[jira] [Commented] (WICKET-5678) SecurePackageResourceGuard blocking static page

Sun, 14 Sep 2014 06:49:20 -0700 

    [ 
https://issues.apache.org/jira/browse/WICKET-5678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14133222#comment-14133222
 ] 

Mennat Mokhtar commented on WICKET-5678:
----------------------------------------

Regarding the above problems, we were able to fix the problem by adding the 
following lines of code.
                       
                        if( tomcatVersion <= 7 ){
                                securePackageResourceGuard.addPattern( 
"+/com/seanergie/wicket/markup/html/form/ckeditor+*" );
                        }else{ // 
https://issues.apache.org/jira/browse/WICKET-5678
                                securePackageResourceGuard.addPattern( 
"+com/seanergie/wicket/markup/html/form/ckeditor/+*" );
                        }

the problem was the receiding slash not the starting one.  
In the 
           CachingResourceStreamLocator 
in the 
           public IResourceStream locate 
in line 166 
          IResourceStream stream = locate(clazz, newPath);
The outcome of the above line results in different path structure in tomcat 7 
and tomcat 8

Thanks

> SecurePackageResourceGuard blocking static page 
> ------------------------------------------------
>
>                 Key: WICKET-5678
>                 URL: https://issues.apache.org/jira/browse/WICKET-5678
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 6.16.0
>         Environment: Fedora20 Tomcat 8
>            Reporter: Mennat Mokhtar
>            Assignee: Martin Grigorov
>              Labels: easyfix
>         Attachments: myproject.tar.gz
>
>
> IPackageResourceGuard packageResourceGuard = 
> application.getResourceSettings().getPackageResourceGuard();
>               if( packageResourceGuard instanceof SecurePackageResourceGuard 
> ){
>                       SecurePackageResourceGuard securePackageResourceGuard = 
> (SecurePackageResourceGuard) packageResourceGuard;
>                       securePackageResourceGuard.addPattern( 
> "+com/seanergie/wicket/markup/html/form/ckeditor/" );
>                       boolean accept = securePackageResourceGuard.accept( 
> null, "com/seanergie/wicket/markup/html/form/ckeditor/" );
>               }
> /********************************************************************************************/
> The above code results in accept being false.
> After tracing the problem seems to be in the loop matching the pattern line 
> 190 in SecurePackageResourceGuard.
> The same code is returning true when running under tomcat 7 and returning 
> false when running under tomcat 8.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to