<parent>
<groupId>org.apache.archiva</groupId>
<artifactId>archiva-web</artifactId>
- <version>1.3.5-SNAPSHOT</version>
+ <version>1.3.6-SNAPSHOT</version>
</parent>
<artifactId>archiva-webapp-test</artifactId>
<packaging>pom</packaging>
<param name="enableReferrerCheck">false</param>
</interceptor-ref>
<interceptor-ref name="redbackPolicyEnforcement"/>
+ <interceptor-ref name="tokenSession">
+ <param name="excludeMethods">*</param>
+ </interceptor-ref>
<interceptor-ref name="configuration"/>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
<interceptor-ref name="redbackSecureActions">
<param name="enableReferrerCheck">false</param>
</interceptor-ref>
+ <interceptor-ref name="tokenSession">
+ <param name="excludeMethods">*</param>
+ </interceptor-ref>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
include a result for 'error' -->
<result name="error">/WEB-INF/jsp/generalError.jsp</result>
<result name="access_to_no_repos">/WEB-INF/jsp/accessToNoRepos.jsp</result>
+ <result name="invalid.token">/WEB-INF/jsp/redback/invalidToken.jsp</result>
</global-results>
</package>
<result name="input">/WEB-INF/jsp/deleteArtifact.jsp</result>
<result name="error">/WEB-INF/jsp/deleteArtifact.jsp</result>
<result name="success">/WEB-INF/jsp/deleteArtifact.jsp</result>
+ <interceptor-ref name="configuredArchivaStack">
+ <param name="tokenSession.includeMethods">doDelete</param>
+ </interceptor-ref>
</action>
<action name="checksumSearch" class="searchAction" method="findArtifact">
<result name="input">/WEB-INF/jsp/admin/repositoryGroups.jsp</result>
<result name="error">/WEB-INF/jsp/admin/repositoryGroups.jsp</result>
<result name="success" type="redirect-action">repositoryGroups</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="confirmDeleteRepositoryGroup" class="deleteRepositoryGroupAction" method="confirmDelete">
<result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="deleteRepositoryGroup" class="deleteRepositoryGroupAction" method="delete">
<result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
<result name="error">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
<result name="success" type="redirect-action">repositoryGroups</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="addRepositoryToGroup" class="repositoryGroupsAction" method="addRepositoryToGroup">
<action name="confirmDeleteRepository" class="deleteManagedRepositoryAction" method="confirmDelete">
<result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="deleteRepository" class="deleteManagedRepositoryAction" method="delete">
<result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
<result name="error">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
<result name="success" type="redirect-action">repositories</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="addRemoteRepository" class="addRemoteRepositoryAction" method="input">
<action name="deleteProxyConnector" class="deleteProxyConnectorAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/deleteProxyConnector.jsp</result>
<result name="success" type="redirect-action">proxyConnectors</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="enableProxyConnector" class="enableProxyConnectorAction" method="confirm">
<action name="disableProxyConnector" class="disableProxyConnectorAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/disableProxyConnector.jsp</result>
<result name="success" type="redirect-action">proxyConnectors</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="saveNetworkProxy" class="configureNetworkProxyAction" method="save">
<result name="input">/WEB-INF/jsp/admin/editNetworkProxy.jsp</result>
<result name="success" type="redirect-action">networkProxies</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="deleteNetworkProxy" class="configureNetworkProxyAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/deleteNetworkProxy.jsp</result>
<result name="success" type="redirect-action">networkProxies</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<!-- .\ REPOSITORY SCANNING \._____________________________________ -->
<result name="success" type="redirect-action">
<param name="actionName">repositoryScanning</param>
</result>
+ <interceptor-ref name="configuredArchivaStack">
+ <param name="tokenSession.includeMethods">removeFiletypePattern,addFiletypePattern,updateKnownConsumers,updateInvalidConsumers</param>
+ </interceptor-ref>
</action>
<!-- .\ DATABASE \.________________________________________________ -->
<result name="success" type="redirect-action">
