You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by ro...@apache.org on 2009/12/11 07:28:30 UTC
svn commit: r889514 - in
/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src:
main/java/org/apache/tapestry5/services/ test/app1/ test/app1/WEB-INF/
test/java/org/apache/tapestry5/integration/
test/java/org/apache/tapestry5/integration/app1/serv...
Author: robertdzeigler
Date: Fri Dec 11 06:28:30 2009
New Revision: 889514
URL: http://svn.apache.org/viewvc?rev=889514&view=rev
Log:
TAP5-815: Asset dispatcher allows any file inside the webapp visible and downloadable
Better regex for context files: disables everything at/below WEB-INF, enables everything else in the context, 5.1 branch.
Added:
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/WEB-INF/unavailable.css
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/availablefile2.txt
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/unavailablefile.txt
- copied unchanged from r889457, tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/unavailablefile.txt
Removed:
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/unavailablefile.txt
Modified:
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=889514&r1=889513&r2=889514&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java (original)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java Fri Dec 11 06:28:30 2009
@@ -2458,7 +2458,12 @@
if (contextAvailable)
{
- regex.add(RequestConstants.CONTEXT_FOLDER + appVersion + "/" + pathPattern);
+ //we allow everything underneath the context folder, as long as it's not
+ //at or below WEB-INF.
+ //necessary since context assets are now handled via AssetDispatcher so that
+ //they can be compressed, combined, etc.
+ String contextPathPattern = "/(?!WEB-INF)([^/.]+/)*[^/]+$";
+ regex.add(RequestConstants.CONTEXT_FOLDER + appVersion + contextPathPattern);
}
}
Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml?rev=889514&r1=889513&r2=889514&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml (original)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml Fri Dec 11 06:28:30 2009
@@ -1,4 +1,8 @@
<html t:type="Border" xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd">
<a href="${asset:context:availablefile.txt}">Available File</a>
- <a href="${asset:context:unavailablefile.txt}">Unavailable File</a>
+ <a href="${asset:context:WEB-INF/unavailable.css}">Unavailable CSS</a>
+ <a href="${asset:context:WEB-INF}">WEB-INF</a>
+ <a href="${asset:context:WEB-INF/}">WEB-INF/</a>
+ <a href="${asset:classpath:/org/apache/tapestry5/integration/app1/pages/unavailablefile.txt}">Unavailable File</a>
+ <a href="${asset:classpath:/org/apache/tapestry5/integration/app1/pages/availablefile2.txt}">Available File2</a>
</html>
\ No newline at end of file
Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/WEB-INF/unavailable.css
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/WEB-INF/unavailable.css?rev=889514&view=auto
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/WEB-INF/unavailable.css (added)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/WEB-INF/unavailable.css Fri Dec 11 06:28:30 2009
@@ -0,0 +1,3 @@
+/*the originally contributed regex to open up context assets resulted in
+ * .css, .jpeg, etc. files in WEB-INF being accessible. This css file is just here for
+ * integration testing purposes to make sure that's not the case now.*/
\ No newline at end of file
Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java?rev=889514&r1=889513&r2=889514&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java (original)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java Fri Dec 11 06:28:30 2009
@@ -3032,14 +3032,32 @@
/** TAP5-815 */
@Test
- public void testAssetProtection()
+ public void testAssetProtection() throws InterruptedException
{
+
+ //context resourcs should be available by default.
+ start("Asset Protection Demo");
+ clickAndWait("link=Available File");
+ assertTextPresent("This file should be available to clients.");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=Unavailable CSS");
+ assertTextPresent("HTTP ERROR: 404");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=WEB-INF");
+ assertTextPresent("HTTP ERROR: 404");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=WEB-INF/");
+ assertTextPresent("HTTP ERROR: 404");
+
start("Asset Protection Demo");
clickAndWait("link=Unavailable File");
- assertTextPresent("404");
+ assertTextPresent("HTTP ERROR: 404");
start("Asset Protection Demo");
- clickAndWait("link=Available File");
+ clickAndWait("link=Available File2");
assertTextPresent("This file should be available to clients.");
}
Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=889514&r1=889513&r2=889514&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java (original)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java Fri Dec 11 06:28:30 2009
@@ -259,9 +259,8 @@
}
public static void contributeWhitelistAuthorizer(
- Configuration<String> configuration,
- @Symbol(SymbolConstants.APPLICATION_VERSION) String appVersion)
+ Configuration<String> configuration)
{
- configuration.add(RequestConstants.CONTEXT_FOLDER + appVersion + "/availablefile.txt");
+ configuration.add("org/apache/tapestry5/integration/app1/pages/availablefile2.txt");
}
}
Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/availablefile2.txt
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/availablefile2.txt?rev=889514&view=auto
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/availablefile2.txt (added)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/availablefile2.txt Fri Dec 11 06:28:30 2009
@@ -0,0 +1 @@
+This file should be available to clients.
\ No newline at end of file