Examples with SecurePackageResourceGuard - org.apache.wicket.markup.html.SecurePackageResourceGuard

Example 6 with SecurePackageResourceGuard

use of org.apache.wicket.markup.html.SecurePackageResourceGuard in project wicket by apache.

the class VelocityTemplateApplication method init.

/**
 * @see org.apache.wicket.protocol.http.WebApplication#init()
 */
@Override
protected void init() {
    getDebugSettings().setDevelopmentUtilitiesEnabled(true);
    IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard();
    if (packageResourceGuard instanceof SecurePackageResourceGuard) {
        SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard;
        // allow velocity macros resources
        guard.addPattern("+*.vm");
    }
    // initialize velocity
    try {
        Velocity.init();
    } catch (Exception e) {
        throw new WicketRuntimeException(e);
    }
}

Also used : IPackageResourceGuard(org.apache.wicket.markup.html.IPackageResourceGuard) SecurePackageResourceGuard(org.apache.wicket.markup.html.SecurePackageResourceGuard) WicketRuntimeException(org.apache.wicket.WicketRuntimeException) WicketRuntimeException(org.apache.wicket.WicketRuntimeException)

Example 7 with SecurePackageResourceGuard

use of org.apache.wicket.markup.html.SecurePackageResourceGuard in project oc-explorer by devgateway.

the class FormsWebApplication method init.

/**
 * <ul>
 * <li>making the wicket components injectable by activating the
 * SpringComponentInjector</li>
 * <li>mounting the test page</li>
 * <li>logging spring service method output to showcase working integration
 * </li>
 * </ul>
 */
@Override
protected void init() {
    super.init();
    // add allowed woff2 extension
    IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard();
    if (packageResourceGuard instanceof SecurePackageResourceGuard) {
        SecurePackageResourceGuard guard = (SecurePackageResourceGuard) packageResourceGuard;
        guard.addPattern("+*.woff2");
        guard.addPattern("+*.xlsx");
    }
    // this ensures that spring DI works for wicket components and pages
    // see @SpringBean annotation
    getComponentInstantiationListeners().add(new SpringComponentInjector(this, applicationContext));
    // this will scan packages for pages with @MountPath annotations and automatically create URLs for them
    new AnnotatedMountScanner().scanPackage(BASE_PACKAGE_FOR_PAGES).mount(this);
    getApplicationSettings().setUploadProgressUpdatesEnabled(true);
    getApplicationSettings().setAccessDeniedPage(Homepage.class);
    // deactivate ajax debug mode
    // getDebugSettings().setAjaxDebugModeEnabled(false);
    configureBootstrap();
    configureSummernote();
    optimizeForWebPerformance();
    // http://.../wicket/internal/debug/diskDataStore
    if (usesDevelopmentConfig()) {
        DebugDiskDataStore.register(this);
    }
    SessionFinderHolder.setSessionFinder(sessionFinderService);
}

Also used : IPackageResourceGuard(org.apache.wicket.markup.html.IPackageResourceGuard) SecurePackageResourceGuard(org.apache.wicket.markup.html.SecurePackageResourceGuard) AnnotatedMountScanner(org.wicketstuff.annotation.scan.AnnotatedMountScanner) SpringComponentInjector(org.apache.wicket.spring.injection.annot.SpringComponentInjector)

Example 8 with SecurePackageResourceGuard

use of org.apache.wicket.markup.html.SecurePackageResourceGuard in project midpoint by Evolveum.

the class MidPointApplication method init.