<param name="actionName">database</param>
</result>
+ <interceptor-ref name="configuredArchivaStack">
+ <param name="tokenSession.includeMethods">updateSchedule,updateUnprocessedConsumers,updateCleanupConsumers</param>
+ </interceptor-ref>
</action>
<action name="updateDatabase" class="schedulerAction" method="updateDatabase">
<result name="input">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result>
<result name="error">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result>
<result name="success" type="redirect-action">legacyArtifactPath</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
</package>
<s:form method="post" action="database!updateSchedule"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table>
<s:textfield name="cron" label="Cron" size="40" theme="xhtml" />
<tr>
<s:form method="post" action="database!updateUnprocessedConsumers"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table class="consumers">
<tr>
<th> </th>
<s:form method="post" action="database!updateCleanupConsumers"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table class="consumers">
<tr>
<th> </th>
<s:form method="post" action="deleteNetworkProxy!delete" namespace="/admin" validate="true">
<s:hidden name="proxyid"/>
+ <s:token/>
<s:submit value="Delete"/>
</s:form>
</div>
<s:form method="post" action="deleteProxyConnector!delete" namespace="/admin" validate="true">
<s:hidden name="target"/>
<s:hidden name="source"/>
+ <s:token/>
<s:submit value="Delete"/>
</s:form>
</div>
<s:form method="post" action="deleteRepository" namespace="/admin" validate="true" theme="simple">
<s:hidden name="repoid"/>
+ <s:token/>
<div class="buttons">
<s:submit value="Delete Configuration Only" method="deleteEntry" />
<s:submit value="Delete Configuration and Contents" method="deleteContents" />
<s:form method="post" action="deleteRepositoryGroup" namespace="/admin" validate="true" theme="simple">
<s:hidden name="repoGroupId"/>
<div class="buttons">
+ <s:token/>
<s:submit value="Confirm" method="delete"/>
<s:submit value="Cancel" method="execute"/>
</div>
<s:form method="post" action="disableProxyConnector!disable" namespace="/admin" validate="true">
<s:hidden name="target"/>
<s:hidden name="source"/>
+ <s:token/>
<s:submit value="Disable"/>
</s:form>
</div>
<s:form method="post" action="saveNetworkProxy" namespace="/admin">
<s:hidden name="mode"/>
+ <s:token/>
<c:choose>
<c:when test="${mode == 'edit'}">
<div class="controls">\r
<%-- TODO: make some icons --%>\r
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">\r
+ <s:token/>\r
<s:url id="deleteLegacyArtifactPath" action="deleteLegacyArtifactPath">\r
<s:param name="path" value="%{#attr.legacyArtifactPath.path}"/>\r
+ <s:param name="struts.token.name">struts.token</s:param>\r
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>\r
</s:url>\r
<s:a href="%{deleteLegacyArtifactPath}">\r
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>\r
<div class="controls">
<redback:ifAnyAuthorized
permissions="archiva-manage-configuration">
+ <s:token/>
<s:url id="editNetworkProxyUrl" action="editNetworkProxy">
<s:param name="proxyid" value="%{#attr.proxy.id}" />
</s:url>
<s:url id="deleteNetworkProxyUrl" action="deleteNetworkProxy" method="confirm">
<s:param name="proxyid" value="%{#attr.proxy.id}" />
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{editNetworkProxyUrl}">
<img src="<c:url value="/images/icons/edit.png" />" />
<div class="connector ${rowColor}">
<div class="controls">
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">
+ <s:token/>
<s:url id="sortDownProxyConnectorUrl" action="sortDownProxyConnector">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
<s:url id="deleteProxyConnectorUrl" action="deleteProxyConnector" method="confirmDelete">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:url id="enableProxyConnectorUrl" action="enableProxyConnector" method="confirmEnable">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:url id="disableProxyConnectorUrl" action="disableProxyConnector" method="confirmDisable">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<c:if test="${connector.disabled}">
<s:a href="%{enableProxyConnectorUrl}" title="Enable Proxy Connector">
<s:url id="editRepositoryUrl" action="editRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
</s:url>
+ <s:token/>
<s:url id="deleteRepositoryUrl" action="confirmDeleteRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{editRepositoryUrl}">
<img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/>
