Mathijs den Burger pushed to branch master at cms-community / hippo-cms
Commits: 11413bbf by Mathijs den Burger at 2017-02-16T15:01:36+01:00 CMS-10613 Use default package resource whitelist if config is missing Having no whitelisted package resource classes is a configuration smell. It also happens during unit tests that don't bootstrap the full default CMS configuration. In those cases, fall back to a default whitelist. Also added "wicket.contrib." to the default whitelist because several unit tests load resources from this package. - - - - - 4 changed files: - api/src/main/java/org/hippoecm/frontend/settings/GlobalSettings.java - config/src/main/resources/cms-settings.xml - config/src/main/resources/hippoecm-extension.xml - engine/src/main/java/org/hippoecm/frontend/Main.java Changes: ===================================== api/src/main/java/org/hippoecm/frontend/settings/GlobalSettings.java ===================================== --- a/api/src/main/java/org/hippoecm/frontend/settings/GlobalSettings.java +++ b/api/src/main/java/org/hippoecm/frontend/settings/GlobalSettings.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 Hippo B.V. (http://www.onehippo.com) + * Copyright 2015-2017 Hippo B.V. (http://www.onehippo.com) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -47,7 +47,7 @@ public class GlobalSettings { log.info("Cannot read global settings, there is no repository yet; using empty defaults"); return new JavaPluginConfig(); } catch (RepositoryException e) { - log.warn("Cannot read global settings, using empty defaults", e); + log.info("Cannot read global settings, using empty defaults", e); return new JavaPluginConfig(); } } ===================================== config/src/main/resources/cms-settings.xml ===================================== --- a/config/src/main/resources/cms-settings.xml +++ b/config/src/main/resources/cms-settings.xml @@ -31,5 +31,6 @@ <sv:value>org.hippoecm.</sv:value> <sv:value>org.apache.wicket.</sv:value> <sv:value>org.onehippo.</sv:value> + <sv:value>wicket.contrib.</sv:value> </sv:property> </sv:node> ===================================== config/src/main/resources/hippoecm-extension.xml ===================================== --- a/config/src/main/resources/hippoecm-extension.xml +++ b/config/src/main/resources/hippoecm-extension.xml @@ -284,6 +284,7 @@ <sv:value>org.hippoecm.</sv:value> <sv:value>org.apache.wicket.</sv:value> <sv:value>org.onehippo.</sv:value> + <sv:value>wicket.contrib.</sv:value> </sv:property> <sv:property sv:name="hippo:sequence" sv:type="Double"> <sv:value>910.1</sv:value> ===================================== engine/src/main/java/org/hippoecm/frontend/Main.java ===================================== --- a/engine/src/main/java/org/hippoecm/frontend/Main.java +++ b/engine/src/main/java/org/hippoecm/frontend/Main.java @@ -17,6 +17,7 @@ package org.hippoecm.frontend; import java.io.IOException; import java.net.URL; +import java.util.Arrays; import java.util.Enumeration; import java.util.Iterator; import java.util.LinkedList; @@ -116,6 +117,9 @@ public class Main extends PluginApplication { private static final String FRONTEND_PATH = "/" + HippoNodeType.CONFIGURATION_PATH + "/" + HippoNodeType.FRONTEND_PATH; private static final String WHITELISTED_CLASSES_FOR_PACKAGE_RESOURCES = "whitelisted.classes.for.package.resources"; + private static final String[] DEFAULT_WHITELISTED_CLASSES_FOR_PACKAGE_RESOURCES = { + "org.hippoecm.", "org.apache.wicket.", "org.onehippo.", "wicket.contrib." + }; /** * Parameter name of the repository storage directory @@ -501,7 +505,13 @@ public class Main extends PluginApplication { protected void initPackageResourceGuard() { final WhitelistedClassesResourceGuard packageResourceGuard = new WhitelistedClassesResourceGuard(); - final String[] classNamePrefixes = GlobalSettings.get().getStringArray(WHITELISTED_CLASSES_FOR_PACKAGE_RESOURCES); + + String[] classNamePrefixes = GlobalSettings.get().getStringArray(WHITELISTED_CLASSES_FOR_PACKAGE_RESOURCES); + if (classNamePrefixes == null || classNamePrefixes.length == 0) { + log.info("No whitelisted package resources found, using the default whitelist: {}", + Arrays.asList(DEFAULT_WHITELISTED_CLASSES_FOR_PACKAGE_RESOURCES)); + classNamePrefixes = DEFAULT_WHITELISTED_CLASSES_FOR_PACKAGE_RESOURCES; + } packageResourceGuard.addClassNamePrefixes(classNamePrefixes); // CMS7-8898: allow .woff2 files to be served View it on GitLab: https://code.onehippo.org/cms-community/hippo-cms/commit/11413bbf4de6be43d87be2b331783caf64dd7519
_______________________________________________ Hippocms-svn mailing list Hippocms-svn@lists.onehippo.org https://lists.onehippo.org/mailman/listinfo/hippocms-svn