You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by ro...@apache.org on 2009/12/14 13:03:56 UTC
svn commit: r890285 - in
/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src:
main/java/org/apache/tapestry5/services/ test/app1/ test/app1/META-INF/
test/java/org/apache/tapestry5/integration/
test/java/org/apache/tapestry5/integration/app1/ser...
Author: robertdzeigler
Date: Mon Dec 14 12:03:55 2009
New Revision: 890285
URL: http://svn.apache.org/viewvc?rev=890285&view=rev
Log:
TAP5-815: Asset dispatcher allows any file inside the webapp visible and downloadable.
Port context asset regex changes from trunk to 5.1 branch.
Added:
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/META-INF/
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/META-INF/unavailable2.txt
Modified:
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=890285&r1=890284&r2=890285&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java (original)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java Mon Dec 14 12:03:55 2009
@@ -2462,7 +2462,7 @@
//at or below WEB-INF.
//necessary since context assets are now handled via AssetDispatcher so that
//they can be compressed, combined, etc.
- String contextPathPattern = "/(?!WEB-INF)([^/.]+/)*[^/]+$";
+ String contextPathPattern = "/(?!(WEB-INF)|(META-INF))([^/.]+/)*[^/]+(?<!\\.tml)$";
regex.add(RequestConstants.CONTEXT_FOLDER + appVersion + contextPathPattern);
}
Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml?rev=890285&r1=890284&r2=890285&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml (original)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/AssetProtectionDemo.tml Mon Dec 14 12:03:55 2009
@@ -5,4 +5,9 @@
<a href="${asset:context:WEB-INF/}">WEB-INF/</a>
<a href="${asset:classpath:/org/apache/tapestry5/integration/app1/pages/unavailablefile.txt}">Unavailable File</a>
<a href="${asset:classpath:/org/apache/tapestry5/integration/app1/pages/availablefile2.txt}">Available File2</a>
-</html>
\ No newline at end of file
+ <a href="${asset:context:META-INF}">META-INF</a>
+ <a href="${asset:context:META-INF/}">META-INF/</a>
+ <a href="${asset:context:META-INF/unavailable2.txt}">unavailable2.txt</a>
+ <a href="${asset:context:AssetProtectionDemo.tml}">tml file</a>
+ <a href="${asset:context:music/MusicDetails.tml}">nested tml file</a>
+</html>
Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/META-INF/unavailable2.txt
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/META-INF/unavailable2.txt?rev=890285&view=auto
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/META-INF/unavailable2.txt (added)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/app1/META-INF/unavailable2.txt Mon Dec 14 12:03:55 2009
@@ -0,0 +1 @@
+This file is in META-INF so it should not be available.
Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java?rev=890285&r1=890284&r2=890285&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java (original)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java Mon Dec 14 12:03:55 2009
@@ -3032,7 +3032,7 @@
/** TAP5-815 */
@Test
- public void testAssetProtection() throws InterruptedException
+ public void asset_protection()
{
//context resourcs should be available by default.
@@ -3059,6 +3059,28 @@
start("Asset Protection Demo");
clickAndWait("link=Available File2");
assertTextPresent("This file should be available to clients.");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=META-INF");
+ assertTextPresent("HTTP ERROR: 404");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=META-INF/");
+ assertTextPresent("HTTP ERROR: 404");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=unavailable2.txt");
+ assertTextPresent("HTTP ERROR: 404");
+
+ //tml files...
+ start("Asset Protection Demo");
+ clickAndWait("link=tml file");
+ assertTextPresent("HTTP ERROR: 404");
+
+ //nested tml files...
+ start("Asset Protection Demo");
+ clickAndWait("link=nested tml file");
+ assertTextPresent("HTTP ERROR: 404");
}
-}
\ No newline at end of file
+}
Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=890285&r1=890284&r2=890285&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java (original)
+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java Mon Dec 14 12:03:55 2009
@@ -258,8 +258,7 @@
configuration.add("ReverseStringsWorker", new ReverseStringsWorker());
}
- public static void contributeWhitelistAuthorizer(
- Configuration<String> configuration)
+ public static void contributeWhitelistAuthorizer(Configuration<String> configuration)
{
configuration.add("org/apache/tapestry5/integration/app1/pages/availablefile2.txt");
}