Modified: wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_1.gdoc URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_1.gdoc?rev=1550971&r1=1550970&r2=1550971&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_1.gdoc (original) +++ wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_1.gdoc Sat Dec 14 21:13:09 2013 @@ -4,13 +4,13 @@ The first step in implementing a securit !wikipedia-login-form.png! -Wicket supports form-based authentication with session class AuthenticatedWebSession and application class AuthenticatedWebApplication, both placed inside package @org.apache.wicket.authroles.authentication@. +Wicket supports form-based authentication with session class @AuthenticatedWebSession@ and application class @AuthenticatedWebApplication@, both placed inside package @org.apache.wicket.authroles.authentication@. h3. AuthenticatedWebSession Class AuthenticatedWebSession comes with the following set of public methods to manage user authentication: -* *authenticate(String username, String password)*: this is an abstract method that must be implemented by every subclass of AuthenticatedWebSession. It should contain the actual code that checks for user's identity. It returns a boolean value which is true if authentication has succeeded or false otherwise. +* *authenticate(String username, String password)*: this is an abstract method that must be implemented by every subclass of @AuthenticatedWebSession@. It should contain the actual code that checks for user's identity. It returns a boolean value which is true if authentication has succeeded or false otherwise. * *signIn(String username, String password)*: this method internally calls authenticate and set the flag signedIn to true if authentication succeeds. * *isSignedIn()*:getter method for flag signedIn. * *signOut()*: sets the flag signedIn to false. @@ -20,23 +20,23 @@ Class AuthenticatedWebSession comes with Remember that signOut does not discard any session-relative data. If we want to get rid of these data, we must invoke method invalidate instead of signOut. {warning} -Another abstract method we must implement when we use AuthenticatedWebSession is getRoles which is inherited from parent class AbstractAuthenticatedWebSession. This method can be ignored for now as it will be discussed later when we will talk about role-based authorization. +Another abstract method we must implement when we use @AuthenticatedWebSession@ is getRoles which is inherited from parent class @AbstractAuthenticatedWebSession@. This method can be ignored for now as it will be discussed later when we will talk about role-based authorization. h3. AuthenticatedWebApplication Class AuthenticatedWebApplication provides the following methods to support form-based authentication: -* *getWebSessionClass()*: abstract method that returns the session class to use for this application. The returned class must be a subclass of AbstractAuthenticatedWeb Session. +* *getWebSessionClass()*: abstract method that returns the session class to use for this application. The returned class must be a subclass of @AbstractAuthenticatedWebSession@. * *getSignInPageClass()*: abstract method that returns the page to use as sign in page when a user must be authenticated. -* *restartResponseAtSignInPage()*: forces the current response to restart at the sign in page. After we have used this method to redirect a user, we can make her/him return to the original page calling Componet's method continueToOriginalDestination(). +* *restartResponseAtSignInPage()*: forces the current response to restart at the sign in page. After we have used this method to redirect a user, we can make her/him return to the original page calling @Componet@'s method @continueToOriginalDestination()@. -The other methods implemented inside AuthenticatedWebApplication will be introduced when we will talk about authorizations. +The other methods implemented inside @AuthenticatedWebApplication@ will be introduced when we will talk about authorizations. h3. A basic example of authentication -Project BasicAuthenticationExample is a basic example of form-based authentication implemented with classes AuthenticatedWebSession and AuthenticatedWebApplication. +Project @BasicAuthenticationExample@ is a basic example of form-based authentication implemented with classes @AuthenticatedWebSession@ and @AuthenticatedWebApplication@. -The homepage of the project contains only a link to page AuthenticatedPage which can be accessed only if user is signed in. The code of AuthenticatedPage is this following: +The homepage of the project contains only a link to page @AuthenticatedPage@ which can be accessed only if user is signed in. The code of @AuthenticatedPage@ is this following: {code} public class AuthenticatedPage extends WebPage { @@ -71,9 +71,9 @@ public class AuthenticatedPage extends W } {code} -Page AuthenticatedPage checks inside onConfigure if user is signed in and if not, it redirects her/him to the sign in page with method restartResponseAtSignInPage. The page contains also a link to the homepage and another link that signs out user. +Page @AuthenticatedPage@ checks inside onConfigure if user is signed in and if not, it redirects her/him to the sign in page with method @restartResponseAtSignInPage@. The