Commits

Sebastian Sdorra committed 323f16f

protect mustache resources

  • Participants
  • Parent commits 47f0b46

Comments (0)

Files changed (1)

File scm-webapp/src/main/java/sonia/scm/ScmSecurityModule.java

  */
 
 
+
 package sonia.scm;
 
 //~--- non-JDK imports --------------------------------------------------------
 
+import com.google.inject.name.Names;
+
 import org.apache.shiro.guice.web.ShiroWebModule;
 
 import sonia.scm.security.ScmRealm;
 
+import static org.apache.shiro.guice.web.ShiroWebModule.ROLES;
+
 //~--- JDK imports ------------------------------------------------------------
 
 import javax.servlet.ServletContext;
   @Override
   protected void configureShiroWeb()
   {
+
+    // bind realm
     bindRealm().to(ScmRealm.class);
+
+    // bind constant
+    bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to(
+      "/index.html");
+
+    // disable access to mustache resources
+    addFilterChain("/**.mustache", config(ROLES, "nobody"));
   }
 }