wicket git commit: WICKET-6161 SecuritySettings.setEnforceMounts() should be applicable for all kind of pages

Fri, 26 Aug 2016 08:42:48 -0700 

Repository: wicket
Updated Branches:
  refs/heads/master 8855ecf21 -> 4216e09a4


WICKET-6161 SecuritySettings.setEnforceMounts() should be applicable for all 
kind of pages

Revert 74e7767635b5f1f20c61c07be34c4141e1da2571 from WICKET-5094 and update 
javadocs


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/4216e09a
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/4216e09a
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/4216e09a

Branch: refs/heads/master
Commit: 4216e09a4cf23179cf9de3a23b1ad989caf7da91
Parents: 8855ecf
Author: Martin Tzvetanov Grigorov <[email protected]>
Authored: Fri Aug 26 17:42:07 2016 +0200
Committer: Martin Tzvetanov Grigorov <[email protected]>
Committed: Fri Aug 26 17:42:07 2016 +0200

----------------------------------------------------------------------
 .../core/request/mapper/BookmarkableMapper.java | 26 ++++++--------------
 .../wicket/settings/SecuritySettings.java       | 15 ++++++-----
 .../wicket/settings/ISecuritySettingsTest.java  |  7 ------
 3 files changed, 17 insertions(+), 31 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/4216e09a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
----------------------------------------------------------------------
diff --git 
a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
 
b/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
index 8862c35..71e8b05 100644
--- 
a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
+++ 
b/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/BookmarkableMapper.java
@@ -86,6 +86,14 @@ public class BookmarkableMapper extends 
AbstractBookmarkableMapper
        @Override
        protected UrlInfo parseRequest(Request request)
        {
+               if (Application.exists())
+               {
+                       if 
(Application.get().getSecuritySettings().getEnforceMounts())
+                       {
+                               return null;
+                       }
+               }
+
                if (matches(request))
                {
                        Url url = request.getUrl();
@@ -115,24 +123,6 @@ public class BookmarkableMapper extends 
AbstractBookmarkableMapper
 
                        if (pageClass != null && 
IRequestablePage.class.isAssignableFrom(pageClass))
                        {
-                               if (Application.exists())
-                               {
-                                       Application application = 
Application.get();
-
-                                       if 
(application.getSecuritySettings().getEnforceMounts())
-                                       {
-                                               // we make an exception if the 
homepage itself was mounted, see WICKET-1898
-                                               if 
(!pageClass.equals(application.getHomePage()))
-                                               {
-                                                       // WICKET-5094 only 
enforce mount if page is mounted
-                                                       if 
(isPageMounted(pageClass, application.getRootRequestMapperAsCompound()))
-                                                       {
-                                                               return null;
-                                                       }
-                                               }
-                                       }
-                               }
-
                                // extract the PageParameters from URL if there 
are any
                                PageParameters pageParameters = 
extractPageParameters(request, 3,
                                        pageParametersEncoder);

http://git-wip-us.apache.org/repos/asf/wicket/blob/4216e09a/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java
----------------------------------------------------------------------
diff --git 
a/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java 
b/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java
index 92c3822..94eadea 100644
--- a/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java
+++ b/wicket-core/src/main/java/org/apache/wicket/settings/SecuritySettings.java
@@ -16,6 +16,7 @@
  */
 package org.apache.wicket.settings;
 
+import org.apache.wicket.Application;
 import org.apache.wicket.Component;
 import org.apache.wicket.authentication.IAuthenticationStrategy;
 import org.apache.wicket.authentication.strategy.DefaultAuthenticationStrategy;
@@ -56,9 +57,10 @@ public class SecuritySettings
        private ICryptFactory cryptFactory;
 
        /**
-        * Whether mounts should be enforced. If true, requests for mounted 
targets have to done through
-        * the mounted paths. If, for instance, a bookmarkable page is mounted 
to a path, a request to
-        * that same page via the bookmarkablePage parameter will be denied.
+        * Whether mounts should be enforced. If {@code true}, requests for a 
page will be
+        * allowed only if the page has been explicitly mounted in {@link 
Application#init() MyApplication#init()}.
+        *
+        * This setting basically disables {@link 
org.apache.wicket.core.request.mapper.BookmarkableMapper}
         */
        private boolean enforceMounts = false;
 
@@ -113,9 +115,10 @@ public class SecuritySettings
        }
 
        /**
-        * Gets whether mounts should be enforced. If true, requests for 
mounted targets have to done
-        * through the mounted paths. If, for instance, a bookmarkable page is 
mounted to a path, a
-        * request to that same page via the bookmarkablePage parameter will be 
denied.
+        * Gets whether page mounts should be enforced. If {@code true}, 
requests for a page will be
+        * allowed only if the page has been explicitly mounted in {@link 
Application#init() MyApplication#init()}.
+        *
+        * This setting basically disables {@link 
org.apache.wicket.core.request.mapper.BookmarkableMapper}
         *
         * @return Whether mounts should be enforced
         */

http://git-wip-us.apache.org/repos/asf/wicket/blob/4216e09a/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
----------------------------------------------------------------------
diff --git 
a/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
 
b/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
index 46d49ba..d0b64c2 100644
--- 
a/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
+++ 
b/wicket-core/src/test/java/org/apache/wicket/settings/ISecuritySettingsTest.java
@@ -68,13 +68,6 @@ public class ISecuritySettingsTest extends WicketTestCase
                tester.startPage(pageWithLink);
                tester.assertRenderedPage(MockPageWithLink.class);
                tester.clickLink(MockPageWithLink.LINK_ID);
-               tester.assertRenderedPage(UnknownPage.class);
-
-               tester.getApplication().mountPackage("unknown", 
UnknownPage.class);
-
-               tester.startPage(pageWithLink);
-               tester.assertRenderedPage(MockPageWithLink.class);
-               tester.clickLink(MockPageWithLink.LINK_ID);
                Assert.assertNull(tester.getLastRenderedPage());
 
                /*

Reply via email to