Hi Sven, I haven't used this setting in 1.3/1.4 but as far as I understood the feature its purpose it to disallow requests to pages via /wicket/bookmarkable/my.package.MyPage completely. This feature has been lost in the early 1.5 days and then some user asked for it and with his help I re-introduced it. Igor also gave me his '+1' on this.
I personally don't see much value in the new implementation. Since the setting is in ISecuritySettings I think that it should reject access by name to the pages completely, not just for the mounted pages. On Tue, Mar 12, 2013 at 4:05 PM, <[email protected]> wrote: > Updated Branches: > refs/heads/wicket-1.5.x 2a7ba5ef1 -> 34735e027 > > > WICKET-5094 enforce mount for mounted pages only > > > Project: http://git-wip-us.apache.org/repos/asf/wicket/repo > Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/34735e02 > Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/34735e02 > Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/34735e02 > > Branch: refs/heads/wicket-1.5.x > Commit: 34735e027071bba98100f3fc291c667959b46eee > Parents: 2a7ba5e > Author: svenmeier <[email protected]> > Authored: Tue Mar 12 15:26:49 2013 +0100 > Committer: svenmeier <[email protected]> > Committed: Tue Mar 12 15:26:49 2013 +0100 > > ---------------------------------------------------------------------- > .../wicket/request/mapper/BookmarkableMapper.java | 29 +++++++++++---- > .../wicket/settings/ISecuritySettingsTest.java | 8 ++++ > 2 files changed, 29 insertions(+), 8 deletions(-) > ---------------------------------------------------------------------- > > > > http://git-wip-us.apache.org/repos/asf/wicket/blob/34735e02/wicket-core/src/main/java/org/apache/wicket/request/mapper/BookmarkableMapper.java > ---------------------------------------------------------------------- > diff --git > a/wicket-core/src/main/java/org/apache/wicket/request/mapper/BookmarkableMapper.java > b/wicket-core/src/main/java/org/apache/wicket/request/mapper/BookmarkableMapper.java > index 759f389..eb917e1 100644 > --- > a/wicket-core/src/main/java/org/apache/wicket/request/mapper/BookmarkableMapper.java > +++ > b/wicket-core/src/main/java/org/apache/wicket/request/mapper/BookmarkableMapper.java > @@ -20,6 +20,8 @@ import org.apache.wicket.Application; > import org.apache.wicket.request.Request; > import org.apache.wicket.request.Url; > import org.apache.wicket.request.component.IRequestablePage; > +import org.apache.wicket.request.handler.PageProvider; > +import org.apache.wicket.request.handler.RenderPageRequestHandler; > import org.apache.wicket.request.mapper.info.PageComponentInfo; > import org.apache.wicket.request.mapper.parameter.IPageParametersEncoder; > import org.apache.wicket.request.mapper.parameter.PageParameters; > @@ -91,14 +93,6 @@ public class BookmarkableMapper extends > AbstractBookmarkableMapper > @Override > protected UrlInfo parseRequest(Request request) > { > - if (Application.exists()) > - { > - if > (Application.get().getSecuritySettings().getEnforceMounts()) > - { > - return null; > - } > - } > - > Url url = request.getUrl(); > if (matches(url)) > { > @@ -111,6 +105,25 @@ public class BookmarkableMapper extends > AbstractBookmarkableMapper > > if (pageClass != null && > IRequestablePage.class.isAssignableFrom(pageClass)) > { > + if (Application.exists()) > + { > + Application application = > Application.get(); > + > + if > (application.getSecuritySettings().getEnforceMounts()) > + { > + // we make an excepion if > the homepage itself was mounted, see WICKET-1898 > + if > (!pageClass.equals(application.getHomePage())) > + { > + // WICKET-5094 > only enforce mount if page is mounted > + Url reverseUrl = > application.getRootRequestMapper().mapHandler( > + new > RenderPageRequestHandler(new PageProvider(pageClass))); > + if > (!matches(reverseUrl)) > + { > + return > null; > + } > + } > + } > + } > > // extract the PageParameters from URL if > there are any > PageParameters pageParameters = > extractPageParameters(request, 3, > > > http://git-wip-us.apache.org/repos/asf/wicket/blob/34735e02/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java > ---------------------------------------------------------------------- > diff --git > a/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java > b/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java > index ddcde75..7822531 100644 > --- > a/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java > +++ > b/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java > @@ -58,6 +58,14 @@ public class ISecuritySettingsTest extends > WicketTestCase > tester.assertRenderedPage(UnknownPage.class); > > > tester.getApplication().getSecuritySettings().setEnforceMounts(true); > + > + tester.startPage(pageWithLink); > + tester.assertRenderedPage(MockPageWithLink.class); > + tester.clickLink(MockPageWithLink.LINK_ID); > + tester.assertRenderedPage(UnknownPage.class); > + > + tester.getApplication().mountPackage("unknown", > UnknownPage.class); > + > tester.startPage(pageWithLink); > tester.assertRenderedPage(MockPageWithLink.class); > tester.clickLink(MockPageWithLink.LINK_ID); > > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com <http://jweekend.com/>
