleanReturns the default ofgetEmulateCaseSensitiveFileSystem().longgetLastModified(Object templateSource)Returns the time of last modification of the specified template source.Returns the character stream of a template represented by the specified template source.voidsetEmulateCaseSensitiveFileSystem(boolean nameCaseChecked)Intended for development only, checks if the template name matches the case (upper VS lower case letters) of the actual file name, and if it doesn't, it emulates a file-not-found even if the file system is case insensitive.toString()Show class name and some details that are useful in template-not-found errors.
-
Field Details
-
SYSTEM_PROPERTY_NAME_EMULATE_CASE_SENSITIVE_FILE_SYSTEM
By setting this Java system property totrue, you can change the default of#getEmulateCaseSensitiveFileSystem(). -
baseDir
-
-
Constructor Details
-
FileTemplateLoader
Deprecated.Relying on what the current directory is is a bad practice; useFileTemplateLoader(File)instead.Creates a new file template cache that will use the current directory (the value of the system propertyuser.diras the base directory for loading templates. It will not allow access to template files that are accessible through symlinks that point outside the base directory.- Throws:
IOException
-
FileTemplateLoader
Creates a new file template loader that will use the specified directory as the base directory for loading templates. It will not allow access to template files that are accessible through symlinks that point outside the base directory.- Parameters:
baseDir- the base directory for loading templates- Throws:
IOException
-
FileTemplateLoader
Creates a new file template loader that will use the specified directory as the base directory for loading templates. See the parameters for allowing symlinks that point outside the base directory.- Parameters:
baseDir- the base directory for loading templatesdisableCanonicalPathCheck- Iftrue, it will not check if the file to be loaded is inside thebaseDiror not, according the canonical paths of thebaseDirand the file to load. Note thatConfiguration.getTemplate(String)and (its overloads) already prevents backing out from the template directory with paths like/../../../etc/password, however, that can be circumvented with symbolic links or other file system features. If you really want to use symbolic links that point outside thebaseDir, set this parameter totrue, but then be very careful with template paths that are supplied by the visitor or an external system.- Throws:
IOException
-
-
Method Details
-
findTemplateSource
Description copied from interface:TemplateLoaderFinds the template in the backing storage and returns an object that identifies the storage location where the template can be loaded from. See the return value for more information.- Specified by:
findTemplateSourcein interfaceTemplateLoader- Parameters:
name- The name (template root directory relative path) of the template, already localized and normalized by thecache. It is completely up to the loader implementation to interpret the name, however it should expect to receive hierarchical paths where path components are separated by a slash (not backslash). Backslashes (or any other OS specific separator character) are not considered as separators by FreeMarker, and thus they will not be replaced with slash before passing to this method, so it's up to the template loader to handle them (say, by throwing an exception that tells the user that the path (s)he has entered is invalid, as (s)he must use slash -- typical mistake of Windows users). The passed names are always considered relative to some loader-defined root location (often referred as the "template root directory"), and will never start with a slash, nor will they contain a path component consisting of either a single or a double dot -- these are all resolved by the template cache before passing the name to the loader. As a side effect, paths that trivially reach outside template root directory, such as../my.ftl, will be rejected by the template cache, so they never reach the template loader. Note again, that if the path uses backslash as path separator instead of slash as (the template loader should not accept that), the normalization will not properly happen, as FreeMarker (the cache) recognizes only the slashes as separators.- Returns:
- An object representing the template source, which can be supplied in subsequent calls to
TemplateLoader.getLastModified(Object)andTemplateLoader.getReader(Object, String), when those are called on the sameTemplateLoader.nullmust be returned if the source for the template doesn't exist; don't throw exception then! The exact type of this object is up to theTemplateLoaderimplementation. As this object is possibly used as hash key in caches, and is surly compared with another template source for equality, it must have a properObject.equals(Object)andObject.hashCode()) implementation. Especially, template sources that refer to the same physical source must be equivalent, otherwise template caching can become inefficient. This is only expected fromObject.equals(Object)when the compared template sources came from the sameTemplateLoaderinstance. Also, it must not influence the equality if the source is open or closed (TemplateLoader.closeTemplateSource(Object)). - Throws:
IOException- When an error occurs that makes it impossible to find out if the template exists, or to access the existing template. Don't throw exception if the template doesn't exist, instead return withnullthen!