page contains also a link to the homepage and another link that signs out user. -The sign in page is implemented in class SignInPage and contains the form used to authenticate users: +The sign in page is implemented in class @SignInPage@ and contains the form used to authenticate users: {code} public class SignInPage extends WebPage { @@ -107,7 +107,7 @@ public class SignInPage extends WebPage } {code} -The form is responsible for handling user authentication inside its method onSubmit. The username and password are passed to AuthenticatedWebSession's method signIn(username, password) and if authentication succeeds, the user is redirected to the original page with method continueToOriginalDestination. +The form is responsible for handling user authentication inside its method onSubmit. The username and password are passed to @AuthenticatedWebSession@'s method @signIn(username, password)@ and if authentication succeeds, the user is redirected to the original page with method @continueToOriginalDestination@. The session class and the application class used in the project are reported here: @@ -154,16 +154,16 @@ public class WicketApplication extends A } {code} -The authentication logic inside authenticate has been kept quite trivial in order to make the code as clean as possible. Please note also that session class must have a constructor that accepts an instance of class Request. +The authentication logic inside authenticate has been kept quite trivial in order to make the code as clean as possible. Please note also that session class must have a constructor that accepts an instance of class @Request@. h3. Redirecting user to an intermediate page -Method restartResponseAtSignInPage is an example of redirecting user to an intermediate page before allowing him to access to the requested page. This method internally throws exception @org.apache.wicket.RestartResponseAtInterceptPageException@ which saves the URL of the requested page into session metadata and then redirects user to the page passed as constructor parameter (the sign in page). +Method @restartResponseAtSignInPage@ is an example of redirecting user to an intermediate page before allowing him to access to the requested page. This method internally throws exception @org.apache.wicket.RestartResponseAtInterceptPageException@ which saves the URL of the requested page into session metadata and then redirects user to the page passed as constructor parameter (the sign in page). -Component's method redirectToInterceptPage(Page) works in much the same way as restartResponseAtSignInPage but it allows us to specify which page to use as intermediate page: +Component's method @redirectToInterceptPage(Page)@ works in much the same way as @restartResponseAtSignInPage@ but it allows us to specify which page to use as intermediate page: @redirectToInterceptPage(intermediatePage);@ {note} -Since both restartResponseAtSignInPage and redirectToIntercept Page internally throw an exception, the code placed after them will not be executed. +Since both @restartResponseAtSignInPage@ and @redirectToInterceptPage@ internally throw an exception, the code placed after them will not be executed. {note}
Modified: wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_2.gdoc URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_2.gdoc?rev=1550971&r1=1550970&r2=1550971&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_2.gdoc (original) +++ wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_2.gdoc Sat Dec 14 21:13:09 2013 @@ -1,6 +1,6 @@ -The authorization support provided by Wicket is built around the concept of authorization strategy which is represented by interface IAuthorizationStrategy (in package org.apache.wicket .authorization): +The authorization support provided by Wicket is built around the concept of authorization strategy which is represented by interface @IAuthorizationStrategy@ (in package @org.apache.wicket.authorization@): {code} public interface IAuthorizationStrategy @@ -31,9 +31,9 @@ This interface defines two methods: * isInstantiationAuthorized checks if user is allowed to instantiate a given component. * isActionAuthorized checks if user is authorized to perform a given action on a component's instance. The standard actions checked by this method are defined into class Action and are Action.ENABLE and Action.RENDER. -Inside IAuthorizationStrategy we can also find a default implementation of the interface (called ALLOW_ALL) that allows everyone to instantiate every component and perform every possible action on it. This is the default strategy adopted by class Application. +Inside @IAuthorizationStrategy@ we can also find a default implementation of the interface (called ALLOW_ALL) that allows everyone to instantiate every component and perform every possible action on it. This is the default strategy adopted by class @Application@. -To change the authorization strategy in use we must register the desired implementation into security settings (interface ISecuritySettings) during initialization phase with method setAuthorization Strategy: +To change the authorization strategy in use we must register the desired implementation into security settings (interface @ISecuritySettings@) during initialization phase with method setAuthorization