mirror of https://github.com/apache/archiva.git
[MRM-1480]/[REDBACK-274] (CVE-2011-1026)
o upgrade to redback 1.2.8-SNAPSHOT o configured struts2's token interceptor + use of <s:token> in affected actions to prevent CSRF issue [MRM-1460] added selenium tests for CSRF fixes in affected pages Merged: r1066067:1091313 git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1091315 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
76289acb8d
commit
58d905941b
|
@ -19,6 +19,26 @@ Release Notes for Archiva 1.4
|
|||
|
||||
~~TODO
|
||||
|
||||
* Compatibility Changes
|
||||
|
||||
* If upgrading from versions of Archiva earlier than 1.2.2, the list of libraries
|
||||
in <<<wrapper.conf>>> has changed. If you have customized your copy of
|
||||
<<<wrapper.conf>>>, please update it for compatibility with the version distributed
|
||||
with the current release.
|
||||
|
||||
* Security Vulnerabilities
|
||||
|
||||
* A CSRF security vulnerability (CVE-2010-3449) is present in 1.3.2 and earlier.
|
||||
|
||||
* An XSS security vulnerability (CVE-2011-0533) is present in 1.3.3 and earlier.
|
||||
|
||||
* Additional CSRF (CVE-2011-1026) and XSS security (CVE-2011-1077) vulnerabilities have been reported against 1.3.4
|
||||
and earlier versions.
|
||||
|
||||
It is important that users using lower versions of Archiva upgrade to this version (or higher).
|
||||
|
||||
See {{{http://archiva.apache.org/security.html} Archiva Security}} for more details.
|
||||
|
||||
* Release Notes
|
||||
|
||||
The Archiva 1.4 feature set can be seen in the {{{tour/index.html} feature tour}}.
|
||||
|
@ -29,6 +49,16 @@ Release Notes for Archiva 1.4
|
|||
|
||||
~~TODO
|
||||
|
||||
Previous Releases
|
||||
|
||||
* Changes in Archiva 1.3.5
|
||||
|
||||
Released: <<14 March 2011>>
|
||||
|
||||
** Task
|
||||
|
||||
* [MRM-1460] - Upgrade Archiva to Redback 1.2.7
|
||||
|
||||
* Changes in Archiva 1.3.4
|
||||
|
||||
Released: <<9 February 2011>>
|
||||
|
|
|
@ -0,0 +1,149 @@
|
|||
package org.apache.archiva.web.test;
|
||||
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
import org.apache.archiva.web.test.parent.AbstractArchivaTest;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
/**
|
||||
* Test all actions affected with CSRF security issue.
|
||||
*/
|
||||
@Test( groups = { "csrf" }, dependsOnMethods = { "testWithCorrectUsernamePassword" }, sequential = true )
|
||||
public class CSRFSecurityTest
|
||||
extends AbstractArchivaTest
|
||||
{
|
||||
public void testCSRFDeleteRepository()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/deleteRepository.action?repoid=test&method%3AdeleteContents=Delete+Configuration+and+Contents" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFDeleteArtifact()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/deleteArtifact!doDelete.action?groupId=1&artifactId=1&version=1&repositoryId=snapshots" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFAddRepositoryGroup()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/addRepositoryGroup.action?repositoryGroup.id=csrfgrp" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFDeleteRepositoryGroup()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/deleteRepositoryGroup.action?repoGroupId=test&method%3Adelete=Confirm" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFDisableProxyConnector()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/disableProxyConnector!disable.action?target=maven2-repository.dev.java.net&source=internal" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFDeleteProxyConnector()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/deleteProxyConnector!delete.action?target=maven2-repository.dev.java.net&source=snapshots" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFDeleteLegacyArtifactPath()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/deleteLegacyArtifactPath.action?path=jaxen%2Fjars%2Fjaxen-1.0-FCS-full.jar" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFSaveNetworkProxy()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/saveNetworkProxy.action?mode=add&proxy.id=ntwrk&proxy.protocol=http&" +
|
||||
