You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by sv...@apache.org on 2013/03/12 15:16:47 UTC

git commit: WICKET-5094 enforce mount for mounted pages only

Updated Branches:
  refs/heads/master 3bf98ca71 -> 74e776763


WICKET-5094 enforce mount for mounted pages only

Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/74e77676
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/74e77676
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/74e77676

Branch: refs/heads/master
Commit: 74e7767635b5f1f20c61c07be34c4141e1da2571
Parents: 3bf98ca
Author: svenmeier <sv...@apache.org>
Authored: Tue Mar 12 15:16:16 2013 +0100
Committer: svenmeier <sv...@apache.org>
Committed: Tue Mar 12 15:16:16 2013 +0100

----------------------------------------------------------------------
 .../core/request/mapper/BookmarkableMapper.java    |   39 ++++++++++-----
 .../wicket/settings/ISecuritySettingsTest.java     |    8 +++
 2 files changed, 34 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/74e77676/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java b/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
index f8c7ffe..b1418bf 100644
--- a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
@@ -17,6 +17,8 @@
 package org.apache.wicket.core.request.mapper;
 
 import org.apache.wicket.Application;
+import org.apache.wicket.core.request.handler.PageProvider;
+import org.apache.wicket.core.request.handler.RenderPageRequestHandler;
 import org.apache.wicket.request.Request;
 import org.apache.wicket.request.Url;
 import org.apache.wicket.request.component.IRequestablePage;
@@ -28,21 +30,21 @@ import org.apache.wicket.util.lang.Args;
 
 /**
  * Decodes and encodes the following URLs:
- *
+ * 
  * <pre>
  *  Page Class - Render (BookmarkablePageRequestHandler)
  *  /wicket/bookmarkable/org.apache.wicket.MyPage
  *  (will redirect to hybrid alternative if page is not stateless)
- *
+ * 
  *  Page Instance - Render Hybrid (RenderPageRequestHandler for pages that were created using bookmarkable URLs)
  *  /wicket/bookmarkable/org.apache.wicket.MyPage?2
- *
+ * 
  *  Page Instance - Bookmarkable Listener (BookmarkableListenerInterfaceRequestHandler)
  *  /wicket/bookmarkable/org.apache.wicket.MyPage?2-click-foo-bar-baz
  *  /wicket/bookmarkable/org.apache.wicket.MyPage?2-click.1-foo-bar-baz (1 is behavior index)
  *  (these will redirect to hybrid if page is not stateless)
  * </pre>
- *
+ * 
  * @author Matej Knopp
  */
 public class BookmarkableMapper extends AbstractBookmarkableMapper
@@ -51,7 +53,7 @@ public class BookmarkableMapper extends AbstractBookmarkableMapper
 
 	/**
 	 * Construct.
-	 *
+	 * 
 	 * @param pageParametersEncoder
 	 */
 	public BookmarkableMapper(IPageParametersEncoder pageParametersEncoder)
@@ -91,14 +93,6 @@ public class BookmarkableMapper extends AbstractBookmarkableMapper
 	@Override
 	protected UrlInfo parseRequest(Request request)
 	{
-		if (Application.exists())
-		{
-			if (Application.get().getSecuritySettings().getEnforceMounts())
-			{
-				return null;
-			}
-		}
-
 		Url url = request.getUrl();
 		if (matches(url))
 		{
@@ -111,6 +105,25 @@ public class BookmarkableMapper extends AbstractBookmarkableMapper
 
 			if (pageClass != null && IRequestablePage.class.isAssignableFrom(pageClass))
 			{
+				if (Application.exists())
+				{
+					Application application = Application.get();
+
+					if (application.getSecuritySettings().getEnforceMounts())
+					{
+						// we make an excepion if the homepage itself was mounted, see WICKET-1898
+						if (!pageClass.equals(application.getHomePage()))
+						{
+							// WICKET-5094 only enforce mount if page is mounted
+							Url reverseUrl = application.getRootRequestMapper().mapHandler(
+								new RenderPageRequestHandler(new PageProvider(pageClass)));
+							if (!matches(reverseUrl))
+							{
+								return null;
+							}
+						}
+					}
+				}
 
 				// extract the PageParameters from URL if there are any
 				PageParameters pageParameters = extractPageParameters(request, 3,

http://git-wip-us.apache.org/repos/asf/wicket/blob/74e77676/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java b/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
index ddcde75..7822531 100644
--- a/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
+++ b/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
@@ -58,6 +58,14 @@ public class ISecuritySettingsTest extends WicketTestCase
 		tester.assertRenderedPage(UnknownPage.class);
 
 		tester.getApplication().getSecuritySettings().setEnforceMounts(true);
+
+		tester.startPage(pageWithLink);
+		tester.assertRenderedPage(MockPageWithLink.class);
+		tester.clickLink(MockPageWithLink.LINK_ID);
+		tester.assertRenderedPage(UnknownPage.class);
+
+		tester.getApplication().mountPackage("unknown", UnknownPage.class);
+
 		tester.startPage(pageWithLink);
 		tester.assertRenderedPage(MockPageWithLink.class);
 		tester.clickLink(MockPageWithLink.LINK_ID);