feature(AuthorizationHelper): disable option
* AuthorizationHelper can now be disabled in tobago-config.xml
* add a tobago-config-5.2.xsd
* update tobago-config.xml files to version 5.2
Issue: TOBAGO-2284
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
index 1b4eb26..80348a5 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
@@ -69,6 +69,7 @@
private boolean decodeLineFeed;
private Map<String, String> mimeTypes;
private boolean enableTobagoExceptionHandler;
+ private boolean enableAuthorizationHelper;
private boolean locked = false;
@@ -118,6 +119,7 @@
contentSecurityPolicy = new ContentSecurityPolicy(ContentSecurityPolicy.Mode.OFF.getValue());
mimeTypes = new HashMap<>();
enableTobagoExceptionHandler = true;
+ enableAuthorizationHelper = true;
// internal
final List<TobagoConfigFragment> fragments = new ArrayList<>();
@@ -332,6 +334,14 @@
this.enableTobagoExceptionHandler = enableTobagoExceptionHandler;
}
+ public boolean isEnableAuthorizationHelper() {
+ return enableAuthorizationHelper;
+ }
+
+ public void setEnableAuthorizationHelper(boolean enableAuthorizationHelper) {
+ this.enableAuthorizationHelper = enableAuthorizationHelper;
+ }
+
public Map<String, String> getMimeTypes() {
return mimeTypes;
}
@@ -400,6 +410,8 @@
builder.append(mimeTypes);
builder.append(", \nenableTobagoExceptionHandler=");
builder.append(enableTobagoExceptionHandler);
+ builder.append(", \nenableAuthorizationHelper=");
+ builder.append(enableAuthorizationHelper);
builder.append('}');
return builder.toString();
}
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommandBase.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommandBase.java
index 26ca4fd..8e9a1fb 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommandBase.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommandBase.java
@@ -123,10 +123,13 @@
private boolean isAllowed() {
final FacesContext facesContext = getFacesContext();
- final AuthorizationHelper authorizationHelper = AuthorizationHelper.getInstance(facesContext);
- final MethodExpression actionExpression = getActionExpression();
- if (actionExpression != null) {
- return authorizationHelper.isAuthorized(facesContext, this, actionExpression.getExpressionString());
+ final TobagoConfig tobagoConfig = TobagoConfig.getInstance(facesContext);
+ if (tobagoConfig.isEnableAuthorizationHelper()) {
+ final AuthorizationHelper authorizationHelper = AuthorizationHelper.getInstance(facesContext);
+ final MethodExpression actionExpression = getActionExpression();
+ if (actionExpression != null) {
+ return authorizationHelper.isAuthorized(facesContext, this, actionExpression.getExpressionString());
+ }
}
return true;
}
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigEntityResolver.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigEntityResolver.java
index 673b8a3..37c0995 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigEntityResolver.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigEntityResolver.java
@@ -47,6 +47,7 @@
protected static final String TOBAGO_CONFIG_XSD_4_0 = "/org/apache/myfaces/tobago/config/tobago-config-4.0.xsd";
protected static final String TOBAGO_CONFIG_XSD_5_0 = "/org/apache/myfaces/tobago/config/tobago-config-5.0.xsd";
protected static final String TOBAGO_CONFIG_XSD_5_1 = "/org/apache/myfaces/tobago/config/tobago-config-5.1.xsd";
+ protected static final String TOBAGO_CONFIG_XSD_5_2 = "/org/apache/myfaces/tobago/config/tobago-config-5.2.xsd";
private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
index 2990bcb..b8471bd 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
@@ -51,6 +51,7 @@
private Properties sanitizerProperties;
private final Map<String, String> mimeTypes;
private Boolean enableTobagoExceptionHandler;
+ private Boolean enableAuthorizationHelper;
public TobagoConfigFragment() {
before = new ArrayList<>();
@@ -220,6 +221,14 @@
this.enableTobagoExceptionHandler = enableTobagoExceptionHandler;
}
+ public Boolean getEnableAuthorizationHelper() {
+ return enableAuthorizationHelper;
