List of usage examples for org.apache.wicket.markup.html SecurePackageResourceGuard addPattern
public void addPattern(String pattern)
From source file:au.org.theark.web.application.ArkWebApplication.java
License:Open Source License
public void init() { log.info("In Constructor of ArkApplication"); super.init(); getComponentInstantiationListeners().add(new SpringComponentInjector(this, context(), true)); SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern("+*.js"); guard.addPattern("+*.jar"); getResourceSettings().setPackageResourceGuard(guard); }
From source file:com.googlecode.wicket.jquery.ui.plugins.Initializer.java
License:Apache License
@Override public void init(Application application) { // Wysiwyg Plugin // IPackageResourceGuard packageResourceGuard = application.getResourceSettings().getPackageResourceGuard(); if (packageResourceGuard instanceof SecurePackageResourceGuard) { SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard; if (!guard.getPattern().contains(new SearchPattern("+*.eot"))) { guard.addPattern("+*.eot"); guard.addPattern("+*.woff"); guard.addPattern("+*.ttf"); }/*from w ww . ja v a2 s. c o m*/ } }
From source file:com.googlecode.wicket.jquery.ui.plugins.wysiwyg.WysiwygBehavior.java
License:Apache License
/** * Constructor//from w w w. jav a 2 s .c om * @param selector the html selector (ie: "#myId") * @param options the {@link Options} */ public WysiwygBehavior(String selector, Options options) { super(selector, METHOD, options); IPackageResourceGuard packageResourceGuard = Application.get().getResourceSettings() .getPackageResourceGuard(); if (packageResourceGuard instanceof SecurePackageResourceGuard) { SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard; if (!guard.getPattern().contains(new SearchPattern("+*.eot"))) { guard.addPattern("+*.eot"); guard.addPattern("+*.woff"); guard.addPattern("+*.ttf"); } } this.initReferences(); }
From source file:de.alpharogroup.wicket.base.util.application.ApplicationExtensions.java
License:Apache License
/** * Adds the given file patterns to package resource guard from the given application. * * @param application/*w w w . j a va2 s . c om*/ * the application * @param patterns * the patterns */ public static void addFilePatternsToPackageResourceGuard(final Application application, final String... patterns) { final IPackageResourceGuard packageResourceGuard = application.getResourceSettings() .getPackageResourceGuard(); if (packageResourceGuard instanceof SecurePackageResourceGuard) { final SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard; for (final String pattern : patterns) { guard.addPattern(pattern); } } }
From source file:de.tudarmstadt.ukp.dkpro.uby.vis.webapp.WicketApplication.java
License:Apache License
@Override public void init() { if (!isInitialized) { super.init(); BootstrapSettings settings = new BootstrapSettings(); Bootstrap.install(this, settings); addResourceReplacement(WiQueryCoreThemeResourceReference.get(), new WiQueryCoreThemeResourceReference("redlion")); getComponentInstantiationListeners().add(new SpringComponentInjector(this)); IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard(); if (packageResourceGuard instanceof SecurePackageResourceGuard) { SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard; guard.addPattern("+*.js"); }/*from w w w . j av a 2 s .c o m*/ mountPage("/welcome.html", getHomePage()); mountPage("/tryuby.html", TryUby.class); isInitialized = true; } }
From source file:eu.esdihumboldt.hale.server.webapp.BaseWebApplication.java
License:Open Source License
@Override public void init() { super.init(); BootstrapSettings settings = new BootstrapSettings(); final ThemeProvider themeProvider = new BootswatchThemeProvider() { {//from w w w . j a va 2s.c om add(new MetroTheme()); add(new GoogleTheme()); add(new WicketTheme()); add(new Bootstrap3Theme()); defaultTheme("bootstrap-responsive"); // defaultTheme("bootstrap"); } }; settings.setThemeProvider(themeProvider); Bootstrap.install(this, settings); BootstrapLess.install(this); configureResourceBundles(); IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard(); if (packageResourceGuard instanceof SecurePackageResourceGuard) { SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard; guard.addPattern("+org/apache/wicket/resource/jquery/*.map"); } // enforce mounts so security interceptors based on URLs can't be fooled getSecuritySettings().setEnforceMounts(true); getSecuritySettings().setAuthorizationStrategy( new SimplePageAuthorizationStrategy(SecuredPage.class, getLoginPageClass()) { @Override protected boolean isAuthorized() { SecurityContext securityContext = SecurityContextHolder.getContext(); if (securityContext != null) { Authentication authentication = securityContext.getAuthentication(); if (authentication != null && authentication.isAuthenticated()) { for (GrantedAuthority authority : authentication.getAuthorities()) { if (authority.getAuthority().equals(UserConstants.ROLE_USER) || authority.getAuthority().equals(UserConstants.ROLE_ADMIN)) { // allow access only for users/admins return true; } } } } return false; } }); getComponentInstantiationListeners().add(new SpringComponentInjector(this)); getRequestCycleListeners().add(new AbstractRequestCycleListener() { @Override public IRequestHandler onException(RequestCycle cycle, Exception ex) { return new RenderPageRequestHandler(new PageProvider(new ExceptionPage(ex))); } }); // add login page to every application based on this one (if enabled) Class<? extends BasePage> loginClass = getLoginPageClass(); if (loginClass != null) { // login page mountPage("/login", loginClass); // user settings mountPage("/settings", UserSettingsPage.class); // about mountPage("/about", AboutPage.class); // contact mountPage("/contact", ContactPage.class); if (OpenIdLoginPage.class.equals(loginClass)) { // for OpenID auth also add page for new users mountPage("/new", NewUserPage.class); } } }
From source file:gr.abiss.calipso.wicket.CalipsoApplication.java
License:Open Source License
@Override public void init() { super.init(); // DEVELOPMENT or DEPLOYMENT RuntimeConfigurationType configurationType = this.getConfigurationType(); if (RuntimeConfigurationType.DEVELOPMENT.equals(configurationType)) { logger.info("You are in DEVELOPMENT mode"); // getResourceSettings().setResourcePollFrequency(Duration.ONE_SECOND); // getDebugSettings().setComponentUseCheck(true); getResourceSettings().setResourcePollFrequency(null); getDebugSettings().setComponentUseCheck(false); // getDebugSettings().setSerializeSessionAttributes(true); // getMarkupSettings().setStripWicketTags(false); // getExceptionSettings().setUnexpectedExceptionDisplay( // UnexpectedExceptionDisplay.SHOW_EXCEPTION_PAGE); // getAjaxSettings().setAjaxDebugModeEnabled(true); } else if (RuntimeConfigurationType.DEPLOYMENT.equals(configurationType)) { getResourceSettings().setResourcePollFrequency(null); getDebugSettings().setComponentUseCheck(false); // getDebugSettings().setSerializeSessionAttributes(false); // getMarkupSettings().setStripWicketTags(true); // getExceptionSettings().setUnexpectedExceptionDisplay( // UnexpectedExceptionDisplay.SHOW_INTERNAL_ERROR_PAGE); // getAjaxSettings().setAjaxDebugModeEnabled(false); }//from w ww. jav a 2 s . c o m // initialize velocity try { Velocity.init(); if (logger.isInfoEnabled()) { logger.info("Initialized Velocity engine"); } } catch (Exception e) { // TODO Auto-generated catch block logger.error("Failed to initialize velocity engine", e); } // Set custom page for internal errors getApplicationSettings().setInternalErrorPage(CalipsoErrorPage.class); // don't break down on missing resources getResourceSettings().setThrowExceptionOnMissingResource(false); // Redirect to PageExpiredError Page if current page is expired getApplicationSettings().setPageExpiredErrorPage(CalipsoPageExpiredErrorPage.class); // get hold of spring managed service layer (see BasePage, BasePanel etc // for how it is used) ServletContext sc = getServletContext(); applicationContext = WebApplicationContextUtils.getWebApplicationContext(sc); calipsoService = (CalipsoService) applicationContext.getBean("calipsoService"); calipsoPropertiesEditor = new CalipsoPropertiesEditor(); // check if acegi-cas authentication is being used, get reference to // object to be used // by wicket authentication to redirect to right pages for login / // logout try { calipsoCasProxyTicketValidator = (CalipsoCasProxyTicketValidator) applicationContext .getBean("casProxyTicketValidator"); logger.info("casProxyTicketValidator retrieved from application context: " + calipsoCasProxyTicketValidator); } catch (NoSuchBeanDefinitionException nsbde) { logger.info( "casProxyTicketValidator not found in application context, CAS single-sign-on is not being used"); } // delegate wicket i18n support to spring i18n getResourceSettings().getStringResourceLoaders().add(new IStringResourceLoader() { @Override public String loadStringResource(Class<?> clazz, String key, Locale locale, String style, String variation) { return applicationContext.getMessage(key, null, null, locale); } @Override public String loadStringResource(Component component, String key, Locale locale, String style, String variation) { return applicationContext.getMessage(key, null, null, locale); } }); // add DB i18n resources getResourceSettings().getStringResourceLoaders().add(new IStringResourceLoader() { @Override public String loadStringResource(Class<?