Spring Roo
  1. Spring Roo
  2. ROO-271

/WEB-INF and other resources not secured

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0.RC2
    • Fix Version/s: 1.0.0.RC3
    • Component/s: WEB MVC
    • Labels:
      None
    • Environment:
      Windows, Tomcat 6, ROO build 328 (and earlier)

      Description

      In generated project, resources that should be protected by web config can be accessed in a browser by simply using the /static path:

      http://localhost:8080/myproject/static/WEB-INF/web.xml

        Activity

        Hide
        Ben Alex added a comment -

        Users affected by this bug should modify their urlrewrite.xml file (located in src/main/webapp/WEB-INF) to:

        <urlrewrite default-match-type="wildcard">
        	<rule>
        		<from>/resources/**</from>
        		<to last="true">/resources/$1</to>
        	</rule>
        	<rule>
        		<from>/static/WEB-INF/**</from>
        		<set type="status">403</set>
        		<to last="true">/static/WEB-INF/$1</to>
        	</rule>
        	<rule>
        		<from>/static/**</from>
        		<to last="true">/$1</to>
        	</rule>
        	<rule>
        		<from>/</from>
        		<to last="true">/app/index</to>		
        	</rule>
        	<rule>
        		<from>/app/**</from>
        		<to last="true">/app/$1</to>
        	</rule>
        	<rule>
        		<from>/**</from>
        		<to>/app/$1</to>
        	</rule>
        	<outbound-rule>
        		<from>/app/**</from>
        		<to>/$1</to>
        	</outbound-rule>	
        </urlrewrite>
        
        Show
        Ben Alex added a comment - Users affected by this bug should modify their urlrewrite.xml file (located in src/main/webapp/WEB-INF) to: <urlrewrite default -match-type= "wildcard" > <rule> <from>/resources/**</from> <to last= " true " >/resources/$1</to> </rule> <rule> <from>/ static /WEB-INF/**</from> <set type= "status" >403</set> <to last= " true " >/ static /WEB-INF/$1</to> </rule> <rule> <from>/ static /**</from> <to last= " true " >/$1</to> </rule> <rule> <from>/</from> <to last= " true " >/app/index</to> </rule> <rule> <from>/app/**</from> <to last= " true " >/app/$1</to> </rule> <rule> <from>/**</from> <to>/app/$1</to> </rule> <outbound-rule> <from>/app/**</from> <to>/$1</to> </outbound-rule> </urlrewrite>
        Hide
        Ben Alex added a comment -

        Fix to urlrewrite-template.xml checked into SVN as revision 329.

        Users with existing projects should modify their urlrewrite.xml template in accordance with the above comment, and perform comprehensive testing to ensure the project is corrected.

        Show
        Ben Alex added a comment - Fix to urlrewrite-template.xml checked into SVN as revision 329. Users with existing projects should modify their urlrewrite.xml template in accordance with the above comment, and perform comprehensive testing to ensure the project is corrected.

          People

          • Assignee:
            Ben Alex
            Reporter:
            Mike J
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: