You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by parth <pa...@silvertouch.com> on 2018/03/01 06:14:49 UTC

How to block URL in wicket?

*http://localhost:8080/my_project/app/resources/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/*

If user can enter this URL then he can see resouces of my project

*Example :*
jtrac.hbm.xml
jtrac-init.properties
messages_ar.properties
messages_cs.properties
messages_de.properties
messages_el.properties
messages_en.properties
...

So i want to block this URL and not permit any user to show these details.

Thank you.

--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: How to block URL in wicket?

Posted by Martin Grigorov <mg...@apache.org>.

Hi,

Such kind of security related issues should be reported to
private@wicket.apache.org or to security@apache.org.

But in your case it is not a big deal because you use Wicket 1.2/1.3. As
far as I remember JTrac is not updated since these versions of Wicket.
Try by using PackageResourceGuard. Here is the documentation for Wicket 7.x
[1] but it should be similar for 1.2/1.3

1.
https://ci.apache.org/projects/wicket/guide/7.x/single.html#_package_resource_guard

Martin Grigorov
Wicket Training and Consulting
Looking for a remote position with Wicket ? Contact me!
https://twitter.com/mtgrigorov

On Thu, Mar 1, 2018 at 7:14 AM, parth <pa...@silvertouch.com> wrote:

> *http://localhost:8080/my_project/app/resources/org.apache.wicket.ajax.
> AbstractDefaultAjaxBehavior/*
>
> If user can enter this URL then he can see resouces of my project
>
> *Example :*
> jtrac.hbm.xml
> jtrac-init.properties
> messages_ar.properties
> messages_cs.properties
> messages_de.properties
> messages_el.properties
> messages_en.properties
> ...
>
> So i want to block this URL and not permit any user to show these details.
>
> Thank you.
>
> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-
> f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>