[ http://issues.apache.org/jira/browse/GERONIMO-2420?page=comments#action_12437480 ] Daniel Sportes commented on GERONIMO-2420: ------------------------------------------
Report of last tests: a) if no one http-method is listed in web-resource-collection: 1) OPTIONS method is routed in the servlet 2) PROPFIND methods are not transmitted to the service() method of my servlet : "An exception or error occurred in the container during the request processing org.apache.catalina.connector.CoyoteAdapter" This behaviour is hardly correct. b) if allowed methods (OPTIONS, HEAD, GET, POST, PUT, DELETE) are listed in web-resource-collection, both OPTIONS and PROPFIND are routed in the service(). This behaviour could be considered as a bit strange, but DO NOT CHANGE IT. This is a good work around for this issue and exactly the result I hoped: 1) authentication is well required 2) all methods are transmittd to the service() method. The Apache Slide project just would require a different web-xml for Geronimo than for Tomcat 5. > No support of WebDAV http-methods (MKCOL ...) in web-app with > security-constraint > --------------------------------------------------------------------------------- > > Key: GERONIMO-2420 > URL: http://issues.apache.org/jira/browse/GERONIMO-2420 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: deployment > Environment: Release in WASCE (probably 1.0) - Windows XP - Java 1.5 > Reporter: Daniel Sportes > Attachments: err.log, server-Bug-Deployment.log, web-app_2_4b.xsd, > web.xml > > > The schema web-app_2_4.xsd does not accept WebDAV http-method as PROPFIND, > MKCOL, etc. in security-constraint (in web.xml). > As consequence as I develop a business server based on WebDAV, I cannot > require an authentication for accessing the WebDAV servlet. Just observe it > is possible with Tomcat. > As the error message indicates the web-app_2_4.xsd schema, I patched this > schema in the directory %install%/schema. > Eclipse is now happy and does not mark anymore my web.xml in error. > However, this causes an exception at deployment in the server. > If I remove all forbidden http-method, no more deployment exception of > course, but I do not receive PROPFIND method calls in my servlet. > If I completely remove the security-constraint section, PROPFIND methods are > correctly received in my servlet ... but the user authentication is no more > required (that is not an acceptable solution for a business server). The > method list seems to be coded somewhere else than in the schema. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
