Author: ivaynberg
Date: Thu Nov 6 00:06:58 2008
New Revision: 711789
URL: http://svn.apache.org/viewvc?rev=711789&view=rev
Log:
WICKET-1898
Modified:
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java
Modified:
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java?rev=711789&r1=711788&r2=711789&view=diff
==============================================================================
---
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java
(original)
+++
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/WebRequestCycleProcessor.java
Thu Nov 6 00:06:58 2008
@@ -34,6 +34,7 @@
import org.apache.wicket.request.IRequestCodingStrategy;
import org.apache.wicket.request.RequestParameters;
import org.apache.wicket.request.target.basic.EmptyAjaxRequestTarget;
+import
org.apache.wicket.request.target.component.BookmarkablePageRequestTarget;
import org.apache.wicket.util.string.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -101,8 +102,7 @@
AccessStackPageMap
accessStackPageMap = (AccessStackPageMap)pageMap;
if
(accessStackPageMap.getAccessStack().size() > 0)
{
- final Access access =
(Access)accessStackPageMap.getAccessStack()
- .peek();
+ final Access access =
accessStackPageMap.getAccessStack().peek();
final int pageId =
Integer.parseInt(Strings.firstPathComponent(
requestParameters.getComponentPath(), Component.PATH_SEPARATOR));
@@ -201,12 +201,27 @@
if
(Application.get().getSecuritySettings().getEnforceMounts() &&
requestCodingStrategy.pathForTarget(target) !=
null)
{
- String msg = "Direct access not allowed for
mounted targets";
- // the target was mounted, but we got here via
another path
- // : deny the request
- log.error(msg + " [request=" +
requestCycle.getRequest() + ",target=" + target +
- ",session=" + Session.get() + "]");
- throw new
AbortWithWebErrorCodeException(HttpServletResponse.SC_FORBIDDEN, msg);
+
+ // we make an excepion if the homepage itself
was mounted, see WICKET-1898
+ boolean homepage = false;
+ if (target instanceof
BookmarkablePageRequestTarget)
+ {
+ final BookmarkablePageRequestTarget bt
= (BookmarkablePageRequestTarget)target;
+ if
(bt.getPageClass().equals(Application.get().getHomePage()))
+ {
+ homepage = true;
+ }
+ }
+
+ if (!homepage)
+ {
+ String msg = "Direct access not allowed
for mounted targets";
+ // the target was mounted, but we got
here via another path
+ // : deny the request
+ log.error(msg + " [request=" +
requestCycle.getRequest() + ",target=" + target +
+ ",session=" + Session.get() +
"]");
+ throw new
AbortWithWebErrorCodeException(HttpServletResponse.SC_FORBIDDEN, msg);
+ }
}
}
@@ -225,6 +240,7 @@
/**
* @see
org.apache.wicket.request.AbstractRequestCycleProcessor#newRequestCodingStrategy()
*/
+ @Override
protected IRequestCodingStrategy newRequestCodingStrategy()
{
return new WebRequestCodingStrategy();