Strategy: {code} //Application class code... @@ -47,13 +47,13 @@ To change the authorization strategy in //... {code} -If we want to combine the action of two or more authorization strategies we can chain them with strategy CompoundAuthorizationStrategy which implements composite patter for authorization strategies. +If we want to combine the action of two or more authorization strategies we can chain them with strategy @CompoundAuthorizationStrategy@ which implements composite patter for authorization strategies. -Most of the times we won't need to implement an IAuthorizationStrategy from scratch as Wicket already comes with a set of built-in strategies. In the next paragraphs we will see some of these strategies that can be used to implement an effective and flexible security policy. +Most of the times we won't need to implement an @IAuthorizationStrategy@ from scratch as Wicket already comes with a set of built-in strategies. In the next paragraphs we will see some of these strategies that can be used to implement an effective and flexible security policy. h3. SimplePageAuthorizationStrategy -Abstract class SimplePageAuthorizationStrategy (in package @org.apache.wicket.authorization.strategies.page@) is a strategy that checks user authorizations calling abstract method isAuthorized only for those pages that are subclasses of a given supertype. If isAuthorized returns false, the user is redirected to the sign in page specified as second constructor parameter: +Abstract class SimplePageAuthorizationStrategy (in package @org.apache.wicket.authorization.strategies.page@) is a strategy that checks user authorizations calling abstract method @isAuthorized@ only for those pages that are subclasses of a given supertype. If @isAuthorized@ returns false, the user is redirected to the sign in page specified as second constructor parameter: {code} SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy( @@ -66,13 +66,13 @@ SimplePageAuthorizationStrategy authoriz }; {code} -By default SimplePageAuthorizationStrategy checks for permissions only on pages. If we want to change this behavior and check also other kinds of components, we must override method isActionAuthorized and implement our custom logic inside it. +By default @SimplePageAuthorizationStrategy@ checks for permissions only on pages. If we want to change this behavior and check also other kinds of components, we must override method @isActionAuthorized@ and implement our custom logic inside it. h3. Role-based strategies At the end of paragraph 18.1.1 we have introduced AbstractAuthenticatedWebSession's method getRoles which is provided to support role-based authorization returning the set of roles granted to the current user. -In Wicket roles are simple strings like âBASIC_USERâ or âADMINâ (they don't need to be capitalized) and they are handled with class @org.apache.wicket.authroles.authorization.strategies@. role.Roles. This class extends standard HashSet collection adding some functionalities to check whether the set contains one or more roles. Class Roles already defines roles Roles.USER and Roles.ADMIN. +In Wicket roles are simple strings like âBASIC_USERâ or âADMINâ (they don't need to be capitalized) and they are handled with class @org.apache.wicket.authroles.authorization.strategies.role.Roles@. This class extends standard HashSet collection adding some functionalities to check whether the set contains one or more roles. Class @Roles@ already defines roles Roles.USER and Roles.ADMIN. The session class in the following example returns a custom âSIGNED_INâ role for every authenticated user and it adds an Roles.ADMIN role if username is equal to superuser: @@ -111,21 +111,21 @@ class BasicAuthenticationRolesSession ex } {code} -Roles can be adopted to apply security restrictions on our pages and components. This can be done using one of the two built-in authorization strategies that extend super class AbstractRole AuthorizationStrategyWicket: MetaDataRoleAuthorizationStrategy and Annotations RoleAuthorizationStrategy +Roles can be adopted to apply security restrictions on our pages and components. This can be done using one of the two built-in authorization strategies that extend super class @AbstractRoleAuthorizationStrategyWicket@: @MetaDataRoleAuthorizationStrategy@ and @AnnotationsRoleAuthorizationStrategy@ -The difference between these two strategies is that MetaDataRoleAuthorizationStrategy handles role-based authorizations with Wicket metadata while AnnotationsRoleAuthorization-Strategy uses Java annotations. +The difference between these two strategies is that @MetaDataRoleAuthorizationStrategy@ handles role-based authorizations with Wicket metadata while @AnnotationsRoleAuthorizationStrategy@ uses Java annotations. {note} -Application class AuthenticatedWebApplication already sets MetaData RoleAuthorizationStrategy and AnnotationsRoleAuthorization Strategy as its own authorization strategies (it uses a compound strategy as we will see in paragraph 18.2.4). +Application class @AuthenticatedWebApplication@ already sets @MetaDataRoleAuthorizationStrategy@ and @AnnotationsRoleAuthorizationStrategy@ as its own authorization strategies (it uses a compound strategy as we will see in paragraph 18.2.4). -The code that