+ }
+
+ public void setEnableAuthorizationHelper(Boolean enableAuthorizationHelper) {
+ this.enableAuthorizationHelper = enableAuthorizationHelper;
+ }
+
@Override
public String toString() {
return name != null ? name : "(id=" + System.identityHashCode(this) + ")";
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
index 3de39ec..907cbd2 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
@@ -119,6 +119,10 @@
tobagoConfig.setEnableTobagoExceptionHandler(fragment.getEnableTobagoExceptionHandler());
}
+ if (fragment.getEnableAuthorizationHelper() != null) {
+ tobagoConfig.setEnableAuthorizationHelper(fragment.getEnableAuthorizationHelper());
+ }
+
// theme definition
for (final ThemeImpl theme : fragment.getThemeDefinitions()) {
tobagoConfig.addAvailableTheme(theme);
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
index 1b9a2c8..7c345aa 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
@@ -104,6 +104,7 @@
private static final int SANITIZER_CLASS = -974266412;
private static final int DECODE_LINE_FEED = -1764519240;
private static final int ENABLE_TOBAGO_EXCEPTION_HANDLER = 1967055403;
+ private static final int ENABLE_AUTHORIZATION_HELPER = -860851828;
private static final int SCRIPT = -907685685;
private static final int STYLE = 109780401;
private static final int PROPERTIES = -926053069;
@@ -461,6 +462,10 @@
tobagoConfig.setEnableTobagoExceptionHandler(Boolean.parseBoolean(text));
break;
+ case ENABLE_AUTHORIZATION_HELPER:
+ tobagoConfig.setEnableAuthorizationHelper(Boolean.parseBoolean(text));
+ break;
+
case ENTRY:
properties.setProperty(entryKey, text);
entryKey = null;
@@ -528,7 +533,9 @@
final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
final Schema schema;
- if ("5.1".equals(version.getVersion())) {
+ if ("5.2".equals(version.getVersion())) {
+ schema = schemaFactory.newSchema(getClass().getResource(TOBAGO_CONFIG_XSD_5_2));
+ } else if ("5.1".equals(version.getVersion())) {
schema = schemaFactory.newSchema(getClass().getResource(TOBAGO_CONFIG_XSD_5_1));
} else if ("5.0".equals(version.getVersion())) {
schema = schemaFactory.newSchema(getClass().getResource(TOBAGO_CONFIG_XSD_5_0));
diff --git a/tobago-core/src/main/resources/META-INF/tobago-config.xml b/tobago-core/src/main/resources/META-INF/tobago-config.xml
index 301abbc..2bdd984 100644
--- a/tobago-core/src/main/resources/META-INF/tobago-config.xml
+++ b/tobago-core/src/main/resources/META-INF/tobago-config.xml
@@ -20,8 +20,8 @@
<tobago-config
xmlns="http://myfaces.apache.org/tobago/tobago-config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.1.xsd"
- version="5.1">
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.2.xsd"
+ version="5.2">
<name>tobago-core</name>
diff --git a/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-5.2.xsd b/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-5.2.xsd
new file mode 100644
index 0000000..a256b97
--- /dev/null
+++ b/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-5.2.xsd
@@ -0,0 +1,433 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema
+ targetNamespace="http://myfaces.apache.org/tobago/tobago-config"
+ xmlns:tobago="http://myfaces.apache.org/tobago/tobago-config"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified"
+ version="5.2">
+
+ <xs:annotation>
+ <xs:documentation>
+ <![CDATA[
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ]]>
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>
+ <![CDATA[
+
+ ************************************************************************************
+ ************************************************************************************
+ WARNING
+ THIS IS A PRE-RELEASE VERSION OF THIS FILE, PLEASE CHECK IF THERE IS AN UPDATE ON
+ http://myfaces.apache.org/tobago/tobago-config-5.2.xsd
+ ************************************************************************************
+ ************************************************************************************
+
+ This is the XML schema for the Tobago configuration files version 5.2.
