Please don't drop setMountEnforce() We are also using it to prevent users from beeing able to instantiate arbitrary Bookmarkables pages by their full qualified name (and by what for example circumvent our spring security that is working on url level).
Why is droped? Regards Kai --- Original Nachricht --- Absender: Martin Grigorov Datum: 28.06.2011 21:42 > This is not the same. > > IPackageResourceGuard is to protect PackageResource. > > setMountEnforce() is to "hide" accessing pages by their full name thru > bookmarkable constructor (default or PageParameters). > > On Tue, Jun 28, 2011 at 10:24 PM, Peter Ertl <[email protected]> wrote: >> #setEnforceMounts() should not be necessary in you case. >> >> To protect the content of packages we have >> >> >> http://wicket.apache.org/apidocs/1.4/org/apache/wicket/markup/html/IPackageResourceGuard.html >> >> the default wicket 1.5 uses >> >> http://wicket.apache.org/apidocs/1.4/org/apache/wicket/markup/html/PackageResourceGuard.html >> >> You can easily customize / configure your own if the default does not work >> out and set it with: >> >> ResourceSettings#setPackageResourceGuard( guard ) >> >> Am 28.06.2011 um 20:54 schrieb Clint Checketts: >> >>> We want to guarantee that java packages are never exposed to the user, in >>> case a developer forgot to mount a page. >>> >>> -Clint >>> >>> On Tue, Jun 28, 2011 at 12:33 PM, Igor Vaynberg >>> <[email protected]>wrote: >>> >>>> why do you use it? >>>> >>>> -igor >>>> >>>> On Tue, Jun 28, 2011 at 5:10 AM, Clint Checketts <[email protected]> >>>> wrote: >>>>> We use setEnforceMounts(). Would that be broken too by this change? >>>>> >>>>> Ws Martin saying that BookmarkableMapper isn't using the setting at all >>>> in >>>>> 1.5? >>>>> >>>>> -Clint >>>>> >>>>> On Tue, Jun 28, 2011 at 4:49 AM, Martin Grigorov <[email protected] >>>>> wrote: >>>>> >>>>>> OK, I'll remove it. >>>>>> Seems easy enough to re-add if someone ever need it. >>>>>> >>>>>> On Mon, Jun 27, 2011 at 6:11 PM, Igor Vaynberg <[email protected] >>>>> >>>>>> wrote: >>>>>>> i think we can drop this from 1.5 >>>>>>> >>>>>>> -igor >>>>>>> >>>>>>> On Mon, Jun 27, 2011 at 3:14 AM, Martin Grigorov < >>>> [email protected]> >>>>>> wrote: >>>>>>>> Hi, >>>>>>>> >>>>>>>> In 1.5 >>>> org.apache.wicket.settings.ISecuritySettings.getEnforceMounts() >>>>>>>> is not currently used. >>>>>>>> Reading its javadoc I understand that it should disable completely >>>>>>>> org.apache.wicket.request.mapper.BookmarkableMapper when the flag is >>>>>>>> "true". >>>>>>>> I.e. making a request to /wicket/bookmarkable/com.example.MyPage >>>>>>>> should not be recognized by BookmarkableMapper. >>>>>>>> Am I right ? >>>>>>>> >>>>>>>> -- >>>>>>>> Martin Grigorov >>>>>>>> jWeekend >>>>>>>> Training, Consulting, Development >>>>>>>> http://jWeekend.com >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Martin Grigorov >>>>>> jWeekend >>>>>> Training, Consulting, Development >>>>>> http://jWeekend.com >>>>>> >>>>> >>>> >> >> > > >
