You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by ro...@apache.org on 2009/12/11 23:40:11 UTC
svn commit: r889842 - in /tapestry/tapestry5/trunk/tapestry-core/src:
main/java/org/apache/tapestry5/services/ test/app1/ test/app1/WEB-INF/
test/java/org/apache/tapestry5/integration/
test/java/org/apache/tapestry5/integration/app1/services/ test/reso...
Author: robertdzeigler
Date: Fri Dec 11 22:39:59 2009
New Revision: 889842
URL: http://svn.apache.org/viewvc?rev=889842&view=rev
Log:
TAP5-815: Asset dispatcher allows any file inside the webapp visible and downloadable.
Improve the regex used for opening the context to allow for all context content as long as it's outside of the WEB-INF.
Improve the integration test to test for a greater variety of situations.
Added:
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css
tapestry/tapestry5/trunk/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/availablefile2.txt
- copied unchanged from r889514, tapestry/tapestry5/trunk/tapestry-core/src/test/app1/availablefile.txt
tapestry/tapestry5/trunk/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/unavailablefile.txt
- copied unchanged from r889514, tapestry/tapestry5/trunk/tapestry-core/src/test/app1/unavailablefile.txt
Removed:
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/unavailablefile.txt
Modified:
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=889842&r1=889841&r2=889842&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java Fri Dec 11 22:39:59 2009
@@ -2931,7 +2931,12 @@
if (contextAvailable)
{
- regex.add(RequestConstants.CONTEXT_FOLDER + appVersion + "/" + pathPattern);
+ //we allow everything underneath the context folder, as long as it's not
+ //at or below WEB-INF.
+ //necessary since context assets are now handled via AssetDispatcher so that
+ //they can be compressed, combined, etc.
+ String contextPathPattern = "/(?!WEB-INF)([^/.]+/)*[^/]+$";
+ regex.add(RequestConstants.CONTEXT_FOLDER + appVersion + contextPathPattern);
}
}
Modified: tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml?rev=889842&r1=889841&r2=889842&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml Fri Dec 11 22:39:59 2009
@@ -1,4 +1,8 @@
<html t:type="Border" xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd">
<a href="${asset:context:availablefile.txt}">Available File</a>
- <a href="${asset:context:unavailablefile.txt}">Unavailable File</a>
-</html>
\ No newline at end of file
+ <a href="${asset:context:WEB-INF/unavailable.css}">Unavailable CSS</a>
+ <a href="${asset:context:WEB-INF}">WEB-INF</a>
+ <a href="${asset:context:WEB-INF/}">WEB-INF/</a>
+ <a href="${asset:classpath:/org/apache/tapestry5/integration/app1/pages/unavailablefile.txt}">Unavailable File</a>
+ <a href="${asset:classpath:/org/apache/tapestry5/integration/app1/pages/availablefile2.txt}">Available File2</a>
+</html>
Added: tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css?rev=889842&view=auto
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css (added)
+++ tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css Fri Dec 11 22:39:59 2009
@@ -0,0 +1,3 @@
+/*the originally contributed regex to open up context assets resulted in
+ * .css, .jpeg, etc. files in WEB-INF being accessible. This css file is just here for
+ * integration testing purposes to make sure that's not the case now.*/
\ No newline at end of file
Modified: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java?rev=889842&r1=889841&r2=889842&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java Fri Dec 11 22:39:59 2009
@@ -3295,12 +3295,29 @@
@Test
public void testAssetProtection()
{
+ //context resourcs should be available by default.
+ start("Asset Protection Demo");
+ clickAndWait("link=Available File");
+ assertTextPresent("This file should be available to clients.");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=Unavailable CSS");
+ assertTextPresent("HTTP ERROR: 404");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=WEB-INF");
+ assertTextPresent("HTTP ERROR: 404");
+
+ start("Asset Protection Demo");
+ clickAndWait("link=WEB-INF/");
+ assertTextPresent("HTTP ERROR: 404");
+
start("Asset Protection Demo");
clickAndWait("link=Unavailable File");
- assertTextPresent("404");
+ assertTextPresent("HTTP ERROR: 404");
start("Asset Protection Demo");
- clickAndWait("link=Available File");
+ clickAndWait("link=Available File2");
assertTextPresent("This file should be available to clients.");
}
}
Modified: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=889842&r1=889841&r2=889842&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java Fri Dec 11 22:39:59 2009
@@ -259,10 +259,8 @@
configuration.add("ReverseStringsWorker", new ReverseStringsWorker());
}
- public static void contributeWhitelistAuthorizer(
- Configuration<String> configuration,
- @Symbol(SymbolConstants.APPLICATION_VERSION) String appVersion)
+ public static void contributeWhitelistAuthorizer(Configuration<String> configuration)
{
- configuration.add("ctx/" + appVersion + "/availablefile.txt");
+ configuration.add("org/apache/tapestry5/integration/app1/pages/availablefile2.txt");
}
}