+
+ Use the following definition:
+
+ <tobago-config
+ xmlns="http://myfaces.apache.org/tobago/tobago-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.2.xsd"
+ version="5.2">
+ ...
+ </tobago-config>
+ ]]>
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:element name="tobago-config" type="tobago:tobago-config-type"/>
+
+ <xs:complexType name="tobago-config-type">
+ <xs:sequence>
+ <xs:element name="name" type="tobago:name-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ Name of this instance of the configuration to be referenced in other tobago-config.xml files.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="ordering" type="tobago:ordering-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ Can be used to order this instance of the configuration against other tobago-config.xml files.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="theme-config" type="tobago:theme-config-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ Configure the themes to be used.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="create-session-secret" type="xs:boolean" minOccurs="0" default="true">
+
+ </xs:element>
+ <xs:element name="check-session-secret" type="xs:boolean" minOccurs="0" default="true">
+
+ </xs:element>
+ <xs:element name="prevent-frame-attacks" type="xs:boolean" minOccurs="0" default="true">
+ <xs:annotation>
+ <xs:documentation>
+ Sets the HTTP header "X-Frame-Options" to "DENY".
+ This setting is deprecated but needed for IE11. The current way to configure this is using
+ the Content Security Policy directive 'frame-ancestors'.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="set-nosniff-header" type="xs:boolean" minOccurs="0" default="true">
+ <xs:annotation>
+ <xs:documentation>
+ Sets the HTTP header "X-Content-Type-Options" to "nosniff".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="classic-date-time-picker" type="xs:boolean" minOccurs="0" default="false">
+ <xs:annotation>
+ <xs:documentation>
+ Warning: No longer supported.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="content-security-policy" type="tobago:content-security-policy-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ Define rule for CSP.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="sanitizer" type="tobago:sanitizer-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ <![CDATA[
+ Define a Java class which implements org.apache.myfaces.tobago.sanitizer.Sanitizer
+ to protect against HTML content of <tc:out escape="true"/> and
+ <tc:textarea/>.
+
+ This is the default:
+ <sanitizer>
+ <sanitizer-class>org.apache.myfaces.tobago.sanitizer.JsoupSanitizer</sanitizer-class>
+ <properties>
+ <entry key="safelist">relaxed</entry>
+ </properties>
+ </sanitizer>
+ ]]>
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="enable-tobago-exception-handler" type="xs:boolean" minOccurs="0" default="true">
+ <xs:annotation>
+ <xs:documentation>
+ Use an instance of org.apache.myfaces.tobago.context.TobagoExceptionHandler as
+ exception handler. Set to false to deactivate.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="enable-authorization-helper" type="xs:boolean" minOccurs="0" default="true">
+ <xs:annotation>
+ <xs:documentation>Set to false to deactivate AuthorizationHelper.</xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="decode-line-feed" type="xs:boolean" minOccurs="0" default="true">
+ <xs:annotation>
+ <xs:documentation>
+ Use LF instead of CR+LF in textarea while decoding.
+ HTTP transports usually a line break with CR+LF
+ (see https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4).
+ When this property is set to true (by default), the Java bean will get the string only with LF ('\n').
