Tynamo
  1. Tynamo
  2. TYNAMO-162

provide a configuration to block access to assets (like the AssetProtectionDispatcher)

    Details

    • Type: New Feature New Feature
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: security-0.4.5
    • Component/s: None
    • Labels:
      None
    • Number of attachments :
      0

      Description


      provide a configuration to block access to assets (like the AssetProtectionDispatcher)

        Issue Links

          Activity

          Hide
          Alejandro Scandroli added a comment -

          Here is one solution:

          public class AssetProtectionModule {
          
          	public static void contributeSecurityConfiguration(Configuration<SecurityFilterChain> configuration,
          	                                                   @Symbol(SymbolConstants.ASSET_PATH_PREFIX) final String assetPathPrefix,
          	                                                   SecurityFilterChainFactory factory) {
          
          		configuration.add(factory.createChainWithRegEx(assetPathPrefix + ".*/$").add(factory.notfound()).build());
          
          		final String pattern = ".*\\.((css)|(js)|(jpg)|(jpeg)|(png)|(gif))$";
          		final Pattern p = Pattern.compile(pattern);
          
          		configuration.add(factory.createChain(pattern, new PatternMatcher() {
          			@Override
          			public boolean matches(String ignored, String source) {
          				return source.startsWith(assetPathPrefix) && !p.matcher(source).matches();
          			}
          		}).add(factory.notfound()).build());
          	}
          }
          

          Now I think there is no point in having this out-of-the-box in tapestry-security.
          For documentation purposes I've created a github gist so you can follow my train of thoughts: https://gist.github.com/2831057

          Show
          Alejandro Scandroli added a comment - Here is one solution: public class AssetProtectionModule { public static void contributeSecurityConfiguration(Configuration<SecurityFilterChain> configuration, @Symbol(SymbolConstants.ASSET_PATH_PREFIX) final String assetPathPrefix, SecurityFilterChainFactory factory) { configuration.add(factory.createChainWithRegEx(assetPathPrefix + ".*/$" ).add(factory.notfound()).build()); final String pattern = ".*\\.((css)|(js)|(jpg)|(jpeg)|(png)|(gif))$" ; final Pattern p = Pattern.compile(pattern); configuration.add(factory.createChain(pattern, new PatternMatcher() { @Override public boolean matches( String ignored, String source) { return source.startsWith(assetPathPrefix) && !p.matcher(source).matches(); } }).add(factory.notfound()).build()); } } Now I think there is no point in having this out-of-the-box in tapestry-security. For documentation purposes I've created a github gist so you can follow my train of thoughts: https://gist.github.com/2831057

            People

            • Assignee:
              Alejandro Scandroli
              Reporter:
              Alejandro Scandroli
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: