You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by sv...@apache.org on 2012/02/28 11:47:52 UTC
git commit: WICKET-4427 renamed allowAccessToWebInfResources to
allowAccessToRootResources for better understanding
Updated Branches:
refs/heads/master 7477ef478 -> 73307ccce
WICKET-4427 renamed allowAccessToWebInfResources to allowAccessToRootResources for better understanding
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/73307ccc
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/73307ccc
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/73307ccc
Branch: refs/heads/master
Commit: 73307ccceff558f38aa2363194cfd9550fcef966
Parents: 7477ef4
Author: svenmeier <sv...@apache.org>
Authored: Tue Feb 28 11:47:25 2012 +0100
Committer: svenmeier <sv...@apache.org>
Committed: Tue Feb 28 11:47:25 2012 +0100
----------------------------------------------------------------------
.../wicket/markup/html/PackageResourceGuard.java | 20 +++----
.../markup/html/PackageResourceGuardTest.java | 41 +++++++++++++++
.../html/SecurePackageResourceGuardTest.java | 10 ++--
3 files changed, 55 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/73307ccc/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
index cfc73e2..393c6a6 100644
--- a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
+++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
@@ -46,7 +46,7 @@ public class PackageResourceGuard implements IPackageResourceGuard
/** Set of filenames that are denied access. */
private Set<String> blockedFiles = new HashSet<String>(4);
- private boolean allowAccessToWebInfResources = false;
+ private boolean allowAccessToRootResources = false;
/**
* Construct.
@@ -127,7 +127,7 @@ public class PackageResourceGuard implements IPackageResourceGuard
}
}
- if (!allowAccessToWebInfResources)
+ if (!allowAccessToRootResources)
{
String absolute = path;
if (absolute.startsWith("/"))
@@ -136,7 +136,7 @@ public class PackageResourceGuard implements IPackageResourceGuard
}
if (!absolute.contains("/"))
{
- log.warn("Access to web-inf directory via '..' is by default disabled for shared resources: " +
+ log.warn("Access to root directory is by default disabled for shared resources: " +
path);
return false;
}
@@ -217,24 +217,22 @@ public class PackageResourceGuard implements IPackageResourceGuard
}
/**
- * Checks whether or not resources in the WEB-INF folder can be access.
+ * Checks whether or not resources in the web root folder can be access.
*
* @return {@code true} iff root resources can be accessed
*/
- public final boolean isAllowAccessToWebInfResources()
+ public final boolean isAllowAccessToRootResources()
{
- return allowAccessToWebInfResources;
+ return allowAccessToRootResources;
}
/**
- * Sets whether or not resources in the root (WEB-INF) folder can be accessed.
+ * Sets whether or not resources in the web root folder can be accessed.
*
* @param allowAccessToRootResources
*/
- public final void setAllowAccessToWebInfResources(boolean allowAccessToRootResources)
+ public final void setAllowAccessToRootResources(boolean allowAccessToRootResources)
{
- allowAccessToWebInfResources = allowAccessToRootResources;
+ this.allowAccessToRootResources = allowAccessToRootResources;
}
-
-
}
http://git-wip-us.apache.org/repos/asf/wicket/blob/73307ccc/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
new file mode 100644
index 0000000..0620a62
--- /dev/null
+++ b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.markup.html;
+
+import org.apache.wicket.WicketTestCase;
+import org.junit.Test;
+
+/**
+ * @author Juergen Donnerstag
+ */
+public class PackageResourceGuardTest extends WicketTestCase
+{
+ /**
+ * Test acceptance of root folder.
+ */
+ @Test
+ public void accept()
+ {
+ PackageResourceGuard guard = new PackageResourceGuard();
+
+ guard.setAllowAccessToRootResources(false);
+ assertFalse(guard.accept(Integer.TYPE, "test.gif"));
+
+ guard.setAllowAccessToRootResources(true);
+ assertTrue(guard.accept(Integer.TYPE, "test.gif"));
+ }
+}
http://git-wip-us.apache.org/repos/asf/wicket/blob/73307ccc/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java b/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java
index 46336ee..61cc5bf 100644
--- a/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java
+++ b/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java
@@ -32,7 +32,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
public void accept()
{
SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
- guard.setAllowAccessToWebInfResources(false);
+ guard.setAllowAccessToRootResources(false);
guard.addPattern("+*.gif");
assertTrue(guard.accept(Application.class, "test.gif"));
assertTrue(guard.accept(Application.class, "mydir/test.gif"));
@@ -40,9 +40,9 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
assertTrue(guard.accept(Application.class, "../test.gif"));
assertTrue(guard.accept(Application.class, "../../test.gif"));
- // web-inf (root package)
+ // root package
assertFalse(guard.accept(Application.class, "../../../test.gif"));
- guard.setAllowAccessToWebInfResources(true);
+ guard.setAllowAccessToRootResources(true);
assertTrue(guard.accept(Application.class, "../../../test.gif"));
boolean hit = false;
@@ -79,7 +79,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
public void fileOnly()
{
SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
- guard.setAllowAccessToWebInfResources(true);
+ guard.setAllowAccessToRootResources(true);
guard.addPattern("+**.gif");
guard.addPattern("+*.gif*");
guard.addPattern("+*.gi*");
@@ -238,7 +238,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase
public void six()
{
SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
- guard.setAllowAccessToWebInfResources(true);
+ guard.setAllowAccessToRootResources(true);
guard.addPattern("+**/*.gif");
assertTrue(guard.acceptAbsolutePath("test.gif"));