Re: T5 - Configuration and .tml Files are Exposed By Tapestry.

Tue, 21 Jul 2009 16:14:23 -0700 

We're seeing the same problem - in 5.0.18 as well.

One solution:
private static final HashSet<String> protectedAssets = new HashSet<String>(Arrays.asList("class", "tml", "properties", "sql", "xml")); public void contributeHttpServletRequestHandler (OrderedConfiguration<HttpServletRequestFilter> 
            configuration) {
configuration.add("AssetProtectionFilter", new HttpServletRequestFilter() { public boolean service(HttpServletRequest request, HttpServletResponse response, HttpServletRequestHandler handler) throws IOException { 
                String path = request.getServletPath();
if (path.startsWith("/assets") && protectedAssets.contains(FileUtils.getExtension(path))) { response.sendRedirect(request.getContextPath() + "/accessdenied"); 
                    return true;
                } else {
                    return handler.service(request, response);
                }
            }
        }, "before:*");
    }

Julian


On Jul 21, 2009, at 2:07 PM, Daniel Jones wrote:



Hi Thiago,

Yes this doesn't seem right to me. Are you seeing the same problem?

Regards,
Daniel


Thiago H. de Paula Figueiredo wrote:


Em Tue, 21 Jul 2009 00:02:20 -0300, Daniel Jones <d...@murieston.com>
escreveu:
I don't understand why I should have to configure this. I have another 
tapestry 5.0.18 application which does not have this behaviour.
Maybe this was introduced by the asset versioning added in 5.1.0.x. It 
surely looks like a serious bug to me. Please post a JIRA about it.

--
Thiago H. de Paula Figueiredo
Independent Java consultant, developer, and instructor
http://www.arsmachina.com.br/thiago

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org





--
View this message in context: 
http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24594867.html
Sent from the Tapestry - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to