Hi, In Wicket web framework if some request url has not a dedicated/registered handler in application then WicketServlet fallbacks processing to return a resource from ServletContext as a response content: InputStream stream = getServletContext().getResourceAsStream(url); String mimeType = getServletContext().getMimeType(url);
I don't know if this is Wicket specific thing or a common use case in Java Servlets world? :) The problem is, that by default PaxWeb (DefaultHttpContext) allows to return all resources available in bundle (because all calls are delegated to Bundle methods like: getResource, getEntryPaths). In this way user can prepare a special url in a browser (eg. http://our_app_url/com/somepackage/SampleClass.class) and our application will return the content of any resource which is part of a bundle (for which DefaultHttpContext was created). I try to find how to block this behaviour (block access to these internal files in bundle), maybe I forgot to configure something or I am doing something wrong? PS. We are using PaxWeb 7. -- Best regards, Daniel -- -- ------------------ OPS4J - http://www.ops4j.org - ops4j@googlegroups.com --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/ce196bee-0102-43db-a26f-d3ba374d7f89n%40googlegroups.com.