Repository: tapestry-5 Updated Branches: refs/heads/master d2d924735 -> 9d68c7468
TAP5-2601: Add configurable service to block access to classpath assets Project: http://git-wip-us.apache.org/repos/asf/tapestry-5/repo Commit: http://git-wip-us.apache.org/repos/asf/tapestry-5/commit/9d68c746 Tree: http://git-wip-us.apache.org/repos/asf/tapestry-5/tree/9d68c746 Diff: http://git-wip-us.apache.org/repos/asf/tapestry-5/diff/9d68c746 Branch: refs/heads/master Commit: 9d68c746818593da039dd6bdd7a1fb0d2904f888 Parents: d2d9247 Author: Thiago H. de Paula Figueiredo <[email protected]> Authored: Fri Nov 23 16:44:15 2018 -0200 Committer: Thiago H. de Paula Figueiredo <[email protected]> Committed: Fri Nov 23 16:45:32 2018 -0200 ---------------------------------------------------------------------- .../assets/ClasspathAssetRequestHandler.java | 26 +++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/9d68c746/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java ---------------------------------------------------------------------- diff --git a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java index b2bdeff..ea92e26 100644 --- a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java +++ b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ClasspathAssetRequestHandler.java @@ -18,6 +18,7 @@ import org.apache.tapestry5.internal.services.ResourceStreamer; import org.apache.tapestry5.ioc.Resource; import org.apache.tapestry5.services.AssetSource; import org.apache.tapestry5.services.ClasspathAssetAliasManager; +import org.apache.tapestry5.services.ClasspathAssetProtectionRule; import org.apache.tapestry5.services.Request; import org.apache.tapestry5.services.Response; import org.apache.tapestry5.services.assets.AssetRequestHandler; @@ -35,23 +36,36 @@ public class ClasspathAssetRequestHandler implements AssetRequestHandler private final ResourceStreamer streamer; private final AssetSource assetSource; - + private final String baseFolder; + + private final ClasspathAssetProtectionRule classpathAssetProtectionRule; public ClasspathAssetRequestHandler(ResourceStreamer streamer, - AssetSource assetSource, String baseFolder) + AssetSource assetSource, String baseFolder, + ClasspathAssetProtectionRule classpathAssetProtectionRule) { this.streamer = streamer; this.assetSource = assetSource; this.baseFolder = baseFolder; + this.classpathAssetProtectionRule = classpathAssetProtectionRule; } public boolean handleAssetRequest(Request request, Response response, String extraPath) throws IOException { ChecksumPath path = new ChecksumPath(streamer, baseFolder, extraPath); - - Resource resource = assetSource.resourceForPath(path.resourcePath); - - return path.stream(resource); + + final boolean handled; + if (classpathAssetProtectionRule.block(path.resourcePath)) + { + handled = false; + } + else + { + Resource resource = assetSource.resourceForPath(path.resourcePath); + + handled = path.stream(resource); + } + return handled; } }
