One other thing I forgot to mention in this checkin:
- Removed the <error-page> entry, in web.xml of netui-samples and petstoreWeb, both of which pointed to "/error.jsp". We're avoiding adding this entry anymore -- see http://issues.apache.org/jira/browse/BEEHIVE-489 for more details.
[EMAIL PROTECTED] wrote:
Author: rich Date: Sun May 15 14:11:45 2005 New Revision: 170267
URL: http://svn.apache.org/viewcvs?rev=170267&view=rev Log: Fixes for: - http://issues.apache.org/jira/browse/BEEHIVE-735 : netui-blank now out of sync with tutorial_controls.html - http://issues.apache.org/jira/browse/BEEHIVE-736 : page flow source code is visible from the browser in netui-samples
Also, related to the fix for http://issues.apache.org/jira/browse/BEEHIVE-615 , I've changed the JUnit tests to go against the template web.xml rather than another one that was checked in there.
And, deleted the (unused and deprecated) Global.app from netui-blank.
tests: bvt in netui (WinXP) BB: run.tests against the distributions (linux)
Added: incubator/beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/PageFlowForbiddenFilter.java (with props) incubator/beehive/trunk/netui/src/webapp-template/default/Controller.java - copied unchanged from r170236, incubator/beehive/trunk/netui/src/webapp-template/default/Controller.jpf incubator/beehive/trunk/netui/test/src/junitTests/WEB-INF/.pageflow-struts-generated/ incubator/beehive/trunk/netui/test/src/junitTests/WEB-INF/.pageflow-struts-generated/jpf-struts-config.xml - copied unchanged from r169968, incubator/beehive/trunk/netui/test/src/junitTests/WEB-INF/struts-config.xml Removed: incubator/beehive/trunk/netui/src/webapp-template/default/Controller.jpf incubator/beehive/trunk/netui/src/webapp-template/default/WEB-INF/src/global/ incubator/beehive/trunk/netui/test/src/junitTests/WEB-INF/struts-config.xml incubator/beehive/trunk/netui/test/src/junitTests/WEB-INF/web.xml Modified: incubator/beehive/trunk/netui/ant/netui.properties incubator/beehive/trunk/netui/src/webapp-template/default/WEB-INF/web.xml incubator/beehive/trunk/netui/test/src/junitTests/build.xml incubator/beehive/trunk/samples/netui-samples/WEB-INF/web.xml incubator/beehive/trunk/samples/petstoreWeb/web/WEB-INF/web.xml incubator/beehive/trunk/user/netui-blank/build.xml
Modified: incubator/beehive/trunk/netui/ant/netui.properties URL: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/ant/netui.properties?rev=170267&r1=170266&r2=170267&view=diff ============================================================================== --- incubator/beehive/trunk/netui/ant/netui.properties (original) +++ incubator/beehive/trunk/netui/ant/netui.properties Sun May 15 14:11:45 2005 @@ -72,6 +72,9 @@ # NetUI config file references netuiconfig.xml=${src.dir}/webapp-template/default/WEB-INF/beehive-netui-config.xml
+# Default web.xml file reference +default.web.xml=${src.dir}/webapp-template/default/WEB-INF/web.xml + # Validator rules file references beehive-netui-validator-rules.xml=${src.dir}/webapp-template/default/WEB-INF/beehive-netui-validator-rules.xml validator-rules.xml=${src.dir}/webapp-template/default/WEB-INF/validator-rules.xml
Added: incubator/beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/PageFlowForbiddenFilter.java
URL: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/PageFlowForbiddenFilter.java?rev=170267&view=auto
==============================================================================
--- incubator/beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/PageFlowForbiddenFilter.java (added)
+++ incubator/beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/PageFlowForbiddenFilter.java Sun May 15 14:11:45 2005
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * + * http://www.apache.org/licenses/LICENSE-2.0
+ * + * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * $Header:$
+ */
+package org.apache.beehive.netui.pageflow;
+
+import org.apache.beehive.netui.util.logging.Logger;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+
+/**
+ * Servlet Filter that sends a specified error code on the response. Used to prevent Java source from being displayed
+ * in the browser, in the case where it is mixed in with web content, and the web content directory itself is being
+ * deployed.