"proxy.host=test&proxy.port=8080&proxy.username=&proxy.password=" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFDeleteNetworkProxy()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/deleteNetworkProxy!delete.action?proxyid=myproxy" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFAddFileTypePattern()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/repositoryScanning!addFiletypePattern.action?pattern=**%2F*.rum&fileTypeId=artifacts" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFRemoveFileTypePattern()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/repositoryScanning!removeFiletypePattern.action?pattern=**%2F*.rum&fileTypeId=artifacts" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFUpdateKnownConsumers()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/repositoryScanning!updateKnownConsumers.action?enabledKnownContentConsumers=auto-remove&" +
|
||||
"enabledKnownContentConsumers=auto-rename&enabledKnownContentConsumers=create-missing-checksums&" +
|
||||
"enabledKnownContentConsumers=index-content&enabledKnownContentConsumers=metadata-updater&" +
|
||||
"enabledKnownContentConsumers=repository-purge&enabledKnownContentConsumers=update-db-artifact&" +
|
||||
"enabledKnownContentConsumers=validate-checksums" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFUpdateUnprocessedConsumers()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/database!updateUnprocessedConsumers.action?enabledUnprocessedConsumers=update-db-project" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
|
||||
public void testCSRFUpdateCleanupConsumers()
|
||||
{
|
||||
getSelenium().open( baseUrl );
|
||||
getSelenium().open( baseUrl + "/admin/database!updateCleanupConsumers.action?enabledCleanupConsumers=not-present-remove-db-artifact&" +
|
||||
"enabledCleanupConsumers=not-present-remove-db-project&enabledCleanupConsumers=not-present-remove-indexed" );
|
||||
assertTextPresent( "Security Alert - Invalid Token Found" );
|
||||
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
|
||||
}
|
||||
}
|
|
@ -45,6 +45,9 @@
|
|||
<param name="enableReferrerCheck">false</param>
|
||||
</interceptor-ref>
|
||||
<interceptor-ref name="redbackPolicyEnforcement"/>
|
||||
<interceptor-ref name="tokenSession">
|
||||
<param name="excludeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
<interceptor-ref name="configuration"/>
|
||||
<interceptor-ref name="validation">
|
||||
<param name="excludeMethods">input,back,cancel,browse</param>
|
||||
|
@ -62,6 +65,9 @@
|
|||
<interceptor-ref name="redbackSecureActions">
|
||||
<param name="enableReferrerCheck">false</param>
|
||||
</interceptor-ref>
|
||||
<interceptor-ref name="tokenSession">
|
||||
<param name="excludeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
<interceptor-ref name="validation">
|
||||
<param name="excludeMethods">input,back,cancel,browse</param>
|
||||
</interceptor-ref>
|
||||
|
@ -128,6 +134,7 @@
|
|||
include a result for 'error' -->
|
||||
<result name="error">/WEB-INF/jsp/generalError.jsp</result>
|
||||
<result name="access_to_no_repos">/WEB-INF/jsp/accessToNoRepos.jsp</result>
|
||||
<result name="invalid.token">/WEB-INF/jsp/redback/invalidToken.jsp</result>
|
||||
|
||||
</global-results>
|
||||
</package>
|
||||
|
@ -174,6 +181,9 @@
|
|||
<result name="input">/WEB-INF/jsp/deleteArtifact.jsp</result>
|
||||
<result name="error">/WEB-INF/jsp/deleteArtifact.jsp</result>
|
||||
<result name="success">/WEB-INF/jsp/deleteArtifact.jsp</result>
|
||||
<interceptor-ref name="configuredArchivaStack">
|
||||
<param name="tokenSession.includeMethods">doDelete</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<action name="checksumSearch" class="searchAction" method="findArtifact">
|
||||
|
@ -262,19 +272,25 @@
|
|||
<result name="input">/WEB-INF/jsp/admin/repositoryGroups.jsp</result>
|
||||
<result name="error">/WEB-INF/jsp/admin/repositoryGroups.jsp</result>
|
||||
<result name="success" type="redirect-action">repositoryGroups</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<action name="confirmDeleteRepositoryGroup" class="deleteRepositoryGroupAction" method="confirmDelete">
|
||||
<result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<action name="deleteRepositoryGroup" class="deleteRepositoryGroupAction" method="delete">
|
||||
<result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
|
||||
