You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tapestry.apache.org by "Thiago H. de Paula Figueiredo (JIRA)" <ji...@apache.org> on 2018/11/23 19:00:00 UTC

[jira] [Resolved] (TAP5-2601) Add configurable service to block access to classpath assets

     [ https://issues.apache.org/jira/browse/TAP5-2601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thiago H. de Paula Figueiredo resolved TAP5-2601.
-------------------------------------------------
    Resolution: Implemented

A new service, `ClasspathAssetProtectionRule`, which receives contributions of `ClasspathAssetProtectionRule`
instances, was created to you can easily add rules to block requests to classpath assets according to your 
security needs.

Three rules are added out-of-the-box and may be overriden:
* `ClassFile`: blocks access to assets with `.class` endings (case insensitive).
* `PropertiesFile`: blocks access to assets with `.properties` endings (case insensitive).
* `XMLFile`: blocks access to assets with `.xml` endings (case insensitive).

> Add configurable service to block access to classpath assets
> ------------------------------------------------------------
>
>                 Key: TAP5-2601
>                 URL: https://issues.apache.org/jira/browse/TAP5-2601
>             Project: Tapestry 5
>          Issue Type: Improvement
>          Components: tapestry-core
>    Affects Versions: 5.5.0, 5.4.3
>            Reporter: Thiago H. de Paula Figueiredo
>            Assignee: Thiago H. de Paula Figueiredo
>            Priority: Major
>              Labels: features
>
> There's no built-in way in Tapestry of blocking access to classpath assets, so we should create a new service we can contribute blocking rules.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)