On Wed, Mar 24, 2010 at 3:08 PM, Ernesto Reinaldo Barreiro <reier...@gmail.com> wrote: > Haven't had time to check the specification but this behavior (mounting on > "/") might pose a security risk as you can fetch "invisible" things form the > class path (e.g. configuration files containing sensitive information like > passwords). On the other hand I see HttpService class has a > registerResources method you could use to register static resources. Maybe > that is the one you need? > I'm using Whiteboard to register the application, so I don't have access to the HttpService, I have discovered that Pax implementation of whiteboard [0] can also publish resources, so I can use that to control where I publish the static content. Anyway I'd still have the security risk if I register the application in "/".
[0] - Pax Whiteboard Extender - http://wiki.ops4j.org/display/paxweb/Whiteboard+Extender --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org