-
getLastModified
Description copied from interface:TemplateLoaderReturns the time of last modification of the specified template source. This method is called afterfindTemplateSource().- Specified by:
getLastModifiedin interfaceTemplateLoader- Parameters:
templateSource- an object representing a template source (the template file), obtained through a prior call toTemplateLoader.findTemplateSource(String). This must be an object on whichTemplateLoader.closeTemplateSource(Object)wasn't applied yet.- Returns:
- The time of last modification for the specified template source, or -1 if the time is not known. This
value meant to be milliseconds since the epoch, but in fact FreeMarker doesn't care what it means, it
only cares if it changes, in which case the template needs to be reloaded (even if the value has
decreased). -1 is not special in that regard either; if you keep returning it, FreeMarker won't
reload the template (as far as it's not evicted from the cache from some other
reason). Note that
Long.MIN_VALUEis reserved for internal use.
-
getReader
Description copied from interface:TemplateLoaderReturns the character stream of a template represented by the specified template source. This method is possibly called for multiple times for the same template source object, and it must always return aReaderthat reads the template from its beginning. Before this method is called for the second time (or later), its caller must close the previously returnedReader, and it must not use it anymore. That is, this method is not required to support multiple concurrent readers for the same sourcetemplateSourceobject.Typically, this method is called if the template is missing from the cache, or if after calling
TemplateLoader.findTemplateSource(String)andTemplateLoader.getLastModified(Object)it was determined that the cached copy of the template is stale. Then, if it turns out that theencodingparameter used doesn't match the actual template content (based on the#ftl encoding=...header), this method will be called for a second time with the correctencodingparameter value.Unlike
TemplateLoader.findTemplateSource(String), this method must not tolerate if the template is not found, and must throwIOExceptionin that case.- Specified by:
getReaderin interfaceTemplateLoader- Parameters:
templateSource- an object representing a template source, obtained through a prior call toTemplateLoader.findTemplateSource(String). This must be an object on whichTemplateLoader.closeTemplateSource(Object)wasn't applied yet.encoding- the character encoding used to translate source bytes to characters. Some loaders may not have access to the byte representation of the template stream, and instead directly obtain a character stream. These loaders should ignore the encoding parameter.- Returns:
- A
Readerrepresenting the template character stream; notnull. It's the responsibility of the caller (which isTemplateCacheusually) toclose()it. TheReaderis not required to work after thetemplateSourcewas closed (TemplateLoader.closeTemplateSource(Object)). - Throws:
IOException- if an I/O error occurs while accessing the stream.
-
closeTemplateSource
Description copied from interface:TemplateLoaderCloses the template source, releasing any resources held that are only required for reading the template and/or its metadata. This is the last method that is called by theTemplateCachefor a template source, except thatObject.equals(Object)is might called later too.TemplateCacheensures that this method will be called on every object that is returned fromTemplateLoader.findTemplateSource(String).- Specified by:
closeTemplateSourcein interfaceTemplateLoader- Parameters:
templateSource- the template source that should be closed.
-
getBaseDirectory
Returns the base directory in which the templates are searched. This comes from the constructor argument, but it's possibly a canonicalized version of that.- Since:
- 2.3.21
-
setEmulateCaseSensitiveFileSystem
public void setEmulateCaseSensitiveFileSystem(boolean nameCaseChecked)Intended for development only, checks if the template name matches the case (upper VS lower case letters) of the actual file name, and if it doesn't, it emulates a file-not-found even if the file system is case insensitive. This is useful when developing application on Windows, which will be later installed on Linux, OS X, etc. This check can be resource intensive, as to check the file name the directories involved, up to thegetBaseDirectory()directory, must be listed. Positive results (matching case) will be cached without expiration time.The default in
FileTemplateLoaderisfalse, but subclasses may change they by overridinggetEmulateCaseSensitiveFileSystemDefault().- Since:
- 2.3.23
-
getEmulateCaseSensitiveFileSystem
public boolean getEmulateCaseSensitiveFileSystem()Getter pair ofsetEmulateCaseSensitiveFileSystem(boolean).- Since:
- 2.3.23
-
getEmulateCaseSensitiveFileSystemDefault
protected boolean getEmulateCaseSensitiveFileSystemDefault()Returns the default ofgetEmulateCaseSensitiveFileSystem(). InFileTemplateLoaderit'sfalse, unless theSYSTEM_PROPERTY_NAME_EMULATE_CASE_SENSITIVE_FILE_SYSTEMsystem property was set totrue, but this can be overridden here in custom subclasses. For example, if your environment defines something like developer mode, you may want to override this to returntrueon Windows.- Since:
- 2.3.23
-
toString
Show class name and some details that are useful in template-not-found errors.
-
FileTemplateLoader(File)instead.