org.apache.wicket.markup.html
Class SecurePackageResourceGuard

java.lang.Object
  org.apache.wicket.markup.html.PackageResourceGuard
      org.apache.wicket.markup.html.SecurePackageResourceGuard

All Implemented Interfaces:

IPackageResourceGuard

public class SecurePackageResourceGuard
extends PackageResourceGuard

This is a resource guard which by default denies access to all resources and thus is more secure.

All pattern are executed in the order they were provided. All pattern are executed to determine if access can be granted or not.

Note that access to the config data such as get/setPattern() and acceptXXX() is not synchronized. It is assumed that configuration has finished before the first request gets executed.

The rules are fairly simple. Each pattern must start with either "+" (include) or "-" (exclude). "*" is a placeholder for zero, one or more characters within a file or directory name. "**" is a placeholder for zero, one or more sub-directories.

Examples:

+*.gif	All gif files in all directories
+test*.*	All files in all directories starting with "test"
+mydir/*/*.gif	All gif files two levels below the mydir directory. E.g. mydir/dir2/test.gif
+mydir/**/*.gif	All gif files in all directories below mydir. E.g. mydir/test.gif or mydir/dir2/dir3/test.gif

Author:

Juergen Donnerstag

See Also:

IPackageResourceGuard, IResourceSettings.getPackageResourceGuard(), PackageResourceGuard

Nested Class Summary

static class	SecurePackageResourceGuard.SearchPattern
static class	SecurePackageResourceGuard.SimpleCache A very simple cache

Constructor Summary

SecurePackageResourceGuard()
Construct.

Method Summary

protected boolean	acceptAbsolutePath(java.lang.String path) Whether the provided absolute path is accepted.
void	addPattern(java.lang.String pattern)
void	clearCache()
java.util.List<SecurePackageResourceGuard.SearchPattern>	getPattern() Gets the current list of pattern.
java.util.concurrent.ConcurrentHashMap<java.lang.String,java.lang.Boolean>	newCache() Get a new cache implementation.
void	setPattern(java.util.List<SecurePackageResourceGuard.SearchPattern> pattern) Sets pattern.

Methods inherited from class org.apache.wicket.markup.html.PackageResourceGuard

accept, acceptExtension, acceptFile, getBlockedExtensions, getBlockedFiles, setBlockedExtensions, setBlockedFiles

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurePackageResourceGuard

public SecurePackageResourceGuard()

Construct.

Method Detail

newCache

public java.util.concurrent.ConcurrentHashMap<java.lang.String,java.lang.Boolean> newCache()

Get a new cache implementation. Subclasses may return null to disable caching. More advanced caches (e.h. ehcache) should be used in production environments to limit the size and remove "old" entries.

Returns:

the cache implementation

clearCache

public void clearCache()

acceptAbsolutePath

protected boolean acceptAbsolutePath(java.lang.String path)

Whether the provided absolute path is accepted.

Overrides:

acceptAbsolutePath in class PackageResourceGuard

Parameters:

path - The absolute path, starting from the class root (packages are separated with forward slashes instead of dots).

Returns:

True if accepted, false otherwise.

getPattern

public java.util.List<SecurePackageResourceGuard.SearchPattern> getPattern()

Gets the current list of pattern. Please invoke clearCache() or setPattern(List) when finished in order to clear the cache of previous checks.

Returns:

pattern

setPattern

public void setPattern(java.util.List<SecurePackageResourceGuard.SearchPattern> pattern)

Sets pattern.

Parameters:

pattern - pattern

addPattern

public void addPattern(java.lang.String pattern)

Parameters:

pattern -