we will see in the next examples is for illustrative purpose only. If our application class inherits from AuthenticatedWebApplication we won't need to configure anything to use these two strategies. +The code that we will see in the next examples is for illustrative purpose only. If our application class inherits from @AuthenticatedWebApplication@ we won't need to configure anything to use these two strategies. {note} h4. Using roles with metadata -Strategy MetaDataRoleAuthorizationStrategy uses application and components metadata to implement role-based authorizations. The class defines a set of static methods authorize that can be used to specify which roles are allowed to instantiate a component and which roles can perform a given action on a component. +Strategy @MetaDataRoleAuthorizationStrategy@ uses application and components metadata to implement role-based authorizations. The class defines a set of static methods authorize that can be used to specify which roles are allowed to instantiate a component and which roles can perform a given action on a component. -The following code snippet reports both application and session classes from project MetaDataRolesStrategyExample and illustrates how to use MetaDataRoleAuthorizationStrategy to allow access to a given page (AdminOnlyPage) only to ADMIN role: +The following code snippet reports both application and session classes from project @MetaDataRolesStrategyExample@ and illustrates how to use @MetaDataRoleAuthorizationStrategy@ to allow access to a given page (AdminOnlyPage) only to ADMIN role: *Application class:* @@ -196,17 +196,17 @@ public class BasicAuthenticationSession } {code} -The code that instantiates MetaDataRoleAuthorizationStrategy and set it as application's strategy is inside application class method init. +The code that instantiates @MetaDataRoleAuthorizationStrategy@ and set it as application's strategy is inside application class method init. -Any subclass of AbstractRoleAuthorizationStrategyWicket needs an implementation of interface IRoleCheckingStrategy to be instantiated. For this purpose in the code above we used the application class itself because its base class AuthenticatedWebApplication already implements interface IRoleCheckingStrategy. By default AuthenticatedWebApplication checks for authorizations using the roles returned by the current AbstractAuthenticated WebSession. As final step inside init we grant the access to page AdminOnlyPage to ADMIN role calling method authorize. +Any subclass of @AbstractRoleAuthorizationStrategyWicket@ needs an implementation of interface @IRoleCheckingStrategy@ to be instantiated. For this purpose in the code above we used the application class itself because its base class @AuthenticatedWebApplication@ already implements interface @IRoleCheckingStrategy@. By default @AuthenticatedWebApplication@ checks for authorizations using the roles returned by the current @AbstractAuthenticatedWebSession@. As final step inside init we grant the access to page @AdminOnlyPage@ to ADMIN role calling method authorize. The code from session class has three interesting methods. The first is authenticate which considers as valid credentials every pair of username and password having the same value. The second notable method is getRoles which returns role SIGNED_IN if user is authenticated and it adds role ADMIN if username is equal to superuser. Finally, we have method signOut which has been overridden in order to clean the username field used internally to generate roles. -Now if we run the project and we try to access to AdminOnlyPage from the home page without having the ADMIN role, we will be redirected to the default access-denied page used by Wicket: +Now if we run the project and we try to access to @AdminOnlyPage@ from the home page without having the ADMIN role, we will be redirected to the default access-denied page used by Wicket: !authorization-access-denied.png! -The access-denied page can be customized using method setAccessDeniedPage(Class<? extends Page>) of setting interface IApplicationSettings: +The access-denied page can be customized using method @setAccessDeniedPage(Class<? extends Page>)@ of setting interface @IApplicationSettings@: {code} //Application class code... @@ -221,7 +221,7 @@ Just like custom âPage expiredâ� h4. Using roles with annotations -Strategy AnnotationsRoleAuthorizationStrategy relies on two built-in annotations to handle role-based authorizations. These annotations are AuthorizeInstantiation and Authorize Action. As their names suggest the first annotation specifies which roles are allowed to instantiate the annotated component while the second must be used to indicate which roles are allowed to perform a specific action on the annotated component. +Strategy @AnnotationsRoleAuthorizationStrategy@ relies on two built-in annotations to handle role-based authorizations. These annotations are @AuthorizeInstantiation@ and @AuthorizeAction@. As their names suggest the first annotation specifies which roles are allowed to instantiate the annotated component while the second must be used to indicate which roles are allowed to perform a specific action on the annotated component. In the following example we use annotations to make a page accessible