+ */ +public class PageFlowForbiddenFilter
+ implements Filter
+{
+ private static final Logger _log = Logger.getInstance( PageFlowForbiddenFilter.class );
+ private static final int DEFAULT_RESPONSE_CODE = HttpServletResponse.SC_FORBIDDEN;
+ + private int _responseCode = DEFAULT_RESPONSE_CODE;
+ + public void init( FilterConfig filterConfig ) throws ServletException
+ {
+ String responseCodeStr = filterConfig.getInitParameter( "response-code" );
+ + if ( responseCodeStr != null )
+ {
+ try
+ {
+ _responseCode = Integer.parseInt( responseCodeStr );
+ }
+ catch ( NumberFormatException e )
+ {
+ _log.error( "Could not parse response-code \"" + responseCodeStr + "\" for Servlet Filter "
+ + PageFlowForbiddenFilter.class.getName(), e );
+ }
+ }
+ }
+
+ public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain )
+ throws IOException, ServletException
+ {
+ if ( ! ( servletResponse instanceof HttpServletResponse ) )
+ {
+ _log.error( "Servlet Filter " + PageFlowForbiddenFilter.class.getName() + " used against a non-HTTP response: "
+ + servletResponse.getClass().getName() );
+ return;
+ }
+ + if ( _log.isInfoEnabled() )
+ {
+ _log.info( "Request for " + ( ( HttpServletRequest ) servletRequest ).getServletPath() + " handled by "
+ + PageFlowForbiddenFilter.class.getName() );
+ }
+ + ( ( HttpServletResponse ) servletResponse ).sendError( _responseCode );
+ }
+
+ public void destroy()
+ {
+ }
+}
Propchange: incubator/beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/PageFlowForbiddenFilter.java ------------------------------------------------------------------------------ svn:eol-style = native
Modified: incubator/beehive/trunk/netui/src/webapp-template/default/WEB-INF/web.xml URL: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/src/webapp-template/default/WEB-INF/web.xml?rev=170267&r1=170266&r2=170267&view=diff ============================================================================== --- incubator/beehive/trunk/netui/src/webapp-template/default/WEB-INF/web.xml (original) +++ incubator/beehive/trunk/netui/src/webapp-template/default/WEB-INF/web.xml Sun May 15 14:11:45 2005 @@ -7,16 +7,34 @@
<display-name>Beehive Web Application</display-name>
+ <!-- Filter to perform Page Flow operations when JSPs are hit directly. --> <filter> <filter-name>PageFlowJspFilter</filter-name> <filter-class>org.apache.beehive.netui.pageflow.PageFlowJspFilter</filter-class> </filter>
+ <!-- Filter to perform Page Flow operations when JavaServer Faces pages are hit directly. --> <filter> <filter-name>PageFlowFacesFilter</filter-name> <filter-class>org.apache.beehive.netui.pageflow.PageFlowFacesFilter</filter-class> </filter>
+ <!-- + It is possible - but certainly not required - to keep source files such as page flows and + JavaServer Faces backing beans mixed in with web content. In this case, and when the web + content directory itself is being deployed without being copied to some other build + location, it is important to prevent the source code from being URL-addressable. This + filter returns a specified error code when source files are requested. + --> + <filter> + <filter-name>PageFlowForbiddenFilter</filter-name> + <filter-class>org.apache.beehive.netui.pageflow.PageFlowForbiddenFilter</filter-class> + <init-param> + <param-name>response-code</param-name> + <param-value>404</param-value> + </init-param> + </filter> + <filter-mapping> <filter-name>PageFlowJspFilter</filter-name> <url-pattern>*.jsp</url-pattern> @@ -49,6 +67,27 @@ <dispatcher>INCLUDE</dispatcher> </filter-mapping>
+ <!-- Prevent URL access to Java source code. --> + <filter-mapping> + <filter-name>PageFlowForbiddenFilter</filter-name> + <url-pattern>*.java</url-pattern> + <dispatcher>REQUEST</dispatcher> + </filter-mapping> + + <!-- Prevent URL access to JavaServer Faces backing beans. --> + <filter-mapping> + <filter-name>PageFlowForbiddenFilter</filter-name> + <url-pattern>*.jsfb</url-pattern> + <dispatcher>REQUEST</dispatcher> + </filter-mapping> + + <!-- Prevent URL access to shared flow source files. --> + <filter-mapping> + <filter-name>PageFlowForbiddenFilter</filter-name> + <url-pattern>*.jpfs</url-pattern> + <dispatcher>REQUEST</dispatcher> + </filter-mapping> + <!-- Action Servlet Configuration (with debugging) --> <servlet> <servlet-name>action</servlet-name> @@ -80,16 +119,6 @@ <servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>*.jpf</url-pattern> - </servlet-mapping> - - <servlet-mapping> - <servlet-name>action</servlet-name> - <url-pattern>*.jpfs</url-pattern> - </servlet-mapping> - - <servlet-mapping> - <servlet-name>action</servlet-name> - <url-pattern>*.jsfb</url-pattern> </servlet-mapping>