+
+ When this property is set to false, there might be a conflict with the length validator,
+ because you have 2 character for each line break.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="security-annotation" type="tobago:security-annotation-type" minOccurs="0" default="disable">
+ <xs:annotation>
+ <xs:documentation>
+ Defines the behavior of actions in buttons and links, if the MethodExpression
+ has a security annotation.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="theme-definitions" type="tobago:theme-definitions-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ Configuration of a new theme which may come with this JAR file.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="version"
+ type="tobago:tobago-config-version-type"
+ use="required"/>
+ </xs:complexType>
+
+ <xs:simpleType name="security-annotation-type">
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="hide"/>
+ <xs:enumeration value="disable"/>
+ <xs:enumeration value="ignore"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="tobago-config-version-type">
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="5.2"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:complexType name="ordering-type">
+ <xs:sequence>
+ <xs:element name="after" type="tobago:before-after-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This configuration instance needs to be applied after the referenced instance.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="before" type="tobago:before-after-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This configuration instance needs to be applied before the referenced instance.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="before-after-type">
+ <xs:sequence>
+ <xs:element name="name" type="tobago:name-type" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="theme-config-type">
+ <xs:sequence>
+ <xs:element name="default-theme" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ The default theme, which is used when no theme is selected programmatically.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="supported-theme" type="xs:string" minOccurs="0" maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>
+ Other supported theme for this application.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="theme-cookie" type="xs:boolean" minOccurs="0" maxOccurs="1" default="true">
+ <xs:annotation>
+ <xs:documentation>
+ Use a cookie to set the active theme in the browser, to recognize the active theme at next visit.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="theme-session" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false">
+ <xs:annotation>
+ <xs:documentation>
+ Store the active theme the server session.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="content-security-policy-type">
+ <xs:sequence>
+ <xs:element name="directive" type="tobago:directive-type" maxOccurs="unbounded" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ CSP directive to be added to the HTTP header.
+ It is possible to define more than one directive with the same name, to allow
+ more than one value.
+ The mode defines, if the SCP headers should be written, not written, or only
+ reporting headers should be written.
+
+ For more information about the directives see
+ https://www.w3.org/TR/CSP/
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="mode" type="tobago:csp-mode-type" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="directive-type">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="name" type="xs:string" use="required">
+ <xs:annotation>
+ <xs:documentation>
+ Name of the CSP directive e. g. script-src, style-src, frame-ancestors, child-src, ...
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <xs:complexType name="sanitizer-type">
+ <xs:sequence>
+ <xs:element name="sanitizer-class" type="xs:string"/>
+ <xs:element name="properties" type="tobago:properties-type" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="properties-type">
+ <xs:sequence>
+ <xs:element name="entry" type="tobago:entry-type" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="entry-type">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="key" type="xs:string" use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <xs:simpleType name="csp-mode-type">
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="on"/>
+ <xs:enumeration value="off"/>
+ <xs:enumeration value="report-only"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:complexType name="theme-definitions-type">
+ <xs:sequence>
+ <xs:element name="theme-definition" type="tobago:theme-definition-type" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="theme-definition-type">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ The technical name of the theme, which e. g. is used in paths.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="display-name" type="xs:string" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ The display name of the theme, which may be used in a theme selector.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="fallback" type="xs:string" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ The parent of the theme.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="version" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ The version of the theme. The version string will be encoded into the
+ resource path, to avoid caching problems. The version can be accessed by
+ #{tobagoContext.theme.version}.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="resources" type="tobago:resources-type" minOccurs="0" maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>
+ A list of resources this theme is using.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="tags" type="tobago:tags-type" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ Configuration of tags, if supported.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="resources-type">
+ <xs:annotation>
+ <xs:documentation>
+ Resources can be added, or removed (if they are coming from its fallback theme).
+ To removed the resources, put it inside the "excludes" with the same name it was included
+ in the parent.
+
+ There a two different sets of resources, one for production and one for development.
+ Use the production flag to set this mode explicitly.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:element name="includes" type="tobago:includes-excludes-type" minOccurs="0"/>
+ <xs:element name="excludes" type="tobago:includes-excludes-type" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="production" type="xs:boolean" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="includes-excludes-type">
+ <xs:sequence>
+ <xs:element name="script" type="tobago:script-type" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="style" type="tobago:style-type" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="script-type">
+ <xs:attribute name="name" type="xs:string" use="required"/>
+ <xs:attribute name="type" type="xs:string"/>
+ <xs:attribute name="priority" type="xs:unsignedShort"/>
+ </xs:complexType>
+
+ <xs:complexType name="style-type">
+ <xs:attribute name="name" type="xs:string" use="required"/>
+ <xs:attribute name="priority" type="xs:unsignedShort"/>
+ </xs:complexType>
+
+ <xs:simpleType name="name-type">
+ <xs:restriction base="xs:string"/>
+ </xs:simpleType>
+
+ <xs:complexType name="tags-type">
+ <xs:sequence>
+ <xs:element name="tag" type="tobago:tag-type" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="tag-type">
+ <xs:sequence>
+ <xs:element name="attribute" type="tobago:attribute-type" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:string" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="attribute-type">
+ <xs:attribute name="name" type="xs:string" use="required"/>
+ <xs:attribute name="default" type="xs:string"/>
+ </xs:complexType>
+
+</xs:schema>
diff --git a/tobago-example/tobago-example-blank/src/main/webapp/WEB-INF/tobago-config.xml b/tobago-example/tobago-example-blank/src/main/webapp/WEB-INF/tobago-config.xml
index a19adf6..932b271 100644
--- a/tobago-example/tobago-example-blank/src/main/webapp/WEB-INF/tobago-config.xml
+++ b/tobago-example/tobago-example-blank/src/main/webapp/WEB-INF/tobago-config.xml
@@ -20,8 +20,8 @@
<tobago-config
xmlns="http://myfaces.apache.org/tobago/tobago-config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.1.xsd"
- version="5.1">
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.2.xsd"
+ version="5.2">
<name>tobago-example-blank</name>
diff --git a/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml b/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
index eb0f48c..f04394b 100644
--- a/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
+++ b/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
@@ -20,8 +20,8 @@
<tobago-config
xmlns="http://myfaces.apache.org/tobago/tobago-config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.1.xsd"
- version="5.1">
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.2.xsd"
+ version="5.2">
<name>demo</name>
@@ -35,7 +35,7 @@
</after>
</ordering>
-<!-- using all available themes, if this is not set XXX to be implemented TOBAGO-1664 -->
+ <!-- using all available themes, if this is not set XXX to be implemented TOBAGO-1664 -->
<theme-config>
<default-theme>standard</default-theme>
<supported-theme>scarborough</supported-theme>
@@ -74,17 +74,17 @@
<!-- "disable" is the default -->
<!--<security-annotation>disable</security-annotation>-->
-<!-- this is the default...
- <sanitizer>
- <sanitizer-class>org.apache.myfaces.tobago.sanitizer.JsoupSanitizer</sanitizer-class>
- <properties>
- <!–
- Use one of: basic, basicWithImages, relaxed, simpleText or none
- –>
- <entry key="safelist">relaxed</entry>
- </properties>
- </sanitizer>
--->
+ <!-- this is the default...
+ <sanitizer>
+ <sanitizer-class>org.apache.myfaces.tobago.sanitizer.JsoupSanitizer</sanitizer-class>
+ <properties>
+ <!–
+ Use one of: basic, basicWithImages, relaxed, simpleText or none
+ –>
+ <entry key="safelist">relaxed</entry>
+ </properties>
+ </sanitizer>
+ -->
<!-- "false" disables the TobagoExceptionHandler -->
<!--<enable-tobago-exception-handler>false</enable-tobago-exception-handler>-->
@@ -92,4 +92,7 @@
<!-- true is the default -->
<!--<decode-line-feed>false</decode-line-feed>-->
+ <!-- "false" disabled the AuthorizationHelper -->
+ <!--<enable-authorization-helper>false</enable-authorization-helper>-->
+
</tobago-config>
diff --git a/tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/tobago-config.xml b/tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/tobago-config.xml
index 70ce69b..d09a0f0 100644
--- a/tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/tobago-config.xml
+++ b/tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/tobago-config.xml
@@ -20,8 +20,8 @@
<tobago-config
xmlns="http://myfaces.apache.org/tobago/tobago-config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.1.xsd"
- version="5.1">
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.2.xsd"
+ version="5.2">
<name>tobago-theme-speyside</name>
<ordering>
<after>
diff --git a/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml b/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml
index cd5ab25..efd31cf 100644
--- a/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml
+++ b/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml
@@ -20,8 +20,8 @@
<tobago-config
xmlns="http://myfaces.apache.org/tobago/tobago-config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.1.xsd"
- version="5.1">
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-5.2.xsd"
+ version="5.2">
<name>tobago-theme-standard</name>