reso...

robertdzeigler Fri, 11 Dec 2009 14:40:49 -0800

Author: robertdzeigler
Date: Fri Dec 11 22:39:59 2009
New Revision: 889842

URL: http://svn.apache.org/viewvc?rev=889842&view=rev
Log:
TAP5-815: Asset dispatcher allows any file inside the webapp visible and 
downloadable.
Improve the regex used for opening the context to allow for all context content 
as long as it's outside of the WEB-INF.
Improve the integration test to test for a greater variety of situations.


Added:
    tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css
    
tapestry/tapestry5/trunk/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/availablefile2.txt
      - copied unchanged from r889514, 
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/availablefile.txt
    
tapestry/tapestry5/trunk/tapestry-core/src/test/resources/org/apache/tapestry5/integration/app1/pages/unavailablefile.txt
      - copied unchanged from r889514, 
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/unavailablefile.txt
Removed:
    tapestry/tapestry5/trunk/tapestry-core/src/test/app1/unavailablefile.txt
Modified:
    
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
    tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml
    
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
    
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=889842&r1=889841&r2=889842&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
 Fri Dec 11 22:39:59 2009
@@ -2931,7 +2931,12 @@
 
         if (contextAvailable)
         {
-            regex.add(RequestConstants.CONTEXT_FOLDER + appVersion + "/" + 
pathPattern);
+            //we allow everything underneath the context folder, as long as 
it's not
+            //at or below WEB-INF.
+            //necessary since context assets are now handled via 
AssetDispatcher so that
+            //they can be compressed, combined, etc.
+            String contextPathPattern = "/(?!WEB-INF)([^/.]+/)*[^/]+$";
+            regex.add(RequestConstants.CONTEXT_FOLDER + appVersion + 
contextPathPattern);
         }
     }
 

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml?rev=889842&r1=889841&r2=889842&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml 
(original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/AssetProtectionDemo.tml 
Fri Dec 11 22:39:59 2009
@@ -1,4 +1,8 @@
 <html t:type="Border" 
xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd";>
     <a href="${asset:context:availablefile.txt}">Available File</a>
-    <a href="${asset:context:unavailablefile.txt}">Unavailable File</a>
-</html>
\ No newline at end of file
+    <a href="${asset:context:WEB-INF/unavailable.css}">Unavailable CSS</a>
+    <a href="${asset:context:WEB-INF}">WEB-INF</a>
+    <a href="${asset:context:WEB-INF/}">WEB-INF/</a>
+    <a 
href="${asset:classpath:/org/apache/tapestry5/integration/app1/pages/unavailablefile.txt}">Unavailable
 File</a>
+    <a 
href="${asset:classpath:/org/apache/tapestry5/integration/app1/pages/availablefile2.txt}">Available
 File2</a>
+</html>

Added: 
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css?rev=889842&view=auto
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css 
(added)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/test/app1/WEB-INF/unavailable.css 
Fri Dec 11 22:39:59 2009
@@ -0,0 +1,3 @@
+/*the originally contributed regex to open up context assets resulted in
+ * .css, .jpeg, etc. files in WEB-INF being accessible. This css file is just 
here for 
+ * integration testing purposes to make sure that's not the case now.*/
\ No newline at end of file

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java?rev=889842&r1=889841&r2=889842&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/IntegrationTests.java
 Fri Dec 11 22:39:59 2009
@@ -3295,12 +3295,29 @@
     @Test
     public void testAssetProtection()
     {
+        //context resourcs should be available by default.
+        start("Asset Protection Demo");
+        clickAndWait("link=Available File");
+        assertTextPresent("This file should be available to clients.");
+
+        start("Asset Protection Demo");
+        clickAndWait("link=Unavailable CSS");
+        assertTextPresent("HTTP ERROR: 404");
+
+        start("Asset Protection Demo");
+        clickAndWait("link=WEB-INF");
+        assertTextPresent("HTTP ERROR: 404");
+
+        start("Asset Protection Demo");
+        clickAndWait("link=WEB-INF/");
+        assertTextPresent("HTTP ERROR: 404");
+
         start("Asset Protection Demo");
         clickAndWait("link=Unavailable File");
-        assertTextPresent("404");
+        assertTextPresent("HTTP ERROR: 404");
 
         start("Asset Protection Demo");
-        clickAndWait("link=Available File");
+        clickAndWait("link=Available File2");
         assertTextPresent("This file should be available to clients.");
     }
 }

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=889842&r1=889841&r2=889842&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
 Fri Dec 11 22:39:59 2009
@@ -259,10 +259,8 @@
         configuration.add("ReverseStringsWorker", new ReverseStringsWorker());
     }
 
-    public static void contributeWhitelistAuthorizer(
-            Configuration<String> configuration,
-            @Symbol(SymbolConstants.APPLICATION_VERSION) String appVersion) 
+    public static void contributeWhitelistAuthorizer(Configuration<String> 
configuration)
     {
-        configuration.add("ctx/" + appVersion + "/availablefile.txt");
+        
configuration.add("org/apache/tapestry5/integration/app1/pages/availablefile2.txt");
     }
 }

svn commit: r889842 - in /tapestry/tapestry5/trunk/tapestry-core/src: main/java/org/apache/tapestry5/services/ test/app1/ test/app1/WEB-INF/ test/java/org/apache/tapestry5/integration/ test/java/org/apache/tapestry5/integration/app1/services/ test/reso...

Reply via email to