<result name="error">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
|
||||
<result name="success" type="redirect-action">repositoryGroups</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<action name="addRepositoryToGroup" class="repositoryGroupsAction" method="addRepositoryToGroup">
|
||||
|
@ -334,14 +350,18 @@
|
|||
|
||||
<action name="confirmDeleteRepository" class="deleteManagedRepositoryAction" method="confirmDelete">
|
||||
<result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<action name="deleteRepository" class="deleteManagedRepositoryAction" method="delete">
|
||||
<result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
|
||||
<result name="error">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
|
||||
<result name="success" type="redirect-action">repositories</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<action name="addRemoteRepository" class="addRemoteRepositoryAction" method="input">
|
||||
|
@ -410,7 +430,9 @@
|
|||
<action name="deleteProxyConnector" class="deleteProxyConnectorAction" method="confirm">
|
||||
<result name="input">/WEB-INF/jsp/admin/deleteProxyConnector.jsp</result>
|
||||
<result name="success" type="redirect-action">proxyConnectors</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<action name="enableProxyConnector" class="enableProxyConnectorAction" method="confirm">
|
||||
|
@ -422,7 +444,9 @@
|
|||
<action name="disableProxyConnector" class="disableProxyConnectorAction" method="confirm">
|
||||
<result name="input">/WEB-INF/jsp/admin/disableProxyConnector.jsp</result>
|
||||
<result name="success" type="redirect-action">proxyConnectors</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
|
||||
|
@ -447,13 +471,17 @@
|
|||
<action name="saveNetworkProxy" class="configureNetworkProxyAction" method="save">
|
||||
<result name="input">/WEB-INF/jsp/admin/editNetworkProxy.jsp</result>
|
||||
<result name="success" type="redirect-action">networkProxies</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<action name="deleteNetworkProxy" class="configureNetworkProxyAction" method="confirm">
|
||||
<result name="input">/WEB-INF/jsp/admin/deleteNetworkProxy.jsp</result>
|
||||
<result name="success" type="redirect-action">networkProxies</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<!-- .\ REPOSITORY SCANNING \._____________________________________ -->
|
||||
|
@ -463,6 +491,9 @@
|
|||
<result name="success" type="redirect-action">
|
||||
<param name="actionName">repositoryScanning</param>
|
||||
</result>
|
||||
<interceptor-ref name="configuredArchivaStack">
|
||||
<param name="tokenSession.includeMethods">removeFiletypePattern,addFiletypePattern,updateKnownConsumers,updateInvalidConsumers</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
<!-- .\ CONFIGURATION \.___________________________________________ -->
|
||||
|
@ -507,7 +538,9 @@
|
|||
<result name="input">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result>
|
||||
<result name="error">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result>
|
||||
<result name="success" type="redirect-action">legacyArtifactPath</result>
|
||||
<interceptor-ref name="configuredPrepareParamsStack"/>
|
||||
<interceptor-ref name="configuredPrepareParamsStack">
|
||||
<param name="tokenSession.includeMethods">*</param>
|
||||
</interceptor-ref>
|
||||
</action>
|
||||
|
||||
</package>
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
|
||||
<s:form method="post" action="deleteNetworkProxy!delete" namespace="/admin" validate="true">
|
||||
<s:hidden name="proxyid"/>
|
||||
<s:token/>
|
||||
<s:submit value="Delete"/>
|
||||
</s:form>
|
||||
</div>
|
||||
|
|
|
@ -47,6 +47,7 @@
|
|||
<s:form method="post" action="deleteProxyConnector!delete" namespace="/admin" validate="true">
|
||||
<s:hidden name="target"/>
|
||||
<s:hidden name="source"/>
|
||||
<s:token/>
|
||||
<s:submit value="Delete"/>
|
||||
</s:form>
|
||||
</div>
|
||||
|
|
|
@ -63,6 +63,7 @@
|
|||
|
||||
<s:form method="post" action="deleteRepository" namespace="/admin" validate="true" theme="simple">
|
||||
<s:hidden name="repoid"/>
|
||||
<s:token/>
|
||||
<div class="buttons">
|
||||
<s:submit value="Delete Configuration Only" method="deleteEntry" />
|
||||
