Thanks for the PackageResourceGuard tip. I'll check it out. I'd realized I'd misunderstood the setMountEnforce() as I was looking through the unit tests. Still it seems like it should be used to make sure someone can't dive directly to a page if I don't intend them to navigate there. (Though I suppose not having bookmarkable constructors would serve the same purpose)
-Clint On Tue, Jun 28, 2011 at 2:42 PM, Martin Grigorov <[email protected]>wrote: > This is not the same. > > IPackageResourceGuard is to protect PackageResource. > > setMountEnforce() is to "hide" accessing pages by their full name thru > bookmarkable constructor (default or PageParameters). > > On Tue, Jun 28, 2011 at 10:24 PM, Peter Ertl <[email protected]> wrote: > > #setEnforceMounts() should not be necessary in you case. > > > > To protect the content of packages we have > > > > > http://wicket.apache.org/apidocs/1.4/org/apache/wicket/markup/html/IPackageResourceGuard.html > > > > the default wicket 1.5 uses > > > > > http://wicket.apache.org/apidocs/1.4/org/apache/wicket/markup/html/PackageResourceGuard.html > > > > You can easily customize / configure your own if the default does not > work out and set it with: > > > > ResourceSettings#setPackageResourceGuard( guard ) > > > > Am 28.06.2011 um 20:54 schrieb Clint Checketts: > > > >> We want to guarantee that java packages are never exposed to the user, > in > >> case a developer forgot to mount a page. > >> > >> -Clint > >> > >> On Tue, Jun 28, 2011 at 12:33 PM, Igor Vaynberg < > [email protected]>wrote: > >> > >>> why do you use it? > >>> > >>> -igor > >>> > >>> On Tue, Jun 28, 2011 at 5:10 AM, Clint Checketts <[email protected]> > >>> wrote: > >>>> We use setEnforceMounts(). Would that be broken too by this change? > >>>> > >>>> Ws Martin saying that BookmarkableMapper isn't using the setting at > all > >>> in > >>>> 1.5? > >>>> > >>>> -Clint > >>>> > >>>> On Tue, Jun 28, 2011 at 4:49 AM, Martin Grigorov < > [email protected] > >>>> wrote: > >>>> > >>>>> OK, I'll remove it. > >>>>> Seems easy enough to re-add if someone ever need it. > >>>>> > >>>>> On Mon, Jun 27, 2011 at 6:11 PM, Igor Vaynberg < > [email protected] > >>>> > >>>>> wrote: > >>>>>> i think we can drop this from 1.5 > >>>>>> > >>>>>> -igor > >>>>>> > >>>>>> On Mon, Jun 27, 2011 at 3:14 AM, Martin Grigorov < > >>> [email protected]> > >>>>> wrote: > >>>>>>> Hi, > >>>>>>> > >>>>>>> In 1.5 > >>> org.apache.wicket.settings.ISecuritySettings.getEnforceMounts() > >>>>>>> is not currently used. > >>>>>>> Reading its javadoc I understand that it should disable completely > >>>>>>> org.apache.wicket.request.mapper.BookmarkableMapper when the flag > is > >>>>>>> "true". > >>>>>>> I.e. making a request to /wicket/bookmarkable/com.example.MyPage > >>>>>>> should not be recognized by BookmarkableMapper. > >>>>>>> Am I right ? > >>>>>>> > >>>>>>> -- > >>>>>>> Martin Grigorov > >>>>>>> jWeekend > >>>>>>> Training, Consulting, Development > >>>>>>> http://jWeekend.com > >>>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Martin Grigorov > >>>>> jWeekend > >>>>> Training, Consulting, Development > >>>>> http://jWeekend.com > >>>>> > >>>> > >>> > > > > > > > > -- > Martin Grigorov > jWeekend > Training, Consulting, Development > http://jWeekend.com >
