You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by he...@apache.org on 2004/07/06 19:10:33 UTC

cvs commit: jakarta-turbine-2/extensions/maven-plugin/src/plugin-resources/flavor/common/conf application-web.xml

henning     2004/07/06 10:10:33

  Modified:    extensions/maven-plugin/src/plugin-resources/flavor/common/conf
                        Tag: TURBINE_2_3_BRANCH application-web.xml
  Log:
  Deny web access to the resources, templates and logs directory to avoid
  users setting up a new application with the plugin to inadvertly generate
  a security risk for their application.
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.1.2.3   +24 -1     jakarta-turbine-2/extensions/maven-plugin/src/plugin-resources/flavor/common/conf/Attic/application-web.xml
  
  Index: application-web.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-turbine-2/extensions/maven-plugin/src/plugin-resources/flavor/common/conf/Attic/application-web.xml,v
  retrieving revision 1.1.2.2
  retrieving revision 1.1.2.3
  diff -u -r1.1.2.2 -r1.1.2.3
  --- application-web.xml	27 Jun 2004 16:56:38 -0000	1.1.2.2
  +++ application-web.xml	6 Jul 2004 17:10:33 -0000	1.1.2.3
  @@ -49,6 +49,29 @@
       <servlet-name>@TURBINE_APP_NAME@</servlet-name>
       <url-pattern>/app/*</url-pattern>
     </servlet-mapping>
  +
  +<!-- ======================================================================== -->
  +<!--                                                                          -->
  +<!-- Make sure that templates, resources and logs are not available through   -->
  +<!-- the servlet container. Remove security constraints or add an authen-     -->
  +<!-- tication role if you need access to these paths.                         -->
  +<!--                                                                          -->
  +<!-- ======================================================================== -->
  +
  +  <security-constraint>
  +    <web-resource-collection>
  +      <web-resource-name>templates</web-resource-name>
  +      <url-pattern>/templates/*</url-pattern>
  +    </web-resource-collection>
  +    <web-resource-collection>
  +      <web-resource-name>logs</web-resource-name>
  +      <url-pattern>/logs/*</url-pattern>
  +    </web-resource-collection>
  +    <web-resource-collection>
  +      <web-resource-name>resources</web-resource-name>
  +      <url-pattern>/resources/*</url-pattern>
  +    </web-resource-collection>
  +  </security-constraint>
   </web-app>
   
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org