Method security is case sensitive
---------------------------------
Key: GEOS-4012
URL: http://jira.codehaus.org/browse/GEOS-4012
Project: GeoServer
Issue Type: Bug
Components: Security
Affects Versions: 1.7.7, 1.7.x
Environment: GeoServer 1.7.7
Reporter: Craig McIlwee
Assignee: Andrea Aime
I set up security on WFS.GetFeature, but if the client uses some other case
(e.g. getfeature) in the URL then security is bypassed.
# Add to security.properties: {{wfs.GetFeature=ROLE_WFS_READ}}
# Add to users.properties: {{test=test,ROLE_WFS_READ}}
# Navigate to
{{http://localhost:8080/geoserver/wfs?request=GetFeature&service=wfs&version=1.0.0&typename=topp:states}},
confirm authentication prompt in browser
# Navigate to
{{http://localhost:8080/geoserver/wfs?request=getfeature&service=wfs&version=1.0.0&typename=topp:states}}
(note case change in request param), you will get the data without
authenticating first
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
