You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by he...@apache.org on 2004/07/06 19:10:33 UTC
cvs commit: jakarta-turbine-2/extensions/maven-plugin/src/plugin-resources/flavor/common/conf application-web.xml
henning 2004/07/06 10:10:33
Modified: extensions/maven-plugin/src/plugin-resources/flavor/common/conf
Tag: TURBINE_2_3_BRANCH application-web.xml
Log:
Deny web access to the resources, templates and logs directory to avoid
users setting up a new application with the plugin to inadvertly generate
a security risk for their application.
Revision Changes Path
No revision
No revision
1.1.2.3 +24 -1 jakarta-turbine-2/extensions/maven-plugin/src/plugin-resources/flavor/common/conf/Attic/application-web.xml
Index: application-web.xml
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/extensions/maven-plugin/src/plugin-resources/flavor/common/conf/Attic/application-web.xml,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- application-web.xml 27 Jun 2004 16:56:38 -0000 1.1.2.2
+++ application-web.xml 6 Jul 2004 17:10:33 -0000 1.1.2.3
@@ -49,6 +49,29 @@
<servlet-name>@TURBINE_APP_NAME@</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
+
+<!-- ======================================================================== -->
+<!-- -->
+<!-- Make sure that templates, resources and logs are not available through -->
+<!-- the servlet container. Remove security constraints or add an authen- -->
+<!-- tication role if you need access to these paths. -->
+<!-- -->
+<!-- ======================================================================== -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>templates</web-resource-name>
+ <url-pattern>/templates/*</url-pattern>
+ </web-resource-collection>
+ <web-resource-collection>
+ <web-resource-name>logs</web-resource-name>
+ <url-pattern>/logs/*</url-pattern>
+ </web-resource-collection>
+ <web-resource-collection>
+ <web-resource-name>resources</web-resource-name>
+ <url-pattern>/resources/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
</web-app>
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org