diff options
| author | James Moger <james.moger@gitblit.com> | 2015-05-21 21:36:48 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2015-05-21 21:36:48 -0400 |
| commit | d5548efca76bf08c73535befc9daddca9b223d39 (patch) | |
| tree | 04192303005e82bd8b2b85e4fe5defc38825491c /src/main/java/com/gitblit/guice | |
| parent | e5227a46f4405dd8bfcc1582356f8e12d1e928c0 (diff) | |
| download | gitblit-d5548efca76bf08c73535befc9daddca9b223d39.tar.gz gitblit-d5548efca76bf08c73535befc9daddca9b223d39.zip | |
Remove /org/ filtering
Diffstat (limited to 'src/main/java/com/gitblit/guice')
| -rw-r--r-- | src/main/java/com/gitblit/guice/WebModule.java | 31 |
1 files changed, 12 insertions, 19 deletions
diff --git a/src/main/java/com/gitblit/guice/WebModule.java b/src/main/java/com/gitblit/guice/WebModule.java index 4a0cfcd6..c6172c3d 100644 --- a/src/main/java/com/gitblit/guice/WebModule.java +++ b/src/main/java/com/gitblit/guice/WebModule.java @@ -53,11 +53,6 @@ import com.google.inject.servlet.ServletModule; public class WebModule extends ServletModule { final static String ALL = "/*"; - private boolean isGO; - - public WebModule(boolean isGO) { - this.isGO=isGO; - } @Override protected void configureServlets() { @@ -75,20 +70,18 @@ public class WebModule extends ServletModule { serve(Constants.PT_PATH).with(PtServlet.class); serve("/robots.txt").with(RobotsTxtServlet.class); serve("/logo.png").with(LogoServlet.class); - if(isGO) - { - /* Prevent accidental access to 'resources' such as GitBlit java classes - * - * In the GO setup the JAR containing the application and the WAR injected - * into Jetty are the same file. However Jetty expects to serve the entire WAR - * contents, except the WEB-INF folder. Thus, all java binary classes in the - * JAR are served by default as is they were legitimate resources. - * - * The below servlet mappings prevent that behavior - */ - serve(fuzzy("/com/")).with(AccessDeniedServlet.class); - serve(fuzzy("/org/")).with(AccessDeniedServlet.class); - } + + /* Prevent accidental access to 'resources' such as GitBlit java classes + * + * In the GO setup the JAR containing the application and the WAR injected + * into Jetty are the same file. However Jetty expects to serve the entire WAR + * contents, except the WEB-INF folder. Thus, all java binary classes in the + * JAR are served by default as is they were legitimate resources. + * + * The below servlet mappings prevent that behavior + */ + serve(fuzzy("/com/")).with(AccessDeniedServlet.class); + // global filters filter(ALL).through(ProxyFilter.class); filter(ALL).through(EnforceAuthenticationFilter.class); |