<img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/>
Edit
</s:a>
+ <s:token/>
<s:url id="deleteRepositoryUrl" action="confirmDeleteRemoteRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteRepositoryUrl}">
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>
<s:form action="addRepositoryGroup" namespace="/admin">
<span class="label">Identifier<span style="color:red">*</span>:</span>
<s:textfield size="10" label="Identifier" theme="simple" name="repositoryGroup.id"/>
+ <s:token/>
<s:submit value="Add Group" theme="simple" cssClass="button"/>
</s:form>
</redback:ifAnyAuthorized>
<div class="managedRepo">
<div style="float:right">
+ <s:token/>
<s:url id="deleteRepositoryGroupUrl" action="confirmDeleteRepositoryGroup">
<s:param name="repoGroupId" value="%{#attr.repositoryGroup.key}" />
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteRepositoryGroupUrl}" cssClass="delete">
<img src="${iconDeleteUrl}"/>
<s:actionmessage />
<c:url var="iconDeleteUrl" value="/images/icons/delete.gif" />
-<c:url var="iconCreateUrl" value="/images/icons/create.png" />
-<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern" />
-<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" />
+<c:url var="iconCreateUrl" value="/images/icons/create.png" />
+<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern"/>
+<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern"/>
<script type="text/javascript">
<!--
- function removeFiletypePattern(filetypeId, pattern)
+ function removeFiletypePattern(filetypeId, pattern, token)
{
var f = document.getElementById('filetypeForm');
f.action = "${removeFiletypePatternUrl}";
f['pattern'].value = pattern;
f['fileTypeId'].value = filetypeId;
+ f.elements['struts2Token'].value = token;
f.submit();
}
- function addFiletypePattern(filetypeId, newPatternId)
+ function addFiletypePattern(filetypeId, newPatternId, token)
{
var f = document.forms['filetypeForm'];
f.action = "${addFiletypePatternUrl}";
f.elements['pattern'].value = document.getElementById(newPatternId).value;
f.elements['fileTypeId'].value = filetypeId;
+ f.elements['struts2Token'].value = token;
f.submit();
}
//-->
<s:form method="post" action="repositoryScanning"
namespace="/admin" validate="false"
id="filetypeForm" theme="simple">
+ <s:token/>
<input type="hidden" name="pattern" />
<input type="hidden" name="fileTypeId" />
+ <input type="hidden" name="struts2Token"/>
</s:form>
- <s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" />
+ <%-- DUPLICATE? IS THIS STILL NEEDED? --%>
+ <s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" >
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
+ </s:url>
<c:forEach items="${fileTypeIds}" var="filetypeId" varStatus="j">
<h3 class="filetype">${filetypeId}</h3>
<table>
+ <s:token id="struts2TokenUd"/>
<c:forEach items="${fileTypeMap[filetypeId].patterns}" var="pattern" varStatus="i">
<c:choose>
<c:when test='${(i.index)%2 eq 0}'>
</td>
<td class="controls ${bgcolor}">
<s:a href="#" title="Remove [%{#attr.escapedPattern}] Pattern from [%{#attr.filetypeId}]"
- onclick="removeFiletypePattern( '%{#attr.filetypeId}', '%{#attr.escapedPattern}' )"
+ onclick="removeFiletypePattern( '%{#attr.filetypeId}', '%{#attr.escapedPattern}', '%{#attr.struts2TokenId}' )"
theme="simple">
<img src="${iconDeleteUrl}" />
</s:a>
<td>
<s:a href="#"
title="Add Pattern to [%{#attr.filetypeId}]"
- onclick="addFiletypePattern( '%{#attr.filetypeId}', 'newpattern_%{#attr.j.index}' )"
+ onclick="addFiletypePattern( '%{#attr.filetypeId}', 'newpattern_%{#attr.j.index}', '%{#attr.struts2TokenId}' )"
theme="simple">
<img src="${iconCreateUrl}" />
</s:a>
<s:form method="post" action="repositoryScanning!updateKnownConsumers"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table class="consumers">
<tr>
<th> </th>
<s:form method="post" action="repositoryScanning!updateInvalidConsumers"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table class="consumers">
<tr>
<th> </th>
<div id="contentArea">
<s:form action="deleteArtifact!doDelete" namespace="/" method="post" validate="true">
<%@ include file="/WEB-INF/jsp/include/deleteArtifactForm.jspf" %>
+ <s:token/>
<s:submit/>
</s:form>
</div>
<properties>
<maven.version>2.0.8</maven.version>
<wagon.version>1.0-beta-5</wagon.version>
- <redback.version>1.2.7</redback.version>
+ <redback.version>1.2.8-SNAPSHOT</redback.version>
<jetty.version>6.1.19</jetty.version>
<slf4j.version>1.5.8</slf4j.version>
<binder.version>0.9</binder.version>
projects / archiva.git / commitdiff