@Override
public void init() {
    super.init();
    getCspSettings().blocking().disabled();
    getJavaScriptLibrarySettings().setJQueryReference(new PackageResourceReference(MidPointApplication.class, // todo no jquery.js is found
    "../../../../../webjars/AdminLTE/2.4.18/bower_components/jquery/dist/jquery.min.js"));
    getComponentInstantiationListeners().add(new SpringComponentInjector(this, applicationContext, true));
    systemConfigurationChangeDispatcher.registerListener(new DeploymentInformationChangeListener(this));
    SystemConfigurationType config = getSystemConfigurationIfAvailable();
    if (config != null) {
        deploymentInfo = config.getDeploymentInformation();
    }
    ResourceSettings resourceSettings = getResourceSettings();
    resourceSettings.setParentFolderPlaceholder("$-$");
    resourceSettings.setHeaderItemComparator(new PriorityFirstComparator(true));
    SecurePackageResourceGuard guard = (SecurePackageResourceGuard) resourceSettings.getPackageResourceGuard();
    guard.addPattern("+*.woff2");
    List<IStringResourceLoader> resourceLoaders = resourceSettings.getStringResourceLoaders();
    resourceLoaders.add(0, new MidPointStringResourceLoader(localizationService));
    IResourceStreamLocator locator = new CachingResourceStreamLocator(new MidPointResourceStreamLocator(resourceSettings.getResourceFinders()));
    resourceSettings.setResourceStreamLocator(locator);
    resourceSettings.setThrowExceptionOnMissingResource(false);
    getMarkupSettings().setStripWicketTags(true);
    getMarkupSettings().setStripComments(true);
    if (RuntimeConfigurationType.DEVELOPMENT.equals(getConfigurationType())) {
        getDebugSettings().setAjaxDebugModeEnabled(true);
        getDebugSettings().setDevelopmentUtilitiesEnabled(true);
        initializeDevelopmentSerializers();
        mount(new MountedMapper("/inspector", InspectorPage.class, new PageParametersEncoder()));
        mount(new MountedMapper("/liveSession", LiveSessionsPage.class, new PageParametersEncoder()));
        mount(new MountedMapper("/pageStore", PageStorePage.class, new PageParametersEncoder()));
    }
    // pretty url for resources (e.g. images)
    mountFiles(ImgResources.BASE_PATH, ImgResources.class);
    // exception handling an error pages
    ApplicationSettings appSettings = getApplicationSettings();
    appSettings.setAccessDeniedPage(PageError401.class);
    appSettings.setInternalErrorPage(PageError.class);
    appSettings.setPageExpiredErrorPage(PageError.class);
    mount(new MountedMapper(MOUNT_INTERNAL_SERVER_ERROR, PageError.class, new PageParametersEncoder()));
    mount(new MountedMapper(MOUNT_UNAUTHORIZED_ERROR, PageError401.class, new PageParametersEncoder()));
    mount(new MountedMapper(MOUNT_FORBIDEN_ERROR, PageError403.class, new PageParametersEncoder()));
    mount(new MountedMapper(MOUNT_NOT_FOUND_ERROR, PageError404.class, new PageParametersEncoder()));
    mount(new MountedMapper(MOUNT_GONE_ERROR, PageError410.class, new PageParametersEncoder()));
    getRequestCycleListeners().add(new LoggingRequestCycleListener(this));
    getAjaxRequestTargetListeners().add(new AjaxRequestTarget.IListener() {

        @Override
        public void updateAjaxAttributes(AbstractDefaultAjaxBehavior behavior, AjaxRequestAttributes attributes) {
            // check whether behavior will use POST method, if not then don't put CSRF token there
            if (!isPostMethodTypeBehavior(behavior, attributes)) {
                return;
            }
            CsrfToken csrfToken = SecurityUtils.getCsrfToken();
            if (csrfToken == null) {
                return;
            }
            String parameterName = csrfToken.getParameterName();
            String value = csrfToken.getToken();
            attributes.getExtraParameters().put(parameterName, value);
        }
    });
    getSessionListeners().add((ISessionListener) asyncWebProcessManager);
    // descriptor loader, used for customization
    new PageMounter().loadData(this);
    descriptorLoader.loadData();
    if (applicationContext != null) {
        Map<String, MidPointApplicationConfiguration> map = applicationContext.getBeansOfType(MidPointApplicationConfiguration.class);
        if (map != null) {
            map.forEach((key, value) -> value.init(this));
        }
    }
    // for schrodinger selenide library
    initializeSchrodinger();
    ServletContext servletContext = getServletContext();
    if (servletContext != null) {
        taskManager.setWebContextPath(servletContext.getContextPath());
    }
}