<servlet-mapping>
Modified: incubator/beehive/trunk/netui/test/src/junitTests/build.xml URL: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/src/junitTests/build.xml?rev=170267&r1=170266&r2=170267&view=diff ============================================================================== --- incubator/beehive/trunk/netui/test/src/junitTests/build.xml (original) +++ incubator/beehive/trunk/netui/test/src/junitTests/build.xml Sun May 15 14:11:45 2005 @@ -32,6 +32,7 @@ </copy>
<copy todir="${module.classes.dir}/WEB-INF/" file="${netuiconfig.xml}"/> + <copy todir="${module.classes.dir}/WEB-INF/" file="${default.web.xml}"/> <copy todir="${module.classes.dir}/WEB-INF/" file="${beehive-netui-validator-rules.xml}"/> <copy todir="${module.classes.dir}/WEB-INF/" file="${validator-rules.xml}"/>
Modified: incubator/beehive/trunk/samples/netui-samples/WEB-INF/web.xml URL: http://svn.apache.org/viewcvs/incubator/beehive/trunk/samples/netui-samples/WEB-INF/web.xml?rev=170267&r1=170266&r2=170267&view=diff ============================================================================== --- incubator/beehive/trunk/samples/netui-samples/WEB-INF/web.xml (original) +++ incubator/beehive/trunk/samples/netui-samples/WEB-INF/web.xml Sun May 15 14:11:45 2005 @@ -107,8 +107,4 @@ <welcome-file>index.jsp</welcome-file> </welcome-file-list>
- <error-page> - <error-code>500</error-code> - <location>/error.jsp</location> - </error-page> </web-app>
Modified: incubator/beehive/trunk/samples/petstoreWeb/web/WEB-INF/web.xml URL: http://svn.apache.org/viewcvs/incubator/beehive/trunk/samples/petstoreWeb/web/WEB-INF/web.xml?rev=170267&r1=170266&r2=170267&view=diff ============================================================================== --- incubator/beehive/trunk/samples/petstoreWeb/web/WEB-INF/web.xml (original) +++ incubator/beehive/trunk/samples/petstoreWeb/web/WEB-INF/web.xml Sun May 15 14:11:45 2005 @@ -76,11 +76,6 @@ <welcome-file>index.jsp</welcome-file> </welcome-file-list>
- <error-page> - <error-code>500</error-code> - <location>/error.jsp</location> - </error-page> - <!-- <security-constraint> <web-resource-collection>
Modified: incubator/beehive/trunk/user/netui-blank/build.xml
URL: http://svn.apache.org/viewcvs/incubator/beehive/trunk/user/netui-blank/build.xml?rev=170267&r1=170266&r2=170267&view=diff
==============================================================================
--- incubator/beehive/trunk/user/netui-blank/build.xml (original)
+++ incubator/beehive/trunk/user/netui-blank/build.xml Sun May 15 14:11:45 2005
@@ -43,6 +43,12 @@
</fileset>
</path>
+ <!-- Define the sourcepath used to build the webapp -->
+ <path id="webapp.build.sourcepath">
+ <pathelement location="${webapp.dir}"/>
+ <pathelement location="${webapp.dir}/WEB-INF/src"/>
+ </path> +
<target name="deploy-beehive" description="Copy the Beehive page flow and web service rutime into the target webapp">
<deploy-netui webappDir="${webapp.dir}"/>
<deploy-wsm webappDir="${webapp.dir}"/>
@@ -71,14 +77,16 @@
classpathref="webapp.build.classpath"/>
<!-- compile JPFs -->
- <build-pageflows srcdir="${webapp.dir}" + <build-pageflows webcontentdir="${webapp.dir}"
+ srcdir="${webapp.dir}" weboutputdir="${webapp.dir}" classoutputdir="${webapp.dir}/WEB-INF/classes" tempdir="${webapp.dir}/WEB-INF/${tmp.sourcegen.dir}"
- classpathref="webapp.build.classpath"/>
+ classpathref="webapp.build.classpath"
+ sourcepathref="webapp.build.sourcepath"/>
<!-- copy resources --> - <echo>Copy all .properties and .xml files</echo> + <echo>Copy all .properties and .xml files</echo> <copy todir="${webapp.dir}/WEB-INF/classes"> <fileset dir="${webapp.dir}/WEB-INF/src" includes="**/*.properties"/> <fileset dir="${webapp.dir}/WEB-INF/src" includes="**/*.xml"/>
