mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
Browse Source

Remove /org/ filtering

tags/v1.7.0
James Moger 9 years ago
parent
e5227a46f4
commit
d5548efca7
2 changed files with 13 additions and 20 deletions
Split View Show Diff Stats
  1. 12
    19
      src/main/java/com/gitblit/guice/WebModule.java
  2. 1
    1
      src/main/java/com/gitblit/servlet/GitblitContext.java

+ 12
- 19
src/main/java/com/gitblit/guice/WebModule.java View File

@@ -53,11 +53,6 @@ import com.google.inject.servlet.ServletModule;
public class WebModule extends ServletModule {

final static String ALL = "/*";
private boolean isGO;

public WebModule(boolean isGO) {
this.isGO=isGO;
}

@Override
protected void configureServlets() {
@@ -75,20 +70,18 @@ public class WebModule extends ServletModule {
serve(Constants.PT_PATH).with(PtServlet.class);
serve("/robots.txt").with(RobotsTxtServlet.class);
serve("/logo.png").with(LogoServlet.class);
if(isGO)
{
/* Prevent accidental access to 'resources' such as GitBlit java classes
*
* In the GO setup the JAR containing the application and the WAR injected
* into Jetty are the same file. However Jetty expects to serve the entire WAR
* contents, except the WEB-INF folder. Thus, all java binary classes in the
* JAR are served by default as is they were legitimate resources.
*
* The below servlet mappings prevent that behavior
*/
serve(fuzzy("/com/")).with(AccessDeniedServlet.class);
serve(fuzzy("/org/")).with(AccessDeniedServlet.class);
}

/* Prevent accidental access to 'resources' such as GitBlit java classes
*
* In the GO setup the JAR containing the application and the WAR injected
* into Jetty are the same file. However Jetty expects to serve the entire WAR
* contents, except the WEB-INF folder. Thus, all java binary classes in the
* JAR are served by default as is they were legitimate resources.
*
* The below servlet mappings prevent that behavior
*/
serve(fuzzy("/com/")).with(AccessDeniedServlet.class);

// global filters
filter(ALL).through(ProxyFilter.class);
filter(ALL).through(EnforceAuthenticationFilter.class);

+ 1
- 1
src/main/java/com/gitblit/servlet/GitblitContext.java View File

@@ -129,7 +129,7 @@ public class GitblitContext extends GuiceServletContextListener {
* Returns Gitblit's Guice injection modules.
*/
protected AbstractModule [] getModules() {
return new AbstractModule [] { new CoreModule(), new WebModule(null!=goBaseFolder) };
return new AbstractModule [] { new CoreModule(), new WebModule() };
}

/**

Write Preview
Loading…
Cancel
Save