You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Mennat Mokhtar (JIRA)" <ji...@apache.org> on 2014/09/14 15:48:34 UTC

[jira] [Commented] (WICKET-5678) SecurePackageResourceGuard blocking static page

    [ https://issues.apache.org/jira/browse/WICKET-5678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14133222#comment-14133222 ] 

Mennat Mokhtar commented on WICKET-5678:
----------------------------------------

Regarding the above problems, we were able to fix the problem by adding the following lines of code.
                       
                        if( tomcatVersion <= 7 ){
				securePackageResourceGuard.addPattern( "+/com/seanergie/wicket/markup/html/form/ckeditor+*" );
			}else{ // https://issues.apache.org/jira/browse/WICKET-5678
				securePackageResourceGuard.addPattern( "+com/seanergie/wicket/markup/html/form/ckeditor/+*" );
			}

the problem was the receiding slash not the starting one.  
In the 
           CachingResourceStreamLocator 
in the 
           public IResourceStream locate 
in line 166 
          IResourceStream stream = locate(clazz, newPath);
The outcome of the above line results in different path structure in tomcat 7 and tomcat 8

Thanks

> SecurePackageResourceGuard blocking static page 
> ------------------------------------------------
>
>                 Key: WICKET-5678
>                 URL: https://issues.apache.org/jira/browse/WICKET-5678
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 6.16.0
>         Environment: Fedora20 Tomcat 8
>            Reporter: Mennat Mokhtar
>            Assignee: Martin Grigorov
>              Labels: easyfix
>         Attachments: myproject.tar.gz
>
>
> IPackageResourceGuard packageResourceGuard = application.getResourceSettings().getPackageResourceGuard();
> 		if( packageResourceGuard instanceof SecurePackageResourceGuard ){
> 			SecurePackageResourceGuard securePackageResourceGuard = (SecurePackageResourceGuard) packageResourceGuard;
> 			securePackageResourceGuard.addPattern( "+com/seanergie/wicket/markup/html/form/ckeditor/" );
> 			boolean accept = securePackageResourceGuard.accept( null, "com/seanergie/wicket/markup/html/form/ckeditor/" );
> 		}
> /********************************************************************************************/
> The above code results in accept being false.
> After tracing the problem seems to be in the loop matching the pattern line 190 in SecurePackageResourceGuard.
> The same code is returning true when running under tomcat 7 and returning false when running under tomcat 8.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)