Romain, could you please remind me what this security issue is? I am mixing jaxrs POJOs with servlet filters doing authorization, and doing forwards to jsp and other resources in the middle of everything, so I'll be happy to test this (on trunk I assume).
-- Bjorn Danielsson Cuspy Code AB Romain Manni-Bucau <[email protected]> wrote: > Hi guys > > anyone with time to review my last days hacking to fix our jaxrs > issue? idea is to replace jaxrs servlet by a filter coming at the end > of the chain (to still be able to do security etc ;)). This way if the > resource exists we just delegate to the servlet handling it (jsp...). > > What needs to be done: review what I did didn't introduce a regression > I could have missed > > open point: in org.apache.tomee.webservices.CXFJAXRSFilter#doFilter we > can desire add few "rule" to say "that's a resource urls (thought to > suffix like .css, .js...)" and in this case forget about JAXRS. That > said not sure it would be used that much so I didn't want to add it > *now*. > > Once sby validated it is ok then I'll backport it on 1.7 branch > > > > > Romain Manni-Bucau > Twitter: @rmannibucau > Blog: http://rmannibucau.wordpress.com/ > LinkedIn: http://fr.linkedin.com/in/rmannibucau > Github: https://github.com/rmannibucau
