The dispatcher, itself, blocks nothing.
It delegates to the authorizers. The last authorizer in the chain is a
whitelist, which whitelists
each of the (known) tapestry assets. I would be curious to know what
resources you were able to access.
Robert
On Nov 28, 2007, at 11/289:31 AM , Marcelo Lotif wrote:
Hi Robert,
I try this component here, but many things are still available. What
specifically this dispatcher blocks by default?
2007/11/27, Robert Zeigler <[EMAIL PROTECTED]>:
Hi All,
I've updated AssetProtectionDispatcher both in Tassel (
http://www.tapestrycomponents.org
) and in the maven repo mentioned in the AssetProtectionDispatcher
"notes" on Tassel. Current version is now 0.0.3.
The new version includes updated default entries to the
WhitelistAuthorizer to handle some tapestry assets that weren't
properly handled before. It also includes a new RegexAuthorizer that
takes an ordered list of regular expressions (as strings; yes, the
service will pre-compile them to patterns) to match against. If a
resource matches a provided regex, access to the asset is allowed.
Otherwise, authorization falls through to the whitelist authorizer.
The default configuration contains NO contributions to the regex
authorizer at the moment. For most projects, a contribution along
the
lines of:
contributeRegexAuthorizer(Configuration<String> conf) {
conf.add("^.*\\.png$");
conf.add("^.*\\.jpg$");
conf.add("^.*\\.jpeg$");
conf.add("^.*\\.js$");
conf.add("^.*\\.css$");
}
is probably prudent.
Cheers,
Robert
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Atenciosamente,
Marcelo Lotif
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
