[ http://issues.apache.org/jira/browse/GERONIMO-2420?page=comments#action_12436696 ] David Jencks commented on GERONIMO-2420: ----------------------------------------
We can't modify the j2ee schemas supplied from sun, and we're pretty much obligated to validate your spec depoyment descriptors against the schemas supplied by sun. So we can't adopt the modified web-app schema you've supplied, and we will continue to reject your web.xml as being non-compliant to the schema. We might be able to figure out an alternate way to add more permissions for additional http methods by specifying them in the geronimo plan. Is there a complete list of possible http methods somewhere? Is the list recognized by sun expanded in the servlet 2.5 spec? > No support of WebDAV http-methods (MKCOL ...) in web-app with > security-constraint > --------------------------------------------------------------------------------- > > Key: GERONIMO-2420 > URL: http://issues.apache.org/jira/browse/GERONIMO-2420 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: deployment > Environment: Release in WASCE (probably 1.0) - Windows XP - Java 1.5 > Reporter: Daniel Sportes > Attachments: err.log, server-Bug-Deployment.log, web-app_2_4b.xsd, > web.xml > > > The schema web-app_2_4.xsd does not accept WebDAV http-method as PROPFIND, > MKCOL, etc. in security-constraint (in web.xml). > As consequence as I develop a business server based on WebDAV, I cannot > require an authentication for accessing the WebDAV servlet. Just observe it > is possible with Tomcat. > As the error message indicates the web-app_2_4.xsd schema, I patched this > schema in the directory %install%/schema. > Eclipse is now happy and does not mark anymore my web.xml in error. > However, this causes an exception at deployment in the server. > If I remove all forbidden http-method, no more deployment exception of > course, but I do not receive PROPFIND method calls in my servlet. > If I completely remove the security-constraint section, PROPFIND methods are > correctly received in my servlet ... but the user authentication is no more > required (that is not an acceptable solution for a business server). The > method list seems to be coded somewhere else than in the schema. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
