reso...

craigmcc Thu, 14 Dec 2006 00:41:37 -0800

Author: craigmcc
Date: Thu Dec 14 00:40:48 2006
New Revision: 487133

URL: http://svn.apache.org/viewvc?view=rev&rev=487133
Log:
Improve out-of-the-box security of Shale Remoting:


* Dynamic processor (maps resource ids to public methods on a managed bean)
  now refuses to call methods on bean names defined implicitly by the JSF
  spec (such as applicationScope).

* All processors now enforce their default exclude lists even if the user
  specifies (additional) patterns to be excluded.

SHALE-362

Added:
    
shale/framework/trunk/shale-remoting/src/test/resources/org/apache/shale/remoting/impl/TestData.txt
      - copied unchanged from r486288, 
shale/framework/trunk/shale-remoting/src/test/resources/org/apache/shale/remoting/impl/TestData.text
Removed:
    
shale/framework/trunk/shale-remoting/src/test/resources/org/apache/shale/remoting/impl/TestData.text
Modified:
    
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/Constants.java
    
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/AbstractResourceProcessor.java
    
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/ClassResourceProcessor.java
    
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/FilteringProcessor.java
    
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/MethodBindingProcessor.java
    
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/WebResourceProcessor.java
    
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/package.html
    shale/framework/trunk/shale-remoting/src/site/xdoc/index.xml
    
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/faces/MappingsHelperTestCase.java
    
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/ClassResourceProcessorTestCase.java
    
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/MethodBindingProcessorTestCase.java

Modified: 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/Constants.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/Constants.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/Constants.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/Constants.java
 Thu Dec 14 00:40:48 2006
@@ -51,6 +51,11 @@
      * <p>Default value for the CLASS_RESOURCES_EXCLUDES context initialization
      * parameter if no explicit value is specified.</p>
      *
+     * <p><strong>IMPLEMENTATION NOTE</strong> - The default exclude list
+     * defined here will be prepended to any exclude list provided by the
+     * application, with the result that it is not possible to configure
+     * this processor to deliver resources matching these patterns.</p>
+     *
      * @since 1.0.4
      */
     public static final String CLASS_RESOURCES_EXCLUDES_DEFAULT =
@@ -76,7 +81,7 @@
      * @since 1.0.4
      */
     public static final String CLASS_RESOURCES_INCLUDES_DEFAULT =
-            "*.css,*.gif,*.html,*.jpg,*.js,*.png,*.xml";
+            "*.css,*.gif,*.html,*.jpg,*.js,*.png,*.txt,*.xml";
 
 
     /**
@@ -109,10 +114,15 @@
      * <p>Default value for the DYNAMIC_RESOURCES_EXCLUDES context 
initialization
      * parameter if no explicit value is specified.</p>
      *
+     * <p><strong>IMPLEMENTATION NOTE</strong> - The default exclude list
+     * defined here will be prepended to any exclude list provided by the
+     * application, with the result that it is not possible to configure
+     * this processor to deliver resources matching these patterns.</p>
+     *
      * @since 1.0.4
      */
     public static final String DYNAMIC_RESOURCES_EXCLUDES_DEFAULT =
-            null;
+            
"/application/*,/applicationScope/*,/facesContext/*,/request/*,/requestScope/*,/response/*,/session/*,/sessionScope/*,/view/*";
 
 
     /**
@@ -205,6 +215,11 @@
      * <p>Default value for the OTHER_RESOURCES_EXCLUDES context initialization
      * parameter if no explicit value is specified.</p>
      *
+     * <p><strong>IMPLEMENTATION NOTE</strong> - The default exclude list
+     * defined here will be prepended to any exclude list provided by the
+     * application, with the result that it is not possible to configure
+     * this processor to deliver resources matching these patterns.</p>
+     *
      * @since 1.0.4
      */
     public static final String OTHER_RESOURCES_EXCLUDES_DEFAULT =
@@ -262,6 +277,11 @@
      * <p>Default value for the WEB_RESOURCES_EXCLUDES context initialization
      * parameter if no explicit value is specified.</p>
      *
+     * <p><strong>IMPLEMENTATION NOTE</strong> - The default exclude list
+     * defined here will be prepended to any exclude list provided by the
+     * application, with the result that it is not possible to configure
+     * this processor to deliver resources matching these patterns.</p>
+     *
      * @since 1.0.4
      */
     public static final String WEBAPP_RESOURCES_EXCLUDES_DEFAULT =
@@ -287,7 +307,7 @@
      * @since 1.0.4
      */
     public static final String WEBAPP_RESOURCES_INCLUDES_DEFAULT =
-            "*.css,*.gif,*.html,*.jpg,*.js,*.png,*.xml";
+            "*.css,*.gif,*.html,*.jpg,*.js,*.png,*.txt,*.xml";
 
