From 4e0ee29b4d51058961ffa8bca672edcde0ee2493 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 23 Mar 2012 16:20:51 -0400
Subject: [PATCH] Update to Wicket 1.4.20

---
 docs/03_faq.mkd |   18 +++++++++++-------
 1 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/docs/03_faq.mkd b/docs/03_faq.mkd
index 8b08e19..6831f42 100644
--- a/docs/03_faq.mkd
+++ b/docs/03_faq.mkd
@@ -48,7 +48,7 @@
     http://192.168.1.2/log/myrepo.git/refs%2Fheads%2Fmaster
 
 **NOTE:**  
-You can not trust the url in the address bar of your browser since your browser may *prettify* the url.  When in doubt, *View Source* of the generated html to confirm the *href*.
+You can not trust the url in the address bar of your browser since your browser may decode it for presentation.  When in doubt, *View Source* of the generated html to confirm the *href*.
 
 There are two possible workarounds for this issue.  In `gitblit.properties` or `web.xml`:
 
@@ -59,7 +59,7 @@
 
 You must ensure that the proxy does not decode and then re-encode request urls with interpretation of forward-slashes (*%2F*).  If your proxy layer does re-encode embedded forward-slashes then you may not be able to browse grouped repositories or logs, branches, and tags **unless** you set *web.mountParameters=false*.
 
-If you are using Apache mod_proxy, specify [AllowEncodedSlashes NoDecode](http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes).
+If you are using Apache mod_proxy you may have luck with specifying [AllowEncodedSlashes NoDecode](http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes).
 
 ### Running Gitblit on Tomcat
 
@@ -67,7 +67,7 @@
 You have a few options on how to handle this scenario:
 
 1. [Tweak Tomcat](http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10)  
-Add *org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true* to *CATALINA_OPTS*
+Add *-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true* to *CATALINA_OPTS* or to your JVM launch parameters
 2. *web.mountParameters = false* and use non-pretty, parameterized urls
 3. *web.forwardSlashCharacter = !* which tells Gitblit to use **!** instead of **/**
 
@@ -119,13 +119,17 @@
 **NOTE:**  
 Care must be taken to preserve the relationship between user roles and repository names.<br/>Please see the *User Roles* section of the [setup](/setup.html) page for details.
 
-### Can I restrict access to paths within a repository?
-No.  Access restrictions apply to the repository as a whole.
+### Can I restrict access to branches or paths within a repository?
+No, not out-of-the-box.  Access restrictions apply to the repository as a whole.
 
-Gitblit's simple authentication and authorization mechanism can be used to facilitate one or more of the [workflows outlined here](http://progit.org/book/ch5-1.html).  Should you require more fine-grained access controls you might consider using [gitolite](https://github.com/sitaramc/gitolite).
+Gitblit's simple authentication and authorization mechanism can be used to facilitate one or more of the [workflows outlined here](http://progit.org/book/ch5-1.html).
+
+Should you require more fine-grained access controls you might consider writing a Groovy *prereceive* script to block updating branch refs based on some permissions file.  I would be interested in a generic, re-usable script to include with Gitblit, should someone want to implement it.
+
+Alternatively, you could use [gitolite](https://github.com/sitaramc/gitolite) and SSH for your repository access.
 
 ### Can I authenticate users against XYZ?
-Yes.  The user service is pluggable.  You may write your own user service by implementing the *com.gitblit.IUserService* interface.  Set the fully qualified classname as the *realm.userService* property.
+Yes.  The user service is pluggable.  You may write your own complete user service by implementing the *com.gitblit.IUserService* interface.  Or you may subclass *com.gitblit.GitblitUserService* and override just the authentication. Set the fully qualified classname as the *realm.userService* property.
 
 ### Why doesn't Gitblit support SSH?
 Gitblit could integrate [Apache Mina][mina] to provide SSH access.  However, doing so violates Gitblit's first design principle: [KISS](http://en.wikipedia.org/wiki/KISS_principle).<br/>

--
Gitblit v1.9.1