Author: hlship
Date: Sat Mar  7 17:49:09 2009
New Revision: 751300

URL: http://svn.apache.org/viewvc?rev=751300&view=rev
Log:
TAP5-43: Add configuration to turn off @Secure when in development

Modified:
    tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt
    tapestry/tapestry5/trunk/src/site/apt/index.apt
    tapestry/tapestry5/trunk/src/site/apt/upgrade.apt
    
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java
    
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java
    
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
    
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java

Modified: tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt?rev=751300&r1=751299&r2=751300&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt (original)
+++ tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt Sat Mar  7 17:49:09 
2009
@@ -211,6 +211,11 @@
     The time interval that Tapestry will wait for a page instance to become 
available before deciding whether to create
     an entirely new page instance.  The default is "10 ms".
 
+  [tapestry.secure-enabled]
+    If true, then  
{{{../apidocs/org/apache/tapestry5/annotations/secure.ht...@secure}} annotation 
is honored; if
+    false, no security checks or redirects take place. This defaults to 
tapestry.production-mode, meaning that in development
+    mode it will (by default) be disabled.
+
   [tapestry.secure-page]
     If true, then the page may only be accessed via HTTPS.  The 
{{{../apidocs/org/apache/tapestry5/annotations/secure.ht...@secure}}
     annotation will set this value to true.

Modified: tapestry/tapestry5/trunk/src/site/apt/index.apt
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/index.apt?rev=751300&r1=751299&r2=751300&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/src/site/apt/index.apt (original)
+++ tapestry/tapestry5/trunk/src/site/apt/index.apt Sat Mar  7 17:49:09 2009
@@ -34,6 +34,10 @@
 
 New And Of Note
 
+  * An Ajax event requst may now return a
+    
{{{apidocs/org/apache/tapestry5/ajax/MultiZoneUpdate.html}MultiZoneUpdate}} 
instance
+    to update multiple zones in the client web browser.
+
   * Client-side numeric validation is now locale-sensitive.
 
   * Some significant performance improvements over Tapestry 5.0.18: the time 
to initially load a page,

Modified: tapestry/tapestry5/trunk/src/site/apt/upgrade.apt
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/upgrade.apt?rev=751300&r1=751299&r2=751300&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/src/site/apt/upgrade.apt (original)
+++ tapestry/tapestry5/trunk/src/site/apt/upgrade.apt Sat Mar  7 17:49:09 2009
@@ -20,6 +20,10 @@
   {{{https://issues.apache.org/jira/browse/TAP5-211}TAP5-211}}. This will only 
affect users
   who have created their own client-side validations.
 
+  The handling of the
+  {{{apidocs/org/apache/tapestry5/annotations/Secure.html}Secure}} annotation 
is now only enabled
+  in production mode (by default).
+
 Release 5.1.0.0
 
 * Primary Key Encoder

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java?rev=751300&r1=751299&r2=751300&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java
 Sat Mar  7 17:49:09 2009
@@ -145,4 +145,13 @@
      * @since 5.1.0.0
      */
     public static final String GZIP_COMPRESSION_ENABLED = 
"tapestry.gzip-compression-enabled";
+
+    /**
+     * If "true" (which itself defaults to production mode), then the 
{...@link org.apache.tapestry5.annotations.Secure}
+     * annotation will be honored.  If "false" (i.e., development mode), then 
the annotation and related HTTP/HTTPS
+     * logic is ignored.
+     *
+     * @since 5.1.0.1
+     */
+    public static final String SECURE_ENABLED = "tapestry.secure-enabled";
 }

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java?rev=751300&r1=751299&r2=751300&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java
 Sat Mar  7 17:49:09 2009
@@ -16,6 +16,8 @@
 
 import org.apache.tapestry5.Link;
 import org.apache.tapestry5.MetaDataConstants;
+import org.apache.tapestry5.SymbolConstants;
+import org.apache.tapestry5.ioc.annotations.Symbol;
 import org.apache.tapestry5.services.BaseURLSource;
 import org.apache.tapestry5.services.MetaDataLocator;
 import org.apache.tapestry5.services.Request;
@@ -35,18 +37,26 @@
 
     private final BaseURLSource baseURLSource;
 
