Hi Robert,
> ...If there's sufficient interest in a solution based around a
RequestFilter, I'll
> consider rewriting the protection around said scheme.
We are very interested. Thank you.
Marcus
Hi Marcelo,
AssetProtectionDispatcher is functioning correctly. It's intended
purpose is to protect "asset" files, which are typically on the
classpath.
Tapestry passes control for static files directly to the servlet
container, and AssetProtectionDispatcher also ignores urls that don't
Robert,
I pretty understand what your component does, but some things are not really
clear for me.
I'd created a new 5.0.5 project called "testBlock" to test your component.
When i put the dependency on pom.xml, It blocks the access to the
"testBlock/assets/" url. Alright, but if i put a file "fil
Something seems to be missing. :)
Maybe the module isn't being properly auto-loaded?
Ah... another possibility is tapestry version... what version of
tapestry are you using? At the moment, I'm still on 5.0.5 (hope to
switch to 5.0.6 sometime in the near future).
Robert
On Nov 28, 2007, at 1
ok, looks like i made it wrong
In a previous thread, you said that this component requires "zero
configuration", so i just put a dependency on my pom.xml, but it's still
just like before (i.e i still can access, let's say, a 'file.xyz' inside my
app).
am i missing something?
2007/11/28, Robert Ze
The dispatcher, itself, blocks nothing.
It delegates to the authorizers. The last authorizer in the chain is a
whitelist, which whitelists
each of the (known) tapestry assets. I would be curious to know what
resources you were able to access.
Robert
On Nov 28, 2007, at 11/289:31 AM , Marce
Hi Robert,
I try this component here, but many things are still available. What
specifically this dispatcher blocks by default?
2007/11/27, Robert Zeigler <[EMAIL PROTECTED]>:
>
> Hi All,
>
> I've updated AssetProtectionDispatcher both in Tassel (
> http://www.tapestrycomponents.org
> ) and in the
Hi All,
I've updated AssetProtectionDispatcher both in Tassel (http://www.tapestrycomponents.org
) and in the maven repo mentioned in the AssetProtectionDispatcher
"notes" on Tassel. Current version is now 0.0.3.
The new version includes updated default entries to the
WhitelistAuthorizer to
