Author: hlship Date: Sat Mar 7 17:49:09 2009 New Revision: 751300 URL: http://svn.apache.org/viewvc?rev=751300&view=rev Log: TAP5-43: Add configuration to turn off @Secure when in development
Modified: tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt tapestry/tapestry5/trunk/src/site/apt/index.apt tapestry/tapestry5/trunk/src/site/apt/upgrade.apt tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java Modified: tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt?rev=751300&r1=751299&r2=751300&view=diff ============================================================================== --- tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt (original) +++ tapestry/tapestry5/trunk/src/site/apt/guide/conf.apt Sat Mar 7 17:49:09 2009 @@ -211,6 +211,11 @@ The time interval that Tapestry will wait for a page instance to become available before deciding whether to create an entirely new page instance. The default is "10 ms". + [tapestry.secure-enabled] + If true, then {{{../apidocs/org/apache/tapestry5/annotations/secure.ht...@secure}} annotation is honored; if + false, no security checks or redirects take place. This defaults to tapestry.production-mode, meaning that in development + mode it will (by default) be disabled. + [tapestry.secure-page] If true, then the page may only be accessed via HTTPS. The {{{../apidocs/org/apache/tapestry5/annotations/secure.ht...@secure}} annotation will set this value to true. Modified: tapestry/tapestry5/trunk/src/site/apt/index.apt URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/index.apt?rev=751300&r1=751299&r2=751300&view=diff ============================================================================== --- tapestry/tapestry5/trunk/src/site/apt/index.apt (original) +++ tapestry/tapestry5/trunk/src/site/apt/index.apt Sat Mar 7 17:49:09 2009 @@ -34,6 +34,10 @@ New And Of Note + * An Ajax event requst may now return a + {{{apidocs/org/apache/tapestry5/ajax/MultiZoneUpdate.html}MultiZoneUpdate}} instance + to update multiple zones in the client web browser. + * Client-side numeric validation is now locale-sensitive. * Some significant performance improvements over Tapestry 5.0.18: the time to initially load a page, Modified: tapestry/tapestry5/trunk/src/site/apt/upgrade.apt URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/upgrade.apt?rev=751300&r1=751299&r2=751300&view=diff ============================================================================== --- tapestry/tapestry5/trunk/src/site/apt/upgrade.apt (original) +++ tapestry/tapestry5/trunk/src/site/apt/upgrade.apt Sat Mar 7 17:49:09 2009 @@ -20,6 +20,10 @@ {{{https://issues.apache.org/jira/browse/TAP5-211}TAP5-211}}. This will only affect users who have created their own client-side validations. + The handling of the + {{{apidocs/org/apache/tapestry5/annotations/Secure.html}Secure}} annotation is now only enabled + in production mode (by default). + Release 5.1.0.0 * Primary Key Encoder Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java?rev=751300&r1=751299&r2=751300&view=diff ============================================================================== --- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java (original) +++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/SymbolConstants.java Sat Mar 7 17:49:09 2009 @@ -145,4 +145,13 @@ * @since 5.1.0.0 */ public static final String GZIP_COMPRESSION_ENABLED = "tapestry.gzip-compression-enabled"; + + /** + * If "true" (which itself defaults to production mode), then the {...@link org.apache.tapestry5.annotations.Secure} + * annotation will be honored. If "false" (i.e., development mode), then the annotation and related HTTP/HTTPS + * logic is ignored. + * + * @since 5.1.0.1 + */ + public static final String SECURE_ENABLED = "tapestry.secure-enabled"; } Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java?rev=751300&r1=751299&r2=751300&view=diff ============================================================================== --- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java (original) +++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImpl.java Sat Mar 7 17:49:09 2009 @@ -16,6 +16,8 @@ import org.apache.tapestry5.Link; import org.apache.tapestry5.MetaDataConstants; +import