Also used : CachingResourceStreamLocator(org.apache.wicket.core.util.resource.locator.caching.CachingResourceStreamLocator) MountedMapper(org.apache.wicket.core.request.mapper.MountedMapper) MidPointResourceStreamLocator(com.evolveum.midpoint.web.util.MidPointResourceStreamLocator) IResourceStreamLocator(org.apache.wicket.core.util.resource.locator.IResourceStreamLocator) InspectorPage(org.apache.wicket.devutils.inspector.InspectorPage) PolyString(com.evolveum.midpoint.prism.polystring.PolyString) PriorityFirstComparator(org.apache.wicket.markup.head.PriorityFirstComparator) MidPointStringResourceLoader(com.evolveum.midpoint.web.util.MidPointStringResourceLoader) AbstractDefaultAjaxBehavior(org.apache.wicket.ajax.AbstractDefaultAjaxBehavior) PackageResourceReference(org.apache.wicket.request.resource.PackageResourceReference) IStringResourceLoader(org.apache.wicket.resource.loader.IStringResourceLoader) ServletContext(javax.servlet.ServletContext) LiveSessionsPage(org.apache.wicket.devutils.inspector.LiveSessionsPage) MidPointApplicationConfiguration(com.evolveum.midpoint.gui.api.util.MidPointApplicationConfiguration) PageStorePage(org.apache.wicket.devutils.pagestore.PageStorePage) CsrfToken(org.springframework.security.web.csrf.CsrfToken) PageMounter(com.evolveum.midpoint.web.application.PageMounter) AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget) AjaxRequestAttributes(org.apache.wicket.ajax.attributes.AjaxRequestAttributes) ApplicationSettings(org.apache.wicket.settings.ApplicationSettings) SecurePackageResourceGuard(org.apache.wicket.markup.html.SecurePackageResourceGuard) ResourceSettings(org.apache.wicket.settings.ResourceSettings) SystemConfigurationType(com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType) PageParametersEncoder(org.apache.wicket.request.mapper.parameter.PageParametersEncoder) SpringComponentInjector(org.apache.wicket.spring.injection.annot.SpringComponentInjector)

Aggregations

SecurePackageResourceGuard (org.apache.wicket.markup.html.SecurePackageResourceGuard)8 IPackageResourceGuard (org.apache.wicket.markup.html.IPackageResourceGuard)6 SpringComponentInjector (org.apache.wicket.spring.injection.annot.SpringComponentInjector)4 MidPointApplicationConfiguration (com.evolveum.midpoint.gui.api.util.MidPointApplicationConfiguration)1 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)1 PageMounter (com.evolveum.midpoint.web.application.PageMounter)1 MidPointResourceStreamLocator (com.evolveum.midpoint.web.util.MidPointResourceStreamLocator)1 MidPointStringResourceLoader (com.evolveum.midpoint.web.util.MidPointStringResourceLoader)1 SystemConfigurationType (com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType)1 BootstrapSettings (de.agilecoders.wicket.core.settings.BootstrapSettings)1 ThemeProvider (de.agilecoders.wicket.core.settings.ThemeProvider)1 Bootstrap3Theme (de.agilecoders.wicket.themes.markup.html.bootstrap3.Bootstrap3Theme)1 GoogleTheme (de.agilecoders.wicket.themes.markup.html.google.GoogleTheme)1 MetroTheme (de.agilecoders.wicket.themes.markup.html.metro.MetroTheme)1 WicketTheme (de.agilecoders.wicket.themes.markup.html.wicket.WicketTheme)1 BootswatchThemeProvider (de.agilecoders.wicket.themes.settings.BootswatchThemeProvider)1 ExceptionPage (eu.esdihumboldt.hale.server.webapp.pages.ExceptionPage)1 SecuredPage (eu.esdihumboldt.hale.server.webapp.pages.SecuredPage)1 ServletContext (javax.servlet.ServletContext)1 WicketRuntimeException (org.apache.wicket.WicketRuntimeException)1