only to signed-in users and to enable it only if user has the ADMIN role: @@ -235,7 +235,7 @@ public class MyPage extends WebPage { Remember that when a component is not enabled, user can render it but he can neither click on its links nor interact with its forms. -Example project AnnotationsRolesStrategyExample is a revisited version of MetaDataRolesStrategy Example where we use AnnotationsRoleAuthorizationStrategy as authorization strategy. To ensure that page AdminOnlyPage is accessible only to ADMIN role we have used the following annotation: +Example project @AnnotationsRolesStrategyExample@ is a revisited version of @MetaDataRolesStrategyExample@ where we use @AnnotationsRoleAuthorizationStrategy@ as authorization strategy. To ensure that page @AdminOnlyPage@ is accessible only to ADMIN role we have used the following annotation: {code} @AuthorizeInstantiation("ADMIN") @@ -246,9 +246,9 @@ public class AdminOnlyPage extends WebPa h3. Catching an unauthorized component instantiation -Interface IUnauthorizedComponentInstantiationListener (in package @org.apache.wicket.authorization@) is provided to give the chance to handle the case in which a user tries to instantiate a component without having the permissions to do it. The method defined inside this interface is onUnauthorizedInstantiation(Component) and it is executed whenever a user attempts to execute an unauthorized instantiation. +Interface IUnauthorizedComponentInstantiationListener (in package @org.apache.wicket.authorization@) is provided to give the chance to handle the case in which a user tries to instantiate a component without having the permissions to do it. The method defined inside this interface is @onUnauthorizedInstantiation(Component)@ and it is executed whenever a user attempts to execute an unauthorized instantiation. -This listener must be registered into application's security settings with method setUnauthorized ComponentInstantiationListener defined by setting interface ISecuritySettings. In the following code snippet we register a listener that redirect user to a warning page if he tries to do a not-allowed instantiation: +This listener must be registered into application's security settings with method setUnauthorized @ComponentInstantiationListener@ defined by setting interface @ISecuritySettings@. In the following code snippet we register a listener that redirect user to a warning page if he tries to do a not-allowed instantiation: {code} public class WicketApplication extends AuthenticatedWebApplication{ @@ -267,12 +267,12 @@ public class WicketApplication extends A } {code} -In addition to interface IRoleCheckingStrategy, class AuthenticatedWebApplication implements also IUnauthorizedComponentInstantiationListener and registers itself as listener for unauthorized instantiations. +In addition to interface @IRoleCheckingStrategy@, class @AuthenticatedWebApplication@ implements also @IUnauthorizedComponentInstantiationListener@ and registers itself as listener for unauthorized instantiations. -By default AuthenticatedWebApplication redirects users to sign-in page if they are not signed-in and they try to instantiate a restricted component. Otherwise, if users are already signed in but they are not allowed to instantiate a given component, an UnauthorizedInstantiationException will be thrown. +By default @AuthenticatedWebApplication@ redirects users to sign-in page if they are not signed-in and they try to instantiate a restricted component. Otherwise, if users are already signed in but they are not allowed to instantiate a given component, an @UnauthorizedInstantiationException@ will be thrown. h3. Strategy RoleAuthorizationStrategy -Class RoleAuthorizationStrategy is a compound strategy that combines both MetaData RoleAuthorizationStrategy and AnnotationsRoleAuthorizationStrategy. +Class @RoleAuthorizationStrategy@ is a compound strategy that combines both @MetaDataRoleAuthorizationStrategy@ and @AnnotationsRoleAuthorizationStrategy@. -This is the strategy used internally by AuthenticatedWebApplication. +This is the strategy used internally by @AuthenticatedWebApplication@. Modified: wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_3.gdoc URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_3.gdoc?rev=1550971&r1=1550970&r2=1550971&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_3.gdoc (original) +++ wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_3.gdoc Sat Dec 14 21:13:09 2013 @@ -2,13 +2,13 @@ HTTPS is the standard technology adopted on Internet to create a secure communication channel between web applications and their users. -In Wicket we can easily protect our pages with HTTPS mounting a special request mapper called HttpsMapper and using annotation RequireHttps with those pages we want to serve over this protocol. Both these two entities are in package @org.apache.wicket.protocol.https@. +In Wicket we can easily protect our pages with HTTPS mounting a special request mapper called @HttpsMapper@ and using annotation RequireHttps with those pages we want to serve over this protocol. Both these two entities are in package @org.apache.wicket.protocol.https@. -HttpsMapper wraps an existing mapper and redirects incoming requests to HTTPS if the related response must render a page