<s:submit value="Delete Configuration and Contents" method="deleteContents" />
|
||||
|
|
|
@ -56,6 +56,7 @@
|
|||
<s:form method="post" action="deleteRepositoryGroup" namespace="/admin" validate="true" theme="simple">
|
||||
<s:hidden name="repoGroupId"/>
|
||||
<div class="buttons">
|
||||
<s:token/>
|
||||
<s:submit value="Confirm" method="delete"/>
|
||||
<s:submit value="Cancel" method="execute"/>
|
||||
</div>
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
<s:form method="post" action="disableProxyConnector!disable" namespace="/admin" validate="true">
|
||||
<s:hidden name="target"/>
|
||||
<s:hidden name="source"/>
|
||||
<s:token/>
|
||||
<s:submit value="Disable"/>
|
||||
</s:form>
|
||||
</div>
|
||||
|
|
|
@ -50,6 +50,7 @@
|
|||
|
||||
<s:form method="post" action="saveNetworkProxy" namespace="/admin">
|
||||
<s:hidden name="mode"/>
|
||||
<s:token/>
|
||||
|
||||
<c:choose>
|
||||
<c:when test="${mode == 'edit'}">
|
||||
|
|
|
@ -73,8 +73,11 @@
|
|||
<div class="controls">
|
||||
<%-- TODO: make some icons --%>
|
||||
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">
|
||||
<s:token/>
|
||||
<s:url id="deleteLegacyArtifactPath" action="deleteLegacyArtifactPath">
|
||||
<s:param name="path" value="%{#attr.legacyArtifactPath.path}"/>
|
||||
<s:param name="struts.token.name">struts.token</s:param>
|
||||
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
|
||||
</s:url>
|
||||
<s:a href="%{deleteLegacyArtifactPath}">
|
||||
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>
|
||||
|
|
|
@ -71,11 +71,14 @@
|
|||
<div class="controls">
|
||||
<redback:ifAnyAuthorized
|
||||
permissions="archiva-manage-configuration">
|
||||
<s:token/>
|
||||
<s:url id="editNetworkProxyUrl" action="editNetworkProxy">
|
||||
<s:param name="proxyid" value="%{#attr.proxy.id}" />
|
||||
</s:url>
|
||||
<s:url id="deleteNetworkProxyUrl" action="deleteNetworkProxy" method="confirm">
|
||||
<s:param name="proxyid" value="%{#attr.proxy.id}" />
|
||||
<s:param name="struts.token.name">struts.token</s:param>
|
||||
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
|
||||
</s:url>
|
||||
<s:a href="%{editNetworkProxyUrl}">
|
||||
<img src="<c:url value="/images/icons/edit.png" />" />
|
||||
|
|
|
@ -113,6 +113,7 @@
|
|||
<div class="connector ${rowColor}">
|
||||
<div class="controls">
|
||||
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">
|
||||
<s:token/>
|
||||
<s:url id="sortDownProxyConnectorUrl" action="sortDownProxyConnector">
|
||||
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
|
||||
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
|
||||
|
@ -128,6 +129,8 @@
|
|||
<s:url id="deleteProxyConnectorUrl" action="deleteProxyConnector" method="confirmDelete">
|
||||
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
|
||||
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
|
||||
<s:param name="struts.token.name">struts.token</s:param>
|
||||
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
|
||||
</s:url>
|
||||
<s:url id="enableProxyConnectorUrl" action="enableProxyConnector" method="confirmEnable">
|
||||
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
|
||||
|
@ -136,6 +139,8 @@
|
|||
<s:url id="disableProxyConnectorUrl" action="disableProxyConnector" method="confirmDisable">
|
||||
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
|
||||
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
|
||||
<s:param name="struts.token.name">struts.token</s:param>
|
||||
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
|
||||
</s:url>
|
||||
<c:if test="${connector.disabled}">
|
||||
<s:a href="%{enableProxyConnectorUrl}" title="Enable Proxy Connector">
|
||||
|
|
|
@ -89,8 +89,11 @@
|
|||
<s:url id="editRepositoryUrl" action="editRepository">
|
||||
<s:param name="repoid" value="%{#attr.repository.id}"/>
|
||||
</s:url>
|
||||
<s:token/>
|
||||
<s:url id="deleteRepositoryUrl" action="confirmDeleteRepository">
|
||||
<s:param name="repoid" value="%{#attr.repository.id}"/>
|
||||
<s:param name="struts.token.name">struts.token</s:param>
|
||||
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
|
||||
</s:url>
|
||||
<s:a href="%{editRepositoryUrl}">
|
||||
<img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/>
|
||||
|
@ -341,8 +344,11 @@
|
|||
