Run before/after for static files #571
Comments
|
I don't have a use case for that but if anyone has please share ! (related to #591 ) |
|
I am compiling LESS files to CSS. It worked well in Spark 2.2 (and I think 2.3 too), but no longer in 2.5. EDIT: Confirmed, less caching and compiling works fine with Spark 2.3. I'll stick with that version then |
Why would Spark have anything to do with LESS? When Spark tries to access them they're just normal CSS files?
This has been fixed on master. |
|
Thank you very much :) Spark itself has nothing to do with LESS, but I have been using a before filter to recompile them using https://github.com/i-net-software/jlessc if necessary |
Never thought about doing that, interesting approach! |
I agree, I'm just keeping the issue open in case anyone comes up with an actual use-case for before/after filters for static routes. |
|
We have static files (Documents) which should only be downloaded by persons with proper authorization (stored in session). A before filter for the static file route would be useful for us. |
|
Any work in progress for this issue? |
|
Static web pages should be also displayed after security verification. We are using Google Polymer for frontend (http://polymer-project.org/) which at the end generates only static web pages. All GUI magic is done in HTML / Javascript. In such a model there is no way to implement security on user interface - only pulling data from server and actions implemented on server can be secured. |
|
Is there any workaround to do access restrictions for static files or is there a chance that before-filters will affect static files in the future? |
tipsy
changed the title
|
Use Case: |
|
Any update on this? I have index.html and want to protect it with a form authentication based on pac4j but cannot apply the security filter on it. |
|
This issue led me to change my approach: I now use jetty webserver in embedded mode without spark framework. It's a bit more complicated but gives me a very high degree of flexibility. |
|
Can you please give an example? I'm interested too :) |
|
I wrote a brief description with code snippets: http://www.pabst-software.de/doku.php?id=programmieren:java:webserver:jetty:start Hope this is helpful to you. BTW: If you look at this vast amount of initialization code you clearly see the benefits of the spark framework. I certyainly will continue using it in my smaller projects. |
|
Please correct me if I am off point. My current use case would be redirecting users from HTTP to HTTPS in order to facilitate HSTS for my static files. I have been searching for a way around this for a couple weeks now and I am unable to find anything that would work. |
|
My use case for this is also authentication/authorization in before filters. Unfortunately I filled a similar issue here: perwendel/spark-kotlin#23 (using spark 2.6.0) |
|
If you are comfortable forking and patching Spark yourself, look up the class MatcherFilter here: https://github.com/perwendel/spark/blob/2.6.0/src/main/java/spark/http/matching/MatcherFilter.java More precisely lines 94 and 129. Haven't tested this yet, though. Also Spark 2.2 runs filters on static files. I think there are no known vulnerabilities in 2.2, but I don't recommend using outdated software |
|
Ok, I came up with this (attached), based on 2.6.0. But it needs further testing and reviewing. |
|
Just confirmed - it works fine, even in version 2.5.2. Placing the source file in my own project was sufficient. Thank you very much :) |
|
I would be happy if Per could have a look at it. |
|
@perwendel Hi, I just wanted to point out that this issue is still opened and the change @StefanHUB did wasn't implemented as of version 2.8.0. |
|
I'd like to add my voice to promoting this issue. This would be an incredibly useful feature. |
No description provided.
The text was updated successfully, but these errors were encountered: