[MRM-1460]

o upgraded redback to 1.2.7
o added configuration for redback csrf filter

git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/archiva-1.3.x@1081111 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/archiva-modules/archiva-web/archiva-webapp-test/pom.xml b/archiva-modules/archiva-web/archiva-webapp-test/pom.xml
index 25ba6bb4aabd65e36af4cfa9f0b68014f5bc28e4..bf5b98a5b07672d7252d4188831f15caeb2fc02f 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp-test/pom.xml
+++ b/archiva-modules/archiva-web/archiva-webapp-test/pom.xml
@@ -23,7 +23,7 @@
   <parent>
     <groupId>org.apache.archiva</groupId>
     <artifactId>archiva-web</artifactId>
-    <version>1.3.2-SNAPSHOT</version>
+    <version>1.3.5-SNAPSHOT</version>
   </parent>
   <artifactId>archiva-webapp-test</artifactId>
   <packaging>pom</packaging>

diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
index 89195fae61b8d23eddcb7b88fce776068b7aae22..191af1d71c7b471a18109be53de7ceb67c471860 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
@@ -80,7 +80,7 @@
 
 
 <div id="topSearchBox">
-    <s:form method="get" action="quickSearch" namespace="/" validate="true">
+    <s:form method="post" action="quickSearch" namespace="/" validate="true">
         <s:textfield label="Search for" size="30" name="q"/>
     </s:form>
 </div>

diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/quickSearch.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/quickSearch.jsp
index 8dbf9b438facbd5a627c807858e7672e42bf7f51..7b0c39c56cbd136ee03302980c047e6505128e15 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/quickSearch.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/quickSearch.jsp
@@ -94,7 +94,7 @@
 
   <c:url var="iconCreateUrl" value="/images/icons/create.png" />
   
-  <s:form method="get" id="quickSearch" action="quickSearch" validate="true">    
+  <s:form method="post" id="quickSearch" action="quickSearch" validate="true">    
     <s:textfield label="Search for" size="50" name="q"/> 
     <s:hidden name="completeQueryString" value="%{completeQueryString}"/>  
     <s:submit value="Search"/>         
@@ -111,7 +111,7 @@
     </tr>
     <tr>
       <td>    
-        <s:form id="filteredSearch" method="get" action="filteredSearch" validate="true">  
+        <s:form id="filteredSearch" method="post" action="filteredSearch" validate="true">
           <label><strong>Advanced Search Fields: </strong></label><s:select name="searchField" list="searchFields" theme="simple"/> 
           <s:a href="#" title="Add Search Field" onclick="addSearchField( document.filteredSearch.searchField.options[document.filteredSearch.searchField.selectedIndex].text, document.filteredSearch.searchField.value, 'dynamicFields' )" theme="simple">
             <img src="${iconCreateUrl}" />

diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/results.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/results.jsp
index bc6c4a5f2b4590205947b60683c23ea8e7561146..ae8e5f8a21832932ccf9cf274dab1e29d72de412 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/results.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/results.jsp
@@ -85,7 +85,7 @@
         </tr>
         <tr>
           <td>
-          <s:form id="filteredSearch" method="get" action="filteredSearch" validate="true">
+          <s:form id="filteredSearch" method="post" action="filteredSearch" validate="true">
             <s:hidden name="fromFilterSearch" value="%{#attr.fromFilterSearch}" theme="simple"/>  
             <label><strong>Advanced Search Fields: </strong></label><s:select name="searchField" list="searchFields" theme="simple"/> 
             <s:a href="#" title="Add Search Field" onclick="addSearchField( document.filteredSearch.searchField.options[document.filteredSearch.searchField.selectedIndex].text, document.filteredSearch.searchField.value, 'dynamicFields' )" theme="simple">
@@ -108,7 +108,7 @@
       </table>
     </c:if>
     <c:if test="${fromFilterSearch == false}">
-      <s:form method="get" action="quickSearch" validate="true">
+      <s:form method="post" action="quickSearch" validate="true">
         <s:textfield label="Search for" size="50" name="q"/>
         <s:checkbox label="Search within results" name="searchResultsOnly"/>        
         <s:hidden name="completeQueryString" value="%{#attr.completeQueryString}"/>        

diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml
index b4fb373d0ba5ab3111c5184cd8ee65b76961c734..cad63b21eda55a68d6731693e866237a7f2103e7 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml
@@ -29,6 +29,21 @@
           <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
         </filter>
 
+  <!-- To enable this filter, uncomment the corresponding filter-mapping -->
+  <filter>
+    <filter-name>redback-csrf</filter-name>
+    <filter-class>org.codehaus.plexus.redback.struts2.filter.RedbackCSRFFilter</filter-class>
+    <init-param>
+      <param-name>nonceCacheSize</param-name>
+      <param-value>20</param-value>
+    </init-param>
+    <init-param>
+      <param-name>excludedPaths</param-name>
+      <param-value>/css/**,/images/**,/struts/**,/favicon.ico,/js/**,//repository/**,//xmlrpc/**,//feeds/**</param-value>
+    </init-param>
+  </filter>
+
+
        <filter>
                <filter-name>sitemesh</filter-name>
                <filter-class>
@@ -52,18 +67,25 @@
                        <param-name>forceEncoding</param-name>
                        <param-value>true</param-value>
                </init-param>
-       </filter>  
-  
+       </filter>
+
+  <!-- Uncomment this to apply the CSRF filter mapping in Archiva
+  <filter-mapping>
+    <filter-name>redback-csrf</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+  -->
+
        <filter-mapping>
                <filter-name>encodingFilter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>
 
-       <!-- this must be before the sitemesh filter -->
-       <filter-mapping>
-               <filter-name>webwork-cleanup</filter-name>
-               <url-pattern>/*</url-pattern>
-       </filter-mapping>
+  <!-- this must be before the sitemesh filter -->
+  <filter-mapping>
+    <filter-name>webwork-cleanup</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
 
        <filter-mapping>
                <filter-name>sitemesh</filter-name>

diff --git a/pom.xml b/pom.xml
index 2546b9f688d49990f9847e1ef29599bb0763ad8d..2fa656e4b2dd48bdad462145160f85f6497b3caa 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -468,7 +468,7 @@
       <dependency>
         <groupId>commons-codec</groupId>
         <artifactId>commons-codec</artifactId>
-        <version>1.3</version>
+        <version>1.4</version>
       </dependency>
       <dependency>
         <groupId>commons-collections</groupId>
@@ -1102,7 +1102,7 @@
   <properties>
     <maven.version>2.0.8</maven.version>
     <wagon.version>1.0-beta-5</wagon.version>
-    <redback.version>1.2.6</redback.version>
+    <redback.version>1.2.7</redback.version>
     <jetty.version>6.1.19</jetty.version>
     <slf4j.version>1.5.8</slf4j.version>
     <binder.version>0.9</binder.version>