Robert, I pretty understand what your component does, but some things are not really clear for me.
I'd created a new 5.0.5 project called "testBlock" to test your component. When i put the dependency on pom.xml, It blocks the access to the "testBlock/assets/" url. Alright, but if i put a file "file.xyz" on the src/main/webapp (same path of favicon.ico, for example) i still can access this file by the url "testBlock/file.xyz", as well as i can access the favicon.ico. If i create a directory called "xyz" on src/main/webapp and put the "file.xyz" inside it, i still can access this file by the url "testBlock/xyz/file.xyz" and if i type "testBlock/xyz" i will have the list of files inside that path, what is worse. My question is: this is the right behavior? it should authorize these paths or block everything(since it is based on a white-list mechanism)? I am doing something wrong or unexpected creating a directory under src/main/webapp? Thanks for the attention! 2007/11/28, Robert Zeigler <[EMAIL PROTECTED]>: > > Something seems to be missing. :) > Maybe the module isn't being properly auto-loaded? > Ah... another possibility is tapestry version... what version of > tapestry are you using? At the moment, I'm still on 5.0.5 (hope to > switch to 5.0.6 sometime in the near future). > > Robert > > On Nov 28, 2007, at 11/2810:58 AM , Marcelo Lotif wrote: > > > ok, looks like i made it wrong > > In a previous thread, you said that this component requires "zero > > configuration", so i just put a dependency on my pom.xml, but it's > > still > > just like before (i.e i still can access, let's say, a 'file.xyz' > > inside my > > app). > > > > am i missing something? > > > > 2007/11/28, Robert Zeigler <[EMAIL PROTECTED]>: > >> > >> The dispatcher, itself, blocks nothing. > >> It delegates to the authorizers. The last authorizer in the chain > >> is a > >> whitelist, which whitelists > >> each of the (known) tapestry assets. I would be curious to know what > >> resources you were able to access. > >> > >> Robert > >> > >> On Nov 28, 2007, at 11/289:31 AM , Marcelo Lotif wrote: > >> > >>> Hi Robert, > >>> I try this component here, but many things are still available. What > >>> specifically this dispatcher blocks by default? > >>> > >>> 2007/11/27, Robert Zeigler <[EMAIL PROTECTED]>: > >>>> > >>>> Hi All, > >>>> > >>>> I've updated AssetProtectionDispatcher both in Tassel ( > >>>> http://www.tapestrycomponents.org > >>>> ) and in the maven repo mentioned in the AssetProtectionDispatcher > >>>> "notes" on Tassel. Current version is now 0.0.3. > >>>> The new version includes updated default entries to the > >>>> WhitelistAuthorizer to handle some tapestry assets that weren't > >>>> properly handled before. It also includes a new RegexAuthorizer > >>>> that > >>>> takes an ordered list of regular expressions (as strings; yes, the > >>>> service will pre-compile them to patterns) to match against. If a > >>>> resource matches a provided regex, access to the asset is allowed. > >>>> Otherwise, authorization falls through to the whitelist authorizer. > >>>> The default configuration contains NO contributions to the regex > >>>> authorizer at the moment. For most projects, a contribution along > >>>> the > >>>> lines of: > >>>> > >>>> contributeRegexAuthorizer(Configuration<String> conf) { > >>>> conf.add("^.*\\.png$"); > >>>> conf.add("^.*\\.jpg$"); > >>>> conf.add("^.*\\.jpeg$"); > >>>> conf.add("^.*\\.js$"); > >>>> conf.add("^.*\\.css$"); > >>>> } > >>>> > >>>> is probably prudent. > >>>> > >>>> Cheers, > >>>> > >>>> Robert > >>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>>> > >>> > >>> > >>> -- > >>> Atenciosamente, > >>> Marcelo Lotif > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > -- > > Atenciosamente, > > Marcelo Lotif > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Atenciosamente, Marcelo Lotif