> clazz, String key, Locale locale, String style, String variation) { if (StringUtils.isNotBlank(locale.getVariant())) { // always ignore the variant locale = new Locale(locale.getLanguage(), locale.getCountry()); } String lang = locale.getLanguage(); I18nStringResource resource = CalipsoApplication.this.calipsoService .loadI18nStringResource(new I18nStringIdentifier(key, lang)); if (resource == null && !lang.equalsIgnoreCase("en")) { resource = CalipsoApplication.this.calipsoService .loadI18nStringResource(new I18nStringIdentifier(key, "en")); } return resource != null ? resource.getValue() : null; } @Override public String loadStringResource(Component component, String key, Locale locale, String style, String variation) { locale = component == null ? Session.get().getLocale() : component.getLocale(); if (StringUtils.isNotBlank(locale.getVariant())) { // always ignore the variant locale = new Locale(locale.getLanguage(), locale.getCountry()); } String lang = locale.getLanguage(); I18nStringResource resource = CalipsoApplication.this.calipsoService .loadI18nStringResource(new I18nStringIdentifier(key, lang)); if (resource == null && !lang.equalsIgnoreCase("en")) { resource = CalipsoApplication.this.calipsoService .loadI18nStringResource(new I18nStringIdentifier(key, "en")); } return resource != null ? resource.getValue() : null; } }); // cache resources. resource cache is cleared when creating/updating a space getResourceSettings().getLocalizer().setEnableCache(true); getSecuritySettings().setAuthorizationStrategy(new IAuthorizationStrategy() { @Override public boolean isActionAuthorized(Component c, Action a) { return true; } @Override public boolean isInstantiationAuthorized(Class clazz) { if (BasePage.class.isAssignableFrom(clazz)) { if (((CalipsoSession) Session.get()).isAuthenticated()) { return true; } if (calipsoCasProxyTicketValidator != null) { // attempt CAS authentication // ========================== // logger.debug("checking if context contains CAS authentication"); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null && authentication.isAuthenticated()) { // logger.debug("security context contains CAS authentication, initializing session"); ((CalipsoSession) Session.get()).setUser((User) authentication.getPrincipal()); return true; } } // attempt remember-me auto login // ========================== if (attemptRememberMeAutoLogin()) { return true; } // attempt *anonymous* guest access if there are // spaces that allow it if (((CalipsoSession) Session.get()).getUser() == null) { List<Space> anonymousSpaces = getCalipso().findSpacesWhereAnonymousAllowed(); if (anonymousSpaces.size() > 0) { // logger.debug("Found "+anonymousSpaces.size() // + // " anonymousSpaces allowing ANONYMOUS access, initializing anonymous user"); User guestUser = new User();//getCalipso().loadUser(2); guestUser.setLoginName("guest"); guestUser.setName("Anonymous"); guestUser.setLastname("Guest"); guestUser.setLocale(Session.get().getLocale().getLanguage()); getCalipso().initImplicitRoles(guestUser, anonymousSpaces, RoleType.ANONYMOUS); // store user in session ((CalipsoSession) Session.get()).setUser(guestUser); return true; } else { if (logger.isDebugEnabled()) { // logger.debug("Found no public spaces."); } } } // allow registration if (clazz.equals(RegisterUserFormPage.class)) { return true; } // not authenticated, go to login page // logger.debug("not authenticated, forcing login, page requested was " // + clazz.getName()); if (calipsoCasProxyTicketValidator != null) { String serviceUrl = calipsoCasProxyTicketValidator.getLoginUrl(); // .getServiceProperties().getService(); String loginUrl = calipsoCasProxyTicketValidator.getLoginUrl(); // logger.debug("cas authentication: service URL: " // + serviceUrl); String redirectUrl = loginUrl + "?service=" + serviceUrl; // logger.debug("attempting to redirect to: " + // redirectUrl); throw new RestartResponseAtInterceptPageException(new RedirectPage(redirectUrl)); } else { throw new RestartResponseAtInterceptPageException(LoginPage.class); } } return true; } }); // TODO: create friendly URLs for all created pages // friendly URLs for selected pages if (calipsoCasProxyTicketValidator != null) { mountPage("/login", CasLoginPage.class); } else { mountPage("/login", LoginPage.class); } mountPage("/register", RegisterAnonymousUserFormPage.class); mountPage("/logout", LogoutPage.class); mountPage("/svn", SvnStatsPage.class); mountPage("/test", TestPage.class); mountPage("/casError", CasLoginErrorPage.class); mountPage("/item/", ItemViewPage.class); mountPage("/item/${itemId}", ItemViewPage.class); mountPage("/itemreport/", ItemTemplateViewPage.class); mountPage("/newItem/${spaceCode}", NewItemPage.class); // MixedParamUrlCodingStrategy newItemUrls = new MixedParamUrlCodingStrategy( // "/newItem", // NewItemPage.class, // new String[]{"spaceCode"} // ); // mount(newItemUrls); //fix for tinyMCE bug, see https://github.com/wicketstuff/core/issues/113 SecurePackageResourceGuard guard = (SecurePackageResourceGuard) getResourceSettings() .getPackageResourceGuard(); guard.addPattern("+*.htm"); this.getRequestCycleSettings().setTimeout(Duration.minutes(6)); this.getPageSettings().setVersionPagesByDefault(true); this.getExceptionSettings().setThreadDumpStrategy(ThreadDumpStrategy.THREAD_HOLDING_LOCK); }
From source file:org.artifactory.webapp.wicket.application.ArtifactoryApplication.java
License:Open Source License
protected void setup() { setupListeners();/*from w ww. j a va 2 s. c o m*/ // set HeaderRenderStrategy = ParentFirstHeaderRenderStrategy System.setProperty("Wicket_HeaderRenderStrategy", "org.apache.wicket.markup.renderStrategy.ParentFirstHeaderRenderStrategy"); // look for pages at the root of the web-app IResourceSettings resourceSettings = getResourceSettings(); resourceSettings.addResourceFolder(""); IPackageResourceGuard packageResourceGuard = resourceSettings.getPackageResourceGuard(); if (packageResourceGuard instanceof SecurePackageResourceGuard) { SecurePackageResourceGuard resourceGuard = (SecurePackageResourceGuard) packageResourceGuard; resourceGuard.addPattern("+Icon"); } // ResourcePackage resources are locale insensitive NoLocaleResourceStreamLocator locator = new NoLocaleResourceStreamLocator(); locator.addNoLocaleClass(ResourcePackage.class); resourceSettings.setResourceStreamLocator(new CachingResourceStreamLocator(locator)); // add the addons authorization strategy AddonsAuthorizationStrategy addonsAuthorizationStrategy = new AddonsAuthorizationStrategy(); Injector.get().inject(addonsAuthorizationStrategy); getAuthorizationStrategy().add(addonsAuthorizationStrategy); // increase request timeout to support long running transactions IRequestCycleSettings requestCycleSettings = getRequestCycleSettings(); requestCycleSettings.setTimeout(Duration.hours(5)); // set error pages IApplicationSettings applicationSettings = getApplicationSettings(); applicationSettings.setPageExpiredErrorPage(PageExpiredErrorPage.class); applicationSettings.setAccessDeniedPage(AccessDeniedPage.class); applicationSettings.setInternalErrorPage(InternalErrorPage.class); // markup settings IMarkupSettings markupSettings = getMarkupSettings(); markupSettings.setDefaultMarkupEncoding("UTF-8"); markupSettings.setCompressWhitespace(true); markupSettings.setStripComments(true); markupSettings.setStripWicketTags(true); //QA settings if (modes.contains(ConstantValues.qa)) { getComponentInstantiationListeners().add(new AddWicketPathListener()); } // RTFACT-4619, fixed by patching HeaderBufferingWebResponse getRequestCycleSettings().setBufferResponse(false); // RTFACT-4636 getPageSettings().setVersionPagesByDefault(false); }
From source file:org.cyclop.web.webapp.WicketWebApplication.java
License:Apache License
private void setupSecurity() { SecurePackageResourceGuard guard = (SecurePackageResourceGuard) getResourceSettings() .getPackageResourceGuard();/*from ww w . j a va2s . c om*/ guard.addPattern("+*.map"); }
From source file:org.devgateway.toolkit.forms.wicket.FormsWebApplication.java
License:Open Source License
/** * <ul>/*w w w . ja v a 2s . c o m*/ * <li>making the wicket components injectable by activating the * SpringComponentInjector</li> * <li>mounting the test page</li> * <li>logging spring service method output to showcase working integration * </li> * </ul> */ @Override protected void init() { super.init(); // add allowed woff2 extension IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard(); if (packageResourceGuard instanceof SecurePackageResourceGuard) { SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard; guard.addPattern("+*.woff2"); guard.addPattern("+*.xlsx"); } //this ensures that spring DI works for wicket components and pages //see @SpringBean annotation getComponentInstantiationListeners().add(new SpringComponentInjector(this, applicationContext)); //this will scan packages for pages with @MountPath annotations and automatically create URLs for them new AnnotatedMountScanner().scanPackage(BASE_PACKAGE_FOR_PAGES).mount(this); getApplicationSettings().setUploadProgressUpdatesEnabled(true); getApplicationSettings().setAccessDeniedPage(Homepage.class); // deactivate ajax debug mode // getDebugSettings().setAjaxDebugModeEnabled(false); configureBootstrap(); configureSummernote(); optimizeForWebPerformance(); // watch this using the URL // http://.../wicket/internal/debug/diskDataStore if (usesDevelopmentConfig()) { DebugDiskDataStore.register(this); } SessionFinderHolder.setSessionFinder(sessionFinderService); }