We're seeing the same problem - in 5.0.18 as well.
One solution:
private static final HashSet<String> protectedAssets = new
HashSet<String>(Arrays.asList("class", "tml", "properties", "sql",
"xml"));
public void
contributeHttpServletRequestHandler
(OrderedConfiguration<HttpServletRequestFilter>
configuration) {
configuration.add("AssetProtectionFilter", new
HttpServletRequestFilter() {
public boolean service(HttpServletRequest request,
HttpServletResponse response, HttpServletRequestHandler handler)
throws IOException {
String path = request.getServletPath();
if (path.startsWith("/assets") &&
protectedAssets.contains(FileUtils.getExtension(path))) {
response.sendRedirect(request.getContextPath() +
"/accessdenied");
return true;
} else {
return handler.service(request, response);
}
}
}, "before:*");
}
Julian
On Jul 21, 2009, at 2:07 PM, Daniel Jones wrote:
Hi Thiago,
Yes this doesn't seem right to me. Are you seeing the same problem?
Regards,
Daniel
Thiago H. de Paula Figueiredo wrote:
Em Tue, 21 Jul 2009 00:02:20 -0300, Daniel Jones <d...@murieston.com>
escreveu:
I don't understand why I should have to configure this. I have
another
tapestry 5.0.18 application which does not have this behaviour.
Maybe this was introduced by the asset versioning added in 5.1.0.x.
It
surely looks like a serious bug to me. Please post a JIRA about it.
--
Thiago H. de Paula Figueiredo
Independent Java consultant, developer, and instructor
http://www.arsmachina.com.br/thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
--
View this message in context:
http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24594867.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org