[jira] [Updated] (WICKET-5678) SecurePackageResourceGuard blocking static page

Tue, 19 Aug 2014 06:54:12 -0700 

     [ 
https://issues.apache.org/jira/browse/WICKET-5678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mennat Mokhtar updated WICKET-5678:
-----------------------------------

    Description: 
IPackageResourceGuard packageResourceGuard = 
application.getResourceSettings().getPackageResourceGuard();
                if( packageResourceGuard instanceof SecurePackageResourceGuard 
){
                        SecurePackageResourceGuard securePackageResourceGuard = 
(SecurePackageResourceGuard) packageResourceGuard;
                        securePackageResourceGuard.addPattern( 
"+com/seanergie/wicket/markup/html/form/ckeditor/" );
                        boolean accept = securePackageResourceGuard.accept( 
null, "com/seanergie/wicket/markup/html/form/ckeditor/" );
                }

/********************************************************************************************/

The above code results in accept being false.
After tracing the problem seems to be in the loop matching the pattern line 190 
in SecurePackageResourceGuard.
The same code is returning true when running under tomcat 7 and returning false 
when running under tomcat 8.

  was:
IPackageResourceGuard packageResourceGuard = 
application.getResourceSettings().getPackageResourceGuard();
                if( packageResourceGuard instanceof SecurePackageResourceGuard 
){
                        SecurePackageResourceGuard securePackageResourceGuard = 
(SecurePackageResourceGuard) packageResourceGuard;
                        securePackageResourceGuard.addPattern( 
"+com/seanergie/wicket/markup/html/form/ckeditor/" );
                        boolean accept = securePackageResourceGuard.accept( 
null, "com/seanergie/wicket/markup/html/form/ckeditor/" );
                }

/********************************************************************************************/

The above code results in accept being false.
After tracing the problem seems to be in the loop matching the pattern line 190.
The same code is returning true when running under tomcat 7 and returning false 
when running under tomcat 8.


> SecurePackageResourceGuard blocking static page 
> ------------------------------------------------
>
>                 Key: WICKET-5678
>                 URL: https://issues.apache.org/jira/browse/WICKET-5678
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 6.16.0
>         Environment: Fedora20 Tomcat 8
>            Reporter: Mennat Mokhtar
>              Labels: easyfix
>
> IPackageResourceGuard packageResourceGuard = 
> application.getResourceSettings().getPackageResourceGuard();
>               if( packageResourceGuard instanceof SecurePackageResourceGuard 
> ){
>                       SecurePackageResourceGuard securePackageResourceGuard = 
> (SecurePackageResourceGuard) packageResourceGuard;
>                       securePackageResourceGuard.addPattern( 
> "+com/seanergie/wicket/markup/html/form/ckeditor/" );
>                       boolean accept = securePackageResourceGuard.accept( 
> null, "com/seanergie/wicket/markup/html/form/ckeditor/" );
>               }
> /********************************************************************************************/
> The above code results in accept being false.
> After tracing the problem seems to be in the loop matching the pattern line 
> 190 in SecurePackageResourceGuard.
> The same code is returning true when running under tomcat 7 and returning 
> false when running under tomcat 8.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to