org.apache.tapestry5.SymbolConstants; +import org.apache.tapestry5.ioc.annotations.Symbol; import org.apache.tapestry5.services.BaseURLSource; import org.apache.tapestry5.services.MetaDataLocator; import org.apache.tapestry5.services.Request; @@ -35,18 +37,26 @@ private final BaseURLSource baseURLSource; + private final boolean securityEnabled; + public RequestSecurityManagerImpl(Request request, Response response, LinkSource linkSource, - MetaDataLocator locator, BaseURLSource baseURLSource) + MetaDataLocator locator, BaseURLSource baseURLSource, + + @Symbol(SymbolConstants.SECURE_ENABLED) + boolean securityEnabled) { this.request = request; this.response = response; this.linkSource = linkSource; this.locator = locator; this.baseURLSource = baseURLSource; + this.securityEnabled = securityEnabled; } public boolean checkForInsecureRequest(String pageName) throws IOException { + if (!securityEnabled) return false; + // We don't (at this time) redirect from secure to insecure, just from insecure to secure. if (request.isSecure()) return false; @@ -69,6 +79,8 @@ public String getBaseURL(String pageName) { + if (!securityEnabled) return null; + boolean securePage = isSecure(pageName); if (securePage == request.isSecure()) return null; Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=751300&r1=751299&r2=751300&view=diff ============================================================================== --- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java (original) +++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java Sat Mar 7 17:49:09 2009 @@ -1974,7 +1974,8 @@ configuration.add(SymbolConstants.FILE_CHECK_INTERVAL, "1 s"); configuration.add(SymbolConstants.FILE_CHECK_UPDATE_TIMEOUT, "50 ms"); - // This should be overridden for particular applications. + // This should be overridden for particular applications. These are the locales for + // which we have (at least some) localized messages. configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en,it,es,zh_CN,pt_PT,de,ru,hr,fi_FI,sv_SE,fr_FR,da,pt_BR,ja,el"); @@ -2028,7 +2029,7 @@ configuration.add(SymbolConstants.CHARSET, "UTF-8"); configuration.add(SymbolConstants.APPLICATION_CATALOG, - "context:WEB-INF/${" + InternalSymbols.APP_NAME + "}.properties"); + String.format("context:WEB-INF/${%s}.properties", InternalSymbols.APP_NAME)); configuration.add(SymbolConstants.EXCEPTION_REPORT_PAGE, "ExceptionReport"); @@ -2040,6 +2041,8 @@ configuration.add(SymbolConstants.OMIT_GENERATOR_META, "false"); configuration.add(SymbolConstants.GZIP_COMPRESSION_ENABLED, "true"); + + configuration.add(SymbolConstants.SECURE_ENABLED, String.format("${%s}", SymbolConstants.PRODUCTION_MODE)); } Modified: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java?rev=751300&r1=751299&r2=751300&view=diff ============================================================================== --- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java (original) +++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RequestSecurityManagerImplTest.java Sat Mar 7 17:49:09 2009 @@ -42,7 +42,7 @@ replay(); RequestSecurityManager manager - = new RequestSecurityManagerImpl(request, response, linkSource, locator, source); + = new RequestSecurityManagerImpl(request, response, linkSource, locator, source, true); assertFalse(manager.checkForInsecureRequest(PAGE_NAME)); @@ -65,7 +65,7 @@ replay(); RequestSecurityManager manager - = new RequestSecurityManagerImpl(request, response, linkSource, locator, source); + = new RequestSecurityManagerImpl(request, response, linkSource, locator, source, true); assertFalse(manager.checkForInsecureRequest(PAGE_NAME)); @@ -93,7 +93,7 @@ replay(); RequestSecurityManager manager - = new RequestSecurityManagerImpl(request, response, linkSource, locator, source); + = new RequestSecurityManagerImpl(request, response, linkSource, locator, source, true); assertTrue(manager.checkForInsecureRequest(PAGE_NAME)); @@ -135,7 +135,7 @@ replay(); RequestSecurityManager manager - = new RequestSecurityManagerImpl(request, response, linkSource, locator, source); + = new RequestSecurityManagerImpl(request, response, linkSource, locator, source, true); assertEquals(manager.getBaseURL(PAGE_NAME), expectedURL);