+    private final boolean securityEnabled;
+
     public RequestSecurityManagerImpl(Request request, Response response, 
LinkSource linkSource,
-                                      MetaDataLocator locator, BaseURLSource 
baseURLSource)
+                                      MetaDataLocator locator, BaseURLSource 
baseURLSource,
+
+                                      @Symbol(SymbolConstants.SECURE_ENABLED)
+                                      boolean securityEnabled)
     {
         this.request = request;
         this.response = response;
         this.linkSource = linkSource;
         this.locator = locator;
         this.baseURLSource = baseURLSource;
+        this.securityEnabled = securityEnabled;
     }
 
     public boolean checkForInsecureRequest(String pageName) throws IOException
     {
+        if (!securityEnabled) return false;
+
         // We don't (at this time) redirect from secure to insecure, just from 
insecure to secure.
 
         if (request.isSecure()) return false;
@@ -69,6 +79,8 @@
 
     public String getBaseURL(String pageName)
     {
+        if (!securityEnabled) return null;
+
         boolean securePage = isSecure(pageName);
 
         if (securePage == request.isSecure()) return null;

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=751300&r1=751299&r2=751300&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
 Sat Mar  7 17:49:09 2009
@@ -1974,7 +1974,8 @@
         configuration.add(SymbolConstants.FILE_CHECK_INTERVAL, "1 s");
         configuration.add(SymbolConstants.FILE_CHECK_UPDATE_TIMEOUT, "50 ms");
 
-        // This should be overridden for particular applications.
+        // This should be overridden for particular applications. These are 
the locales for
+        // which we have (at least some) localized messages.
         configuration.add(SymbolConstants.SUPPORTED_LOCALES,
                           
"en,it,es,zh_CN,pt_PT,de,ru,hr,fi_FI,sv_SE,fr_FR,da,pt_BR,ja,el");
 
@@ -2028,7 +2029,7 @@
         configuration.add(SymbolConstants.CHARSET, "UTF-8");
 
         configuration.add(SymbolConstants.APPLICATION_CATALOG,
-                          "context:WEB-INF/${" + InternalSymbols.APP_NAME + 
"}.properties");
+                          String.format("context:WEB-INF/${%s}.properties", 
InternalSymbols.APP_NAME));
 
         configuration.add(SymbolConstants.EXCEPTION_REPORT_PAGE, 
"ExceptionReport");
 
@@ -2040,6 +2041,8 @@
 
         configuration.add(SymbolConstants.OMIT_GENERATOR_META, "false");
         configuration.add(SymbolConstants.GZIP_COMPRESSION_ENABLED, "true");
+
+        configuration.add(SymbolConstants.SECURE_ENABLED, 
String.format("${%s}", SymbolConstants.PRODUCTION_MODE));
     }
 
 

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java?rev=751300&r1=751299&r2=751300&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java
 Sat Mar  7 17:49:09 2009
@@ -42,7 +42,7 @@
         replay();
 
         RequestSecurityManager manager
-                = new RequestSecurityManagerImpl(request, response, 
linkSource, locator, source);
+                = new RequestSecurityManagerImpl(request, response, 
linkSource, locator, source, true);
 
         assertFalse(manager.checkForInsecureRequest(PAGE_NAME));
 
@@ -65,7 +65,7 @@
         replay();
 
         RequestSecurityManager manager
-                = new RequestSecurityManagerImpl(request, response, 
linkSource, locator, source);
+                = new RequestSecurityManagerImpl(request, response, 
linkSource, locator, source, true);
 
         assertFalse(manager.checkForInsecureRequest(PAGE_NAME));
 
@@ -93,7 +93,7 @@
         replay();
 
         RequestSecurityManager manager
-                = new RequestSecurityManagerImpl(request, response, 
linkSource, locator, source);
+                = new RequestSecurityManagerImpl(request, response, 
linkSource, locator, source, true);
 
         assertTrue(manager.checkForInsecureRequest(PAGE_NAME));
 
@@ -135,7 +135,7 @@
         replay();
 
         RequestSecurityManager manager
-                = new RequestSecurityManagerImpl(request, response, 
linkSource, locator, source);
+                = new RequestSecurityManagerImpl(request, response, 
linkSource, locator, source, true);
 
         assertEquals(manager.getBaseURL(PAGE_NAME), expectedURL);
 


Reply via email to