svn commit: r1455331 - in /rave/trunk/rave-portal-resources/src/main/webapp: WEB-INF/applicationContext-security.xml static/script/rave_opensocial.js

Mon, 11 Mar 2013 14:12:01 -0700 

Author: mfranklin
Date: Mon Mar 11 21:11:36 2013
New Revision: 1455331

URL: http://svn.apache.org/r1455331
Log:
Fixed issue where querystring parameters broke security restrictions for link 
visibility (RAVE-906)

Modified:
    
rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
    
rave/trunk/rave-portal-resources/src/main/webapp/static/script/rave_opensocial.js

Modified: 
rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
URL: 
http://svn.apache.org/viewvc/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml?rev=1455331&r1=1455330&r2=1455331&view=diff
==============================================================================
--- 
rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
 (original)
+++ 
rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
 Mon Mar 11 21:11:36 2013
@@ -28,19 +28,19 @@
           http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd";>
-    <security:http auto-config="true" use-expressions="true" 
disable-url-rewriting="true">
-        <security:intercept-url pattern="/static/**" access="permitAll"/>
-        <security:intercept-url pattern="/login" access="permitAll"/>
-        <security:intercept-url pattern="/newaccount.jsp*" access="permitAll"/>
-               <security:intercept-url pattern="/app/newaccount*" 
access="permitAll"/>
-               <security:intercept-url pattern="/app/openidregister*" 
access="permitAll"/>
-        <security:intercept-url pattern="/app/newpassword/**" 
access="permitAll"/>
-        <security:intercept-url pattern="/app/retrieveusername/**" 
access="permitAll"/>
-        <security:intercept-url pattern="/app/changepassword/**" 
access="permitAll"/>
-        <security:intercept-url pattern="/app/messagebundle/*.js" 
access="permitAll"/>
-        <security:intercept-url pattern="/app/admin/**" 
access="hasRole('ROLE_ADMIN')"/>
+    <security:http auto-config="true" use-expressions="true" 
disable-url-rewriting="true" path-type="regex">
+        <security:intercept-url pattern="\A/static(\?.*|/.*)\Z" 
access="permitAll"/>
+        <security:intercept-url pattern="\A/login\Z" access="permitAll"/>
+        <security:intercept-url pattern="\A/newaccount\.jsp(\\?.*)?\Z" 
access="permitAll"/>
+               <security:intercept-url pattern="\A/app/newaccount(\?.*|/.*)\Z" 
access="permitAll"/>
+               <security:intercept-url 
pattern="\A/app/openidregister(\?.*|/.*)\Z" access="permitAll"/>
+        <security:intercept-url pattern="\A/app/newpassword(\?.*|/.*)\Z" 
access="permitAll"/>
+        <security:intercept-url pattern="\A/app/retrieveusername(\?.*|/.*)\Z" 
access="permitAll"/>
+        <security:intercept-url pattern="\A/app/changepassword(\?.*|/.*)*\Z" 
access="permitAll"/>
+        <security:intercept-url pattern="\A/app/messagebundle/.*\.js\Z" 
access="permitAll"/>
+        <security:intercept-url pattern="\A/app/admin(\?.*|/.*)\Z" 
access="hasRole('ROLE_ADMIN')"/>
         <!-- all urls must be authenticated -->
-        <security:intercept-url pattern="/**" 
access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
+        <security:intercept-url pattern="\A/.*\Z" 
access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
         <security:openid-login user-service-ref="userService" 
authentication-failure-handler-ref="openIdAuthFailureHandler">
             <security:attribute-exchange 
identifier-match="https://www.google.com.*";>
                 <security:openid-attribute name="email" 
type="http://axschema.org/contact/email"; required="true" count="1"/>

Modified: 
rave/trunk/rave-portal-resources/src/main/webapp/static/script/rave_opensocial.js
URL: 
http://svn.apache.org/viewvc/rave/trunk/rave-portal-resources/src/main/webapp/static/script/rave_opensocial.js?rev=1455331&r1=1455330&r2=1455331&view=diff
==============================================================================
--- 
rave/trunk/rave-portal-resources/src/main/webapp/static/script/rave_opensocial.js
 (original)
+++ 
rave/trunk/rave-portal-resources/src/main/webapp/static/script/rave_opensocial.js
 Mon Mar 11 21:11:36 2013
@@ -284,13 +284,19 @@ rave.opensocial = rave.opensocial || (fu
         var elem = document.getElementById("widget-" + id + "-wrapper");
 
         // determine the height of the gadget's iframe
-        var height = rave.getDefaultWidgetHeight();
+        var height = rave.getDefaultWidgetHeight(), width="100%";
         if (view == rave.opensocial.VIEW_NAMES.CANVAS) {
             height = elem.clientHeight;
-        } else if (gadget.metadata.modulePrefs && 
gadget.metadata.modulePrefs.height) {
-            height = gadget.metadata.modulePrefs.height;
+            width = "99%";
+        } else {
+            if (gadget.metadata.modulePrefs && 
gadget.metadata.modulePrefs.height) {
+                height = gadget.metadata.modulePrefs.height;
+            }
+            if(gadget.metadata.modulePrefs && 
gadget.metadata.modulePrefs.width) {
+                width = gadget.metadata.modulePrefs.width;
+            }
         }
-        return {width:"100%", height:height};
+        return {width:width, height:height};
     }
 
     /**

Reply via email to