You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Martin Grigorov (Commented) (JIRA)" <ji...@apache.org> on 2012/03/23 16:43:27 UTC
[jira] [Commented] (WICKET-4467) SecurePackageResourceGuard blocks
static packages ending on #
[ https://issues.apache.org/jira/browse/WICKET-4467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13236690#comment-13236690 ]
Martin Grigorov commented on WICKET-4467:
-----------------------------------------
Are you sure that this really comes from Wicket ?
I'm not aware of any place were Wicket puts # in the produced urls.
Can you reproduce it in a quickstart ?
> SecurePackageResourceGuard blocks static packages ending on #
> -------------------------------------------------------------
>
> Key: WICKET-4467
> URL: https://issues.apache.org/jira/browse/WICKET-4467
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.5
> Reporter: Arne Baganz
>
> Since Wicket 1.5.5, the default SecurePackageResourceGuard blocks static packages ending on #, for instance I got this stack trace:
> org.apache.wicket.request.resource.PackageResource$PackageResourceBlockedException: Access denied to (static) package resource com/pany/panels/#. See IPackageResourceGuard
> at org.apache.wicket.request.resource.PackageResource.internalGetResourceStream(PackageResource.java:418)
> at org.apache.wicket.request.resource.PackageResource.getCacheableResourceStream(PackageResource.java:338)
> at org.apache.wicket.request.resource.PackageResource.getCacheKey(PackageResource.java:170)
> at org.apache.wicket.request.resource.caching.version.CachingResourceVersion.getVersion(CachingResourceVersion.java:99)
> at org.apache.wicket.request.resource.caching.FilenameWithVersionResourceCachingStrategy.decorateUrl(FilenameWithVersionResourceCachingStrategy.java:96)
> at org.apache.wicket.request.mapper.BasicResourceReferenceMapper.mapHandler(BasicResourceReferenceMapper.java:219)
> at org.apache.wicket.request.mapper.ParentPathReferenceRewriter.mapHandler(ParentPathReferenceRewriter.java:89)
> at org.apache.wicket.request.mapper.CompoundRequestMapper.mapHandler(CompoundRequestMapper.java:157)
> at org.apache.wicket.protocol.https.HttpsMapper.mapHandler(HttpsMapper.java:125)
> at org.apache.wicket.request.cycle.RequestCycle.mapUrlFor(RequestCycle.java:404)
> at org.apache.wicket.request.cycle.RequestCycle.urlFor(RequestCycle.java:456)
> at org.apache.wicket.markup.html.image.resource.LocalizedImageResource.setSrcAttribute(LocalizedImageResource.java:331)
> at org.apache.wicket.markup.html.image.Image.onComponentTag(Image.java:242)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2510)
> at org.apache.wicket.markup.html.WebComponent.onRender(WebComponent.java:56)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1571)
> at org.apache.wicket.MarkupContainer.onComponentTagBody(MarkupContainer.java:1526)
> at org.apache.wicket.markup.html.link.AbstractLink.onComponentTagBody(AbstractLink.java:181)
> at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:73)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2539)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1535)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1571)
> at org.apache.wicket.MarkupContainer.onComponentTagBody(MarkupContainer.java:1526)
> at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:73)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2539)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1535)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.markup.repeater.AbstractRepeater.renderChild(AbstractRepeater.java:111)
> at org.apache.wicket.markup.repeater.AbstractRepeater.onRender(AbstractRepeater.java:97)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1571)
> at org.apache.wicket.MarkupContainer.onComponentTagBody(MarkupContainer.java:1526)
> at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:73)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2539)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1535)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.markup.repeater.AbstractRepeater.renderChild(AbstractRepeater.java:111)
> at org.apache.wicket.markup.repeater.AbstractRepeater.onRender(AbstractRepeater.java:97)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1571)
> at org.apache.wicket.MarkupContainer.renderAssociatedMarkup(MarkupContainer.java:693)
> at org.apache.wicket.markup.html.panel.AssociatedMarkupSourcingStrategy.renderAssociatedMarkup(AssociatedMarkupSourcingStrategy.java:78)
> at org.apache.wicket.markup.html.panel.PanelMarkupSourcingStrategy.onComponentTagBody(PanelMarkupSourcingStrategy.java:113)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2539)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1535)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1571)
> at org.apache.wicket.MarkupContainer.renderAssociatedMarkup(MarkupContainer.java:693)
> at org.apache.wicket.markup.html.panel.AssociatedMarkupSourcingStrategy.renderAssociatedMarkup(AssociatedMarkupSourcingStrategy.java:78)
> at org.apache.wicket.markup.html.panel.PanelMarkupSourcingStrategy.onComponentTagBody(PanelMarkupSourcingStrategy.java:113)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2539)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1535)
> at com.pany.panels.AdvancedAttributePanel.onRender(AdvancedAttributePanel.java:113)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1571)
> at org.apache.wicket.MarkupContainer.onComponentTagBody(MarkupContainer.java:1526)
> at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:73)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2539)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1535)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1571)
> at org.apache.wicket.MarkupContainer.onComponentTagBody(MarkupContainer.java:1526)
> at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:73)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2539)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1535)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.MarkupContainer.renderComponentTagBody(MarkupContainer.java:1571)
> at org.apache.wicket.MarkupContainer.onComponentTagBody(MarkupContainer.java:1526)
> at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:73)
> at org.apache.wicket.Component.internalRenderComponent(Component.java:2539)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1535)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1432)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1596)
> at org.apache.wicket.Page.onRender(Page.java:913)
> at org.apache.wicket.markup.html.WebPage.onRender(WebPage.java:141)
> at org.apache.wicket.Component.internalRender(Component.java:2369)
> at org.apache.wicket.Component.render(Component.java:2297)
> at org.apache.wicket.Page.renderPage(Page.java:1043)
> at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:107)
> at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:182)
> at org.apache.wicket.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:168)
> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:781)
> at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:255)
> at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:213)
> at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:283)
> at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:185)
> at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:242)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1336)
> at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:78)
> at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:145)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1336)
> at com.pany.core.util.PrefetchFilter.doFilter(PrefetchFilter.java:40)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1336)
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:483)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:233)
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1065)
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:412)
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192)
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:999)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:251)
> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
> at org.eclipse.jetty.server.Server.handle(Server.java:351)
> at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:454)
> at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:890)
> at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:945)
> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:634)
> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:230)
> at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
> at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
> at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:600)
> at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:534)
> at java.lang.Thread.run(Thread.java:662)
> The issue is gone when I add the pattern "+*#" to the SecurePackageResourceGuard in my ApplicationĀ“s init method. I think the default SecurePackageResourceGuard should take care of that automatically, because the static package comes from Wicket itself.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira