I don't understand why I should have to configure this. I have another
tapestry 5.0.18 application which does not have this behaviour.
I have made the following contribution
public static void
contributeResourceDigestGenerator(Configuration<String> configuration) {
configuration.add("class");
configuration.add("tml");
configuration.add("xml");
}
Which seems to secure the correct files in:
http://127.0.0.1:8080/assets/
But if accessed via the following url (extracted from page source)
http://127.0.0.1:8080/assets/ctx/349b8e82ab9a007b/
I can still access whatever I please, .tml files etc. So in other words,
the whole world can see the structure of the application and have a look at
the template source code.
Why is this happening?
Any help is much appreciated.
Regards,
Daniel
王刚-4 wrote:
>
> You should configure the servlet container. Java Web Security is a
> standard
> part of the J2EE/JEE specification. There should be many resources on the
> internet on that topic.
>
> On Tue, Jul 21, 2009 at 9:30 AM, Daniel Jones <d...@murieston.com> wrote:
>
>>
>> Hi Howard,
>>
>> Thanks for the reply. How do I do that, is this tapestry specific or do
>> I
>> need to configure the servlet container (Jetty in my case).
>>
>> Regards,
>> Daniel
>>
>>
>> Howard Lewis Ship wrote:
>> >
>> > You can mark them as protected resources that require a CRC query
>> > parameter to access.
>> >
>> > You are right, .tml files should be protected in this way, as should
>> > hibernate XML files.
>> >
>> > On Mon, Jul 20, 2009 at 6:13 PM, Daniel Jones<d...@murieston.com> wrote:
>> >>
>> >> Hello,
>> >>
>> >> OK, so here is my problem.
>> >>
>> >> In my page template:
>> >> ${asset:context:assets/images/layout/add.png}
>> >>
>> >> Tapestry generated URL to asset.
>> >>
>> >>
>> http://127.0.0.1:8080/assets/ctx/c69b95ec1fef872d/assets/images/layout/add.png
>> >>
>> >> If I point my browser at:
>> >>
>> >> http://127.0.0.1:8080/assets/ctx/c69b95ec1fef872d/
>> >>
>> >> I get a directory listing including my .tml files, I can download
>> these
>> >> in
>> >> their raw form. If I point my browser at
>> http://127.0.0.1:8080/assets/
>> >> I
>> >> get a directory listing again, this time even more worrying as it
>> >> contains
>> >> my hibernate.cfg.xml which can be downloaded exposing the database
>> >> username
>> >> and password.
>> >>
>> >> How do I fix this. I used the maven archetype to build the project so
>> >> the
>> >> layout looks normal when compared with
>> >> http://tapestry.apache.org/tapestry5/guide/project-layout.html
>> >>
>> >> What am I doing wrong?
>> >>
>> >> Any help is much appreciated.
>> >>
>> >> Regards,
>> >> Daniel
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24580195.html
>> >> Sent from the Tapestry - User mailing list archive at Nabble.com.
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>> >> For additional commands, e-mail: users-h...@tapestry.apache.org
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Howard M. Lewis Ship
>> >
>> > Creator of Apache Tapestry
>> > Director of Open Source Technology at Formos
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>> > For additional commands, e-mail: users-h...@tapestry.apache.org
>> >
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24580323.html
>> Sent from the Tapestry - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>> For additional commands, e-mail: users-h...@tapestry.apache.org
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24580961.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