<img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/>
|
||||
Edit
|
||||
</s:a>
|
||||
<s:token/>
|
||||
<s:url id="deleteRepositoryUrl" action="confirmDeleteRemoteRepository">
|
||||
<s:param name="repoid" value="%{#attr.repository.id}"/>
|
||||
<s:param name="struts.token.name">struts.token</s:param>
|
||||
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
|
||||
</s:url>
|
||||
<s:a href="%{deleteRepositoryUrl}">
|
||||
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>
|
||||
|
|
|
@ -50,6 +50,7 @@
|
|||
<s:form action="addRepositoryGroup" namespace="/admin">
|
||||
<span class="label">Identifier<span style="color:red">*</span>:</span>
|
||||
<s:textfield size="10" label="Identifier" theme="simple" name="repositoryGroup.id"/>
|
||||
<s:token/>
|
||||
<s:submit value="Add Group" theme="simple" cssClass="button"/>
|
||||
</s:form>
|
||||
</redback:ifAnyAuthorized>
|
||||
|
@ -71,8 +72,11 @@
|
|||
<div class="managedRepo">
|
||||
|
||||
<div style="float:right">
|
||||
<s:token/>
|
||||
<s:url id="deleteRepositoryGroupUrl" action="confirmDeleteRepositoryGroup">
|
||||
<s:param name="repoGroupId" value="%{#attr.repositoryGroup.key}" />
|
||||
<s:param name="struts.token.name">struts.token</s:param>
|
||||
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
|
||||
</s:url>
|
||||
<s:a href="%{deleteRepositoryGroupUrl}" cssClass="delete">
|
||||
<img src="${iconDeleteUrl}"/>
|
||||
|
|
|
@ -41,8 +41,8 @@
|
|||
|
||||
<c:url var="iconDeleteUrl" value="/images/icons/delete.gif" />
|
||||
<c:url var="iconCreateUrl" value="/images/icons/create.png" />
|
||||
<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern" />
|
||||
<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" />
|
||||
<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern"/>
|
||||
<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern"/>
|
||||
|
||||
<script type="text/javascript">
|
||||
<!--
|
||||
|
@ -82,12 +82,11 @@
|
|||
<s:form method="post" action="repositoryScanning"
|
||||
namespace="/admin" validate="false"
|
||||
id="filetypeForm" theme="simple">
|
||||
<s:token/>
|
||||
<input type="hidden" name="pattern" />
|
||||
<input type="hidden" name="fileTypeId" />
|
||||
</s:form>
|
||||
|
||||
<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" />
|
||||
|
||||
<c:forEach items="${fileTypeIds}" var="filetypeId" varStatus="j">
|
||||
|
||||
<div class="filetype">
|
||||
|
@ -157,6 +156,7 @@
|
|||
|
||||
<s:form method="post" action="repositoryScanning!updateKnownConsumers"
|
||||
namespace="/admin" validate="false" theme="simple">
|
||||
<s:token/>
|
||||
<table class="consumers">
|
||||
<tr>
|
||||
<th> </th>
|
||||
|
@ -213,6 +213,7 @@
|
|||
|
||||
<s:form method="post" action="repositoryScanning!updateInvalidConsumers"
|
||||
namespace="/admin" validate="false" theme="simple">
|
||||
<s:token/>
|
||||
<table class="consumers">
|
||||
<tr>
|
||||
<th> </th>
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
<div id="contentArea">
|
||||
<s:form action="deleteArtifact!doDelete" namespace="/" method="post" validate="true">
|
||||
<%@ include file="/WEB-INF/jsp/include/deleteArtifactForm.jspf" %>
|
||||
<s:token/>
|
||||
<s:submit/>
|
||||
</s:form>
|
||||
</div>
|
||||
|
|
21
pom.xml
21
pom.xml
|
@ -539,7 +539,7 @@
|
|||
<dependency>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>1.3</version>
|
||||
<version>1.4</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-collections</groupId>
|
||||
|
@ -1273,6 +1273,25 @@
|
|||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>snapshots-build</id>
|
||||
<activation>
|
||||
<activeByDefault>true</activeByDefault>
|
||||
</activation>
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>redback.snapshots</id>
|
||||
<name>Codehaus Redback Snapshots Repository</name>
|
||||
<url>http://snapshots.repository.codehaus.org/</url>
|
||||
<releases>
|
||||
<enabled>false</enabled>
|
||||
</releases>
|
||||
<snapshots>
|
||||
<enabled>true</enabled>
|
||||
</snapshots>
|
||||
</repository>
|
||||
</repositories>
|
||||
</profile>
|
||||
</profiles>
|
||||
<!-- TODO: we need to push this into the parent, and also upgrade to the latest ASF parent POM -->
|
||||
<distributionManagement>
|
||||
|
|
Loading…
Reference in New Issue