 
     /**

Modified: 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/AbstractResourceProcessor.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/AbstractResourceProcessor.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/AbstractResourceProcessor.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/AbstractResourceProcessor.java
 Thu Dec 14 00:40:48 2006
@@ -94,6 +94,7 @@
             // versus a resource that does not exist
             sendNotFound(context, resourceId);
             context.responseComplete();
+            return;
         }
 
         // Acquire a URL to the specified resource, if it exists

Modified: 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/ClassResourceProcessor.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/ClassResourceProcessor.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/ClassResourceProcessor.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/ClassResourceProcessor.java
 Thu Dec 14 00:40:48 2006
@@ -22,6 +22,7 @@
 import javax.faces.context.FacesContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.shale.remoting.Constants;
 import org.apache.shale.remoting.Processor;
 
 /**
@@ -54,6 +55,22 @@
 
     // -------------------------------------------------------------- 
Properties
 
+
+    /**
+     * <p>Force our default excludes list to be included.</p>
+     *
+     * @param excludes Application specified excludes list
+     */
+    public void setExcludes(String excludes) {
+
+        if ((excludes != null) && (excludes.length() > 0)) {
+            super.setExcludes(Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT
+                              + "," + excludes);
+        } else {
+            super.setExcludes(Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT);
+        }
+
+    }
 
 
     // -------------------------------------------------------- Abstract 
Methods

Modified: 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/FilteringProcessor.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/FilteringProcessor.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/FilteringProcessor.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/FilteringProcessor.java
 Thu Dec 14 00:40:48 2006
@@ -166,11 +166,17 @@
         // Compare each pattern in turn for a match
         for (int i = 0; i < patterns.length; i++) {
             if (patterns[i].startsWith("*")) {
-                return expr.endsWith(patterns[i].substring(1));
+                if (expr.endsWith(patterns[i].substring(1))) {
+                    return true;
+                }
             } else if (patterns[i].endsWith("*")) {
-                return 
expr.startsWith(patterns[i].substring(0,patterns[i].length() - 1));
+                if (expr.startsWith(patterns[i].substring(0, 
patterns[i].length() - 1))) {
+                    return true;
+                }
             } else {
-                return patterns[i].equals(expr);
+                if (patterns[i].equals(expr)) {
+                    return true;
+                }
             }
         }
 

Modified: 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/MethodBindingProcessor.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/MethodBindingProcessor.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/MethodBindingProcessor.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/MethodBindingProcessor.java
 Thu Dec 14 00:40:48 2006
@@ -24,6 +24,7 @@
 import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.shale.remoting.Constants;
 import org.apache.shale.remoting.impl.FilteringProcessor;
 import org.apache.shale.remoting.Processor;
 
@@ -50,6 +51,26 @@
     private transient Log log = null;
 
 
+    // -------------------------------------------------------------- 
Properties
+
+
+    /**
+     * <p>Force our default excludes list to be included.</p>
+     *
+     * @param excludes Application specified excludes list
+     */
+    public void setExcludes(String excludes) {
+
+        if ((excludes != null) && (excludes.length() > 0)) {
+            super.setExcludes(Constants.DYNAMIC_RESOURCES_EXCLUDES_DEFAULT
+                              + "," + excludes);
+        } else {
+            super.setExcludes(Constants.DYNAMIC_RESOURCES_EXCLUDES_DEFAULT);
+        }
+
+    }
+
+
     // ------------------------------------------------------- Processor 
Methods
 
 
@@ -82,6 +103,7 @@
             // versus a resource that does not exist
             sendNotFound(context, resourceId);
             context.responseComplete();
+            return;
         }
 
         // Create and execute a method binding based on this resource 
identifier

Modified: 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/WebResourceProcessor.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/WebResourceProcessor.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/WebResourceProcessor.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/impl/WebResourceProcessor.java
 Thu Dec 14 00:40:48 2006
@@ -23,6 +23,7 @@
 import javax.faces.context.FacesContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.shale.remoting.Constants;
 import org.apache.shale.remoting.Processor;
 
 /**
@@ -54,6 +55,22 @@
 
     // -------------------------------------------------------------- 
Properties
 
+
+    /**
+     * <p>Force our default excludes list to be included.</p>
+     *
+     * @param excludes Application specified excludes list
+     */
+    public void setExcludes(String excludes) {
+
+        if ((excludes != null) && (excludes.length() > 0)) {
+            super.setExcludes(Constants.WEBAPP_RESOURCES_EXCLUDES_DEFAULT
+                              + "," + excludes);
+        } else {
+            super.setExcludes(Constants.WEBAPP_RESOURCES_EXCLUDES_DEFAULT);
+        }
+
+    }
 
 
     // -------------------------------------------------------- Abstract 
Methods

Modified: 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/package.html
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/package.html?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/package.html
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/main/java/org/apache/shale/remoting/package.html
 Thu Dec 14 00:40:48 2006
@@ -234,6 +234,7 @@
     org.apache.shale.remoting.DYNAMIC_RESOURCES_EXCLUDES
   &lt;/param-name&gt;
   &lt;param-value&gt;
+    
/application/*,/applicationScope/*,/facesContext/*,/request/*,/requestScope/*,/session/*,/sessionScope/*,/view/*
   &lt;/param-value&gt;
 &lt;/context-param&gt;
 

Modified: shale/framework/trunk/shale-remoting/src/site/xdoc/index.xml
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/site/xdoc/index.xml?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- shale/framework/trunk/shale-remoting/src/site/xdoc/index.xml (original)
+++ shale/framework/trunk/shale-remoting/src/site/xdoc/index.xml Thu Dec 14 
00:40:48 2006
@@ -55,7 +55,10 @@
           <p>Complete information on the functionality provided by Shale 
Remoting
           may be found in the
           <a href="apidocs/org/apache/shale/remoting/package-summary.html">
-          Javadoc package summary</a> for this module.</p>
+          Javadoc package summary</a> for this module.  In particular, you will
+          want to review the mechanisms for conditionally enabling access to
+          resource identifiers for each processor, and what the default
+          persmissions are.</p>
 
       </subsection>
 

Modified: 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/faces/MappingsHelperTestCase.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/faces/MappingsHelperTestCase.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/faces/MappingsHelperTestCase.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/faces/MappingsHelperTestCase.java
 Thu Dec 14 00:40:48 2006
@@ -175,7 +175,8 @@
         processor = mapping.getProcessor();
         assertNotNull(processor);
         assertTrue(processor instanceof ClassResourceProcessor);
-        assertEquals(Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT,
+        assertEquals(Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT + ","
+                     + Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT,
                      ((FilteringProcessor) processor).getExcludes());
         assertEquals(Constants.CLASS_RESOURCES_INCLUDES_DEFAULT,
                      ((FilteringProcessor) processor).getIncludes());
@@ -190,7 +191,8 @@
         processor = mapping.getProcessor();
         assertNotNull(processor);
         assertTrue(processor instanceof MethodBindingProcessor);
-        assertEquals(Constants.DYNAMIC_RESOURCES_EXCLUDES_DEFAULT,
+        assertEquals(Constants.DYNAMIC_RESOURCES_EXCLUDES_DEFAULT + ","
+                     + Constants.DYNAMIC_RESOURCES_EXCLUDES_DEFAULT,
                      ((FilteringProcessor) processor).getExcludes());
         assertEquals(Constants.DYNAMIC_RESOURCES_INCLUDES_DEFAULT,
                      ((FilteringProcessor) processor).getIncludes());
@@ -205,7 +207,8 @@
         processor = mapping.getProcessor();
         assertNotNull(processor);
         assertTrue(processor instanceof WebResourceProcessor);
-        assertEquals(Constants.WEBAPP_RESOURCES_EXCLUDES_DEFAULT,
+        assertEquals(Constants.WEBAPP_RESOURCES_EXCLUDES_DEFAULT + ","
+                     + Constants.WEBAPP_RESOURCES_EXCLUDES_DEFAULT,
                      ((FilteringProcessor) processor).getExcludes());
         assertEquals(Constants.WEBAPP_RESOURCES_INCLUDES_DEFAULT,
                      ((FilteringProcessor) processor).getIncludes());

Modified: 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/ClassResourceProcessorTestCase.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/ClassResourceProcessorTestCase.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/ClassResourceProcessorTestCase.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/ClassResourceProcessorTestCase.java
 Thu Dec 14 00:40:48 2006
@@ -45,13 +45,13 @@
 
 
     private static final String INVALID_RESOURCE_ID =
-            "/org/apache/shale/remoting/impl/MissingData.text";
+            "/org/apache/shale/remoting/impl/MissingData.txt";
 
     private static final String SENSITIVE_RESOURCE_ID =
             "/org/apache/shale/remoting/Bundle.properties";
 
     private static final String VALID_RESOURCE_ID =
-            "/org/apache/shale/remoting/impl/TestData.text";
+            "/org/apache/shale/remoting/impl/TestData.txt";
 
     private static final String VALID_RESOURCE_CONTENT =
             "This is a test.  It is only a test."; // Not including line 
delimiters!
@@ -65,7 +65,7 @@
         threadClassLoader = Thread.currentThread().getContextClassLoader();
         
Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
         super.setUp();
-        servletContext.addMimeType("text", "text/x-plain");
+        servletContext.addMimeType("txt", "text/x-plain");
         processor = new ClassResourceProcessor();
         processor.setExcludes(Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT);
         processor.setIncludes(Constants.CLASS_RESOURCES_INCLUDES_DEFAULT);
@@ -127,19 +127,31 @@
     // Test attempt to execute an expression for an excluded pattern
     public void testPatternExcluded() throws Exception {
 
-        processor.setExcludes("*.text");
+        processor.setExcludes("*.txt");
         processor.process(facesContext, VALID_RESOURCE_ID);
         assertEquals(404, response.getStatus());
 
     }
 
     // Test attempt to execute an expression for an included pattern
-    public void testPatternIncluded() throws Exception {
+    // that is not sensitive (i.e. included on the default exclude list)
+    public void testPatternIncludedInensitive() throws Exception {
+
+        processor.setExcludes(null);
+        processor.setIncludes("*.txt");
+        processor.process(facesContext, VALID_RESOURCE_ID);
+        assertEquals(200, response.getStatus());
+
+    }
+
+    // Test attempt to execute an expression for an included pattern
+    // that is sensitive (i.e. included on the default exclude list)
+    public void testPatternIncludedSensitive() throws Exception {
 
         processor.setExcludes(null);
         processor.setIncludes("*.properties");
         processor.process(facesContext, SENSITIVE_RESOURCE_ID);
-        assertEquals(200, response.getStatus());
+        assertEquals(404, response.getStatus());
 
     }
 
@@ -147,7 +159,7 @@
     public void testPatternMixed() throws Exception {
 
         processor.setExcludes("*.properties");
-        processor.setIncludes("*.text");
+        processor.setIncludes("*.txt");
         processor.process(facesContext, VALID_RESOURCE_ID);
         assertEquals(200, response.getStatus());
 
@@ -158,7 +170,9 @@
     // blocked by the default configuration
     public void testPatternSensitive() throws Exception {
 
-        assertEquals(Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT, 
processor.getExcludes());
+        assertEquals(Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT + ","
+                     + Constants.CLASS_RESOURCES_EXCLUDES_DEFAULT,
+                     processor.getExcludes());
         assertEquals(Constants.CLASS_RESOURCES_INCLUDES_DEFAULT, 
processor.getIncludes());
         processor.process(facesContext, SENSITIVE_RESOURCE_ID);
         assertEquals(404, response.getStatus());

Modified: 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/MethodBindingProcessorTestCase.java
URL: 
http://svn.apache.org/viewvc/shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/MethodBindingProcessorTestCase.java?view=diff&rev=487133&r1=487132&r2=487133
==============================================================================
--- 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/MethodBindingProcessorTestCase.java
 (original)
+++ 
shale/framework/trunk/shale-remoting/src/test/java/org/apache/shale/remoting/impl/MethodBindingProcessorTestCase.java
 Thu Dec 14 00:40:48 2006
@@ -74,6 +74,23 @@
     }
 
 
+    // -------------------------------------------------------- Static 
Variables
+
+
+    // Resource identifiers that should be rejected by the default
+    // include/exclude rules
+    private static final String[] DEFAULT_EXCLUDES =
+    { "/applicationScope/clear",
+      "/requestScope/clear",
+      "/response/flushBuffer",
+      "/response/getOutputStream",
+      "/response/getWriter",
+      "/response/reset",
+      "/response/resetBuffer",
+      "/sessionScope/clear",
+    };
+
+
     // ------------------------------------------------------ Instance 
Variables
 
 
@@ -82,6 +99,23 @@
 
 
     // ------------------------------------------------------------ Test 
Methods
+
+
+    // Test attempt to execute a resource id on the implicitly rejected list
+    public void testImplicitExclude() throws Exception {
+
+        for (int i = 0; i < DEFAULT_EXCLUDES.length; i++) {
+            try {
+                processor.process(facesContext, DEFAULT_EXCLUDES[i]);
+                assertEquals("Should return 404 for '" + DEFAULT_EXCLUDES[i] + 
"'",
+                             404, response.getStatus());
+            } catch (Exception e) {
+                fail("Should have returned 404 for '" + DEFAULT_EXCLUDES[i] +
+                     "' instead of exception " + e.getMessage());
+            }
+        }
+
+    }
 
 
     // Test attempt to execute an expression with an invalid bean name

svn commit: r487133 - in /shale/framework/trunk/shale-remoting/src: main/java/org/apache/shale/remoting/ main/java/org/apache/shale/remoting/impl/ site/xdoc/ test/java/org/apache/shale/remoting/faces/ test/java/org/apache/shale/remoting/impl/ test/reso...

Reply via email to