Author: ivaynberg
Date: Thu Nov  6 00:06:58 2008
New Revision: 711789

URL: http://svn.apache.org/viewvc?rev=711789&view=rev
Log:
WICKET-1898

Modified:
    
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java

Modified: 
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java
URL: 
http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java?rev=711789&r1=711788&r2=711789&view=diff
==============================================================================
--- 
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java
 (original)
+++ 
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java
 Thu Nov  6 00:06:58 2008
@@ -34,6 +34,7 @@
 import org.apache.wicket.request.IRequestCodingStrategy;
 import org.apache.wicket.request.RequestParameters;
 import org.apache.wicket.request.target.basic.EmptyAjaxRequestTarget;
+import 
org.apache.wicket.request.target.component.BookmarkablePageRequestTarget;
 import org.apache.wicket.util.string.Strings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -101,8 +102,7 @@
                                                AccessStackPageMap 
accessStackPageMap = (AccessStackPageMap)pageMap;
                                                if 
(accessStackPageMap.getAccessStack().size() > 0)
                                                {
-                                                       final Access access = 
(Access)accessStackPageMap.getAccessStack()
-                                                               .peek();
+                                                       final Access access = 
accessStackPageMap.getAccessStack().peek();
 
                                                        final int pageId = 
Integer.parseInt(Strings.firstPathComponent(
                                                                
requestParameters.getComponentPath(), Component.PATH_SEPARATOR));
@@ -201,12 +201,27 @@
                        if 
(Application.get().getSecuritySettings().getEnforceMounts() &&
                                requestCodingStrategy.pathForTarget(target) != 
null)
                        {
-                               String msg = "Direct access not allowed for 
mounted targets";
-                               // the target was mounted, but we got here via 
another path
-                               // : deny the request
-                               log.error(msg + " [request=" + 
requestCycle.getRequest() + ",target=" + target +
-                                       ",session=" + Session.get() + "]");
-                               throw new 
AbortWithWebErrorCodeException(HttpServletResponse.SC_FORBIDDEN, msg);
+
+                               // we make an excepion if the homepage itself 
was mounted, see WICKET-1898
+                               boolean homepage = false;
+                               if (target instanceof 
BookmarkablePageRequestTarget)
+                               {
+                                       final BookmarkablePageRequestTarget bt 
= (BookmarkablePageRequestTarget)target;
+                                       if 
(bt.getPageClass().equals(Application.get().getHomePage()))
+                                       {
+                                               homepage = true;
+                                       }
+                               }
+
+                               if (!homepage)
+                               {
+                                       String msg = "Direct access not allowed 
for mounted targets";
+                                       // the target was mounted, but we got 
here via another path
+                                       // : deny the request
+                                       log.error(msg + " [request=" + 
requestCycle.getRequest() + ",target=" + target +
+                                               ",session=" + Session.get() + 
"]");
+                                       throw new 
AbortWithWebErrorCodeException(HttpServletResponse.SC_FORBIDDEN, msg);
+                               }
                        }
                }
 
@@ -225,6 +240,7 @@
        /**
         * @see 
org.apache.wicket.request.AbstractRequestCycleProcessor#newRequestCodingStrategy()
         */
+       @Override
        protected IRequestCodingStrategy newRequestCodingStrategy()
        {
                return new WebRequestCodingStrategy();


Reply via email to