containing annotation RequireHttps. Most of the times the wrapped mapper will be the root one, just like we saw before for CryptoManager in paragraph 8.6.6. +HttpsMapper wraps an existing mapper and redirects incoming requests to HTTPS if the related response must render a page containing annotation @RequireHttps@. Most of the times the wrapped mapper will be the root one, just like we saw before for @CryptoManager@ in paragraph 8.6.6. -Another parameter needed to build a HttpsMapper is an instance of class HttpsConfig. This class allows us to specify which ports must be used for HTTPS and HTTP. By default the port numbers used by these two protocols are respectively 443 and 80. +Another parameter needed to build a @HttpsMapper@ is an instance of class @HttpsConfi@g. This class allows us to specify which ports must be used for HTTPS and HTTP. By default the port numbers used by these two protocols are respectively 443 and 80. -The following code is taken from project HttpsProtocolExample and illustrates how to enable HTTPS in our applications: +The following code is taken from project @HttpsProtocolExample@ and illustrates how to enable HTTPS in our applications: {code} //Application class code... @@ -30,7 +30,7 @@ public class HomePage extends WebPage { } {code} -If we want to protect many pages with HTTPS without adding annotation RequireHttps to each of them, we can annotate a marker interface or a base page class and implement/extend it in any page we want to make secure: +If we want to protect many pages with HTTPS without adding annotation @RequireHttps@ to each of them, we can annotate a marker interface or a base page class and implement/extend it in any page we want to make secure: {code} // Marker interface: Modified: wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_4.gdoc URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_4.gdoc?rev=1550971&r1=1550970&r2=1550971&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_4.gdoc (original) +++ wicket/common/site/trunk/_site/guide/guide/src/docs/guide/chapter19/chapter19_4.gdoc Sat Dec 14 21:13:09 2013 @@ -2,7 +2,7 @@ Wicket internally uses an entity called package resource guard to protect package resources from external access. This entity is an implementation of interface @org.apache.wicket.markup.html.IPackageResourceGuard@. -By default Wicket applications use as package resource guard class SecurePackageResource Guard, which allows to access only to the following file extensions (grouped by type): +By default Wicket applications use as package resource guard class @SecurePackageResourceGuard@, which allows to access only to the following file extensions (grouped by type): {table} File | Extensions @@ -15,7 +15,7 @@ File | Extensions *Web font files* |.eot, .ttf, .woff {table} -To modify the set of allowed files formats we can add one or more patterns with method addPattern (String). The rules to write a pattern are the following: +To modify the set of allowed files formats we can add one or more patterns with method @addPattern(String)@. The rules to write a pattern are the following: * patterns start with either a "+" or a "-". In the first case the pattern will add one or more file to the set while starting a pattern with a â-â we exclude all the files matching the given pattern. For example pattern â-web.xmlâ excludes all web.xml files in all directories. * wildcard character â\*â is supported as placeholder for zero or more characters. For example pattern â+\*.mp4â adds all the mp4 files inside all directories. Modified: wicket/common/site/trunk/_site/guide/index.html URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/guide/index.html?rev=1550971&r1=1550970&r2=1550971&view=diff ============================================================================== --- wicket/common/site/trunk/_site/guide/index.html (original) +++ wicket/common/site/trunk/_site/guide/index.html Sat Dec 14 21:13:09 2013 @@ -278,11 +278,11 @@ function addJsClass(el) { <div class="toc-item" style="margin-left:0px"><a href="./guide/chapter12.html"><strong>13</strong><span>Displaying multiple items with repeaters</span></a></div> - <div class="toc-item" style="margin-left:10px"><a href="./guide/chapter12.html#chapter12_1"><strong>13.1</strong><span>Component RepeatingView</span></a></div> + <div class="toc-item" style="margin-left:10px"><a href="./guide/chapter12.html#chapter12_1"><strong>13.1</strong><span>The RepeatingView Component</span></a></div> - <div class="toc-item" style="margin-left:10px"><a href="./guide/chapter12.html#chapter12_2"><strong>13.2</strong><span>Component ListView</span></a></div> + <div class="toc-item" style="margin-left:10px"><a href="./guide/chapter12.html#chapter12_2"><strong>13.2</strong><span>The ListView Component</span></a></div> - <div class="toc-item" style="margin-left:10px"><a href="./guide/chapter12.html#chapter12_3"><strong>13.3</strong><span>Component RefreshingView</span></a></div> + <div class="toc-item" style="margin-left:10px"><a href="./guide/chapter12.html#chapter12_3"><strong>13.3</strong><span>The RefreshingView Component</span></a></div> <div class="toc-item" style="margin-left:10px"><a href="./guide/chapter12.html#chapter12_4"><strong>13.4</strong><span>Pageable repeaters</span></a></div>
