Angelo Chen wrote:
how to close access to ".class" and ".tml"?
This has been posted to the list multiple times so I another time
wouldn't hurt ;)
I use the following code to whitelist some assets. Access to non white
listed assets is denied.
Add to your application module:
private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
"gif", "js", "css", "ico"};
/*
* All the assets that are allowed to be downloaded using the assets
service (including files without extension and dirs)
*/
private static final Set<String> assetsWhitelist =
Collections.synchronizedSet(
new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
public void
contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
configuration,
@Inject @Value("${access-denied-page}") final String
accessDeniedPage)
{
/*
* Create a filter that will block access to some assets. The asset
service allows access to some assets we do
* not want to expose. The asset service will show all files in
/assets/ directory and allows you (by default)
* to download some files which you do not want to expose.
*/
HttpServletRequestFilter filter = new HttpServletRequestFilter()
{
public boolean service(HttpServletRequest request,
HttpServletResponse response, HttpServletRequestHandler handler)
throws IOException
{
String path = request.getServletPath();
if (path.startsWith("/assets") && (!assetsWhitelist.contains(
StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
{
logger.warn("access to asset " + path + " denied");
response.sendRedirect(request.getContextPath() + "/" +
accessDeniedPage);
return true;
}
return handler.service(request, response);
}
};
configuration.add("AssetProtectionFilter", filter , "before:*");
}
Sergey Didenko wrote:
BTW, it's worth to remind again everyone who is going to publish their
site urls, to close the access to ".class" and ".tml" files .
On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <mluse...@gmail.com>
wrote:
On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
Figueiredo<thiag...@gmail.com> wrote:
Hi!
I guess this was already discussed some time ago, but I couldn't find
it. :(
Anyway, it's been a long time, so let's get it started again. ;)
Tapestry is a wonderful framework, but it isn't the best known one
around.
Sometimes, managers ask us to provide some projects/sites/success
stories/etc using it so they can be more confident about Tapestry.
There's a
Success Stories page in the wiki
(http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had any
edit
since 2007-10-05.
What about sharing your success stories with us, promoting Tapestry
(specially T5)? If the project is a public website, please post the URL
here. I think we should have a list of Tapestry-powered sites.
Thanks in advance.
It would be great to have that page more up to date but i remember
Howard asking for "private" user stories and more then one have
replied him even personally so i guess if that would make sense too to
have that stories online.
Do i remember correctly Howard?
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
--
Djigzo open source email encryption
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
