You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Mennat Mokhtar (JIRA)" <ji...@apache.org> on 2014/09/14 15:48:34 UTC
[jira] [Commented] (WICKET-5678) SecurePackageResourceGuard
blocking static page
[ https://issues.apache.org/jira/browse/WICKET-5678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14133222#comment-14133222 ]
Mennat Mokhtar commented on WICKET-5678:
----------------------------------------
Regarding the above problems, we were able to fix the problem by adding the following lines of code.
if( tomcatVersion <= 7 ){
securePackageResourceGuard.addPattern( "+/com/seanergie/wicket/markup/html/form/ckeditor+*" );
}else{ // https://issues.apache.org/jira/browse/WICKET-5678
securePackageResourceGuard.addPattern( "+com/seanergie/wicket/markup/html/form/ckeditor/+*" );
}
the problem was the receiding slash not the starting one.
In the
CachingResourceStreamLocator
in the
public IResourceStream locate
in line 166
IResourceStream stream = locate(clazz, newPath);
The outcome of the above line results in different path structure in tomcat 7 and tomcat 8
Thanks
> SecurePackageResourceGuard blocking static page
> ------------------------------------------------
>
> Key: WICKET-5678
> URL: https://issues.apache.org/jira/browse/WICKET-5678
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 6.16.0
> Environment: Fedora20 Tomcat 8
> Reporter: Mennat Mokhtar
> Assignee: Martin Grigorov
> Labels: easyfix
> Attachments: myproject.tar.gz
>
>
> IPackageResourceGuard packageResourceGuard = application.getResourceSettings().getPackageResourceGuard();
> if( packageResourceGuard instanceof SecurePackageResourceGuard ){
> SecurePackageResourceGuard securePackageResourceGuard = (SecurePackageResourceGuard) packageResourceGuard;
> securePackageResourceGuard.addPattern( "+com/seanergie/wicket/markup/html/form/ckeditor/" );
> boolean accept = securePackageResourceGuard.accept( null, "com/seanergie/wicket/markup/html/form/ckeditor/" );
> }
> /********************************************************************************************/
> The above code results in accept being false.
> After tracing the problem seems to be in the loop matching the pattern line 190 in SecurePackageResourceGuard.
> The same code is returning true when running under tomcat 7 and returning false when running under tomcat 8.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)