Package org.apache.wicket.markup.html

Class SecurePackageResourceGuard

java.lang.Object

org.apache.wicket.markup.html.PackageResourceGuard

org.apache.wicket.markup.html.SecurePackageResourceGuard

All Implemented Interfaces:

IPackageResourceGuard

public class SecurePackageResourceGuard
extends PackageResourceGuard

This is a resource guard which by default denies access to all resources and thus is more secure.

All pattern are executed in the order they were provided. All pattern are executed to determine if access can be granted or not.

Note that access to the config data such as get/setPattern() and acceptXXX() is not synchronized. It is assumed that configuration has finished before the first request gets executed.

The rules are fairly simple. Each pattern must start with either "+" (include) or "-" (exclude). "*" is a placeholder for zero, one or more characters within a file or directory name. "**" is a placeholder for zero, one or more sub-directories.

Examples:

Examples

+*.gif	All gif files in all directories
+test*.*	All files in all directories starting with "test"
+mydir/*/*.gif	All gif files two levels below the mydir directory. E.g. mydir/dir2/test.gif
+mydir/**/*.gif	All gif files in all directories below mydir. E.g. mydir/test.gif or mydir/dir2/dir3/test.gif

Author:

Juergen Donnerstag

See Also:

IPackageResourceGuard, ResourceSettings.getPackageResourceGuard(), PackageResourceGuard

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SecurePackageResourceGuard.SearchPattern
static class	SecurePackageResourceGuard.SimpleCache	A very simple cache

Constructor Summary

Constructors

Constructor	Description
SecurePackageResourceGuard()	Constructor.
SecurePackageResourceGuard(ConcurrentMap<String,Boolean> cache)	Constructor.

Method Summary

Modifier and Type	Method	Description
boolean	accept(String path)	Whether the provided absolute path is accepted.
void	addPattern(String pattern)
void	clearCache()
List<SecurePackageResourceGuard.SearchPattern>	getPattern()	Gets the current list of pattern.
void	setPattern(List<SecurePackageResourceGuard.SearchPattern> pattern)	Sets pattern.

Methods inherited from class org.apache.wicket.markup.html.PackageResourceGuard

acceptExtension, acceptFile, getBlockedExtensions, getBlockedFiles, isAllowAccessToRootResources, setAllowAccessToRootResources, setBlockedExtensions, setBlockedFiles

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurePackageResourceGuard

public SecurePackageResourceGuard()

Constructor.

SecurePackageResourceGuard

public SecurePackageResourceGuard(ConcurrentMap<String,Boolean> cache)

Constructor.

Parameters:

cache - the internal cache that will hold the results for all already checked resources. Use null to disable caching.

Method Detail

clearCache

public void clearCache()

accept

public boolean accept(String path)

Whether the provided absolute path is accepted.

Specified by:

accept in interface IPackageResourceGuard

Overrides:

accept in class PackageResourceGuard

Parameters:

path - The absolute path, starting from the class root (packages are separated with forward slashes instead of dots).

Returns:

True if accepted, false otherwise.

See Also:

IPackageResourceGuard.accept(java.lang.String)

getPattern

public List<SecurePackageResourceGuard.SearchPattern> getPattern()

Gets the current list of pattern. Please invoke clearCache() or setPattern(List) when finished in order to clear the cache of previous checks.

Returns:

pattern

setPattern

public void setPattern(List<SecurePackageResourceGuard.SearchPattern> pattern)

Sets pattern.

Parameters:

pattern - pattern

addPattern

public void addPattern(String pattern)

Parameters:

pattern -