From f0d5b8bbe36e085be522d303d112c7ea4b44d611 Mon Sep 17 00:00:00 2001
From: Dave Syer <dsyer@vmware.com>
Date: Tue, 16 Jul 2013 15:30:26 +0100
Subject: [PATCH] [bs-153] Don't expose classes as resource

Made classpath:/[static,resourecs,public] available instead. Some
sample apps had to change so probably some gs-* guides etc as well?

[Fixes #51368907]
---
 .../web/WebMvcAutoConfiguration.java             | 16 ++++++----------
 .../resources/{ => static}/css/bootstrap.min.css |  0
 .../resources/{ => static}/css/bootstrap.min.css |  0
 .../resources/{ => static}/js/jquery-1.7.2.js    |  0
 .../resources/{ => static}/js/jquery.validate.js |  0
 .../web/ui/SampleWebUiApplicationTests.java      |  2 +-
 6 files changed, 7 insertions(+), 11 deletions(-)
 rename spring-zero-samples/spring-zero-sample-actuator-ui/src/main/resources/{ => static}/css/bootstrap.min.css (100%)
 rename spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/{ => static}/css/bootstrap.min.css (100%)
 rename spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/{ => static}/js/jquery-1.7.2.js (100%)
 rename spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/{ => static}/js/jquery.validate.js (100%)

diff --git a/spring-autoconfigure/src/main/java/org/springframework/autoconfigure/web/WebMvcAutoConfiguration.java b/spring-autoconfigure/src/main/java/org/springframework/autoconfigure/web/WebMvcAutoConfiguration.java
index b4dab8c4a4b..2af6456dd31 100644
--- a/spring-autoconfigure/src/main/java/org/springframework/autoconfigure/web/WebMvcAutoConfiguration.java
+++ b/spring-autoconfigure/src/main/java/org/springframework/autoconfigure/web/WebMvcAutoConfiguration.java
@@ -121,16 +121,12 @@ public class WebMvcAutoConfiguration {
 
 		@Override
 		public void addResourceHandlers(ResourceHandlerRegistry registry) {
-			// FIXME exposing the root classpath is a security risk
-			// eg http://localhost:8080/org/springframework/bootstrap/Banner.class
-			registry.addResourceHandler("/resources/**").addResourceLocations("/")
-					.addResourceLocations("classpath:/META-INF/resources/")
-					.addResourceLocations("classpath:/resources/")
-					.addResourceLocations("classpath:/");
-			registry.addResourceHandler("/**").addResourceLocations("/")
-					.addResourceLocations("classpath:/META-INF/resources/")
-					.addResourceLocations("classpath:/static/")
-					.addResourceLocations("classpath:/");
+			registry.addResourceHandler("/resources/**").addResourceLocations("/",
+					"classpath:/META-INF/resources/", "classpath:/resources/",
+					"classpath:/public/", "classpath:/static/");
+			registry.addResourceHandler("/**").addResourceLocations("/",
+					"classpath:/META-INF/resources/", "classpath:/resources/",
+					"classpath:/static/", "classpath:/public/");
 		}
 
 		@Configuration
diff --git a/spring-zero-samples/spring-zero-sample-actuator-ui/src/main/resources/css/bootstrap.min.css b/spring-zero-samples/spring-zero-sample-actuator-ui/src/main/resources/static/css/bootstrap.min.css
similarity index 100%
rename from spring-zero-samples/spring-zero-sample-actuator-ui/src/main/resources/css/bootstrap.min.css
rename to spring-zero-samples/spring-zero-sample-actuator-ui/src/main/resources/static/css/bootstrap.min.css
diff --git a/spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/css/bootstrap.min.css b/spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/static/css/bootstrap.min.css
similarity index 100%
rename from spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/css/bootstrap.min.css
rename to spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/static/css/bootstrap.min.css
diff --git a/spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/js/jquery-1.7.2.js b/spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/static/js/jquery-1.7.2.js
similarity index 100%
rename from spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/js/jquery-1.7.2.js
rename to spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/static/js/jquery-1.7.2.js
diff --git a/spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/js/jquery.validate.js b/spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/static/js/jquery.validate.js
similarity index 100%
rename from spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/js/jquery.validate.js
rename to spring-zero-samples/spring-zero-sample-web-ui/src/main/resources/static/js/jquery.validate.js
diff --git a/spring-zero-samples/spring-zero-sample-web-ui/src/test/java/org/springframework/zero/sample/web/ui/SampleWebUiApplicationTests.java b/spring-zero-samples/spring-zero-sample-web-ui/src/test/java/org/springframework/zero/sample/web/ui/SampleWebUiApplicationTests.java
index 5bc3fbc01b7..dd7d39e5975 100644
--- a/spring-zero-samples/spring-zero-sample-web-ui/src/test/java/org/springframework/zero/sample/web/ui/SampleWebUiApplicationTests.java
+++ b/spring-zero-samples/spring-zero-sample-web-ui/src/test/java/org/springframework/zero/sample/web/ui/SampleWebUiApplicationTests.java
@@ -78,7 +78,7 @@ public class SampleWebUiApplicationTests {
 	@Test
 	public void testCss() throws Exception {
 		ResponseEntity<String> entity = getRestTemplate().getForEntity(
-				"http://localhost:8080/css/bootstrap.min.css", String.class);
+				"http://localhost:8080/resources/css/bootstrap.min.css", String.class);
 		assertEquals(HttpStatus.OK, entity.getStatusCode());
 		assertTrue("Wrong body:\n" + entity.getBody(), entity.getBody().contains("body"));
 	}