On Sun, Apr 10, 2011 at 7:25 PM, Gabriel Roldán <[email protected]> wrote: >> c) ship it and have it always on, any session creation outside of >> the web UI is something we want to be informed of asap anyways > I'd go with c). It wouldn't hurt though if fillInStackTrace() is guarded > by a LOGGER.isLoggable(Level.FINE/Level.INFO) as appropriate.
Yep, very much agree. >> I'm tempted to go c), even when wrapping the tool is quite light >> unless there is indeed a session creation going on... >> how do people feel about this? >> Can someone double check/review the patch at >> http://jira.codehaus.org/browse/GEOS-4478 >> >> The other part of the work is the actual fix, using the tool I've found >> a couple of unexpected session creations, both due to the Spring Security >> integration not behaving quite like I hoped: >> http://jira.codehaus.org/browse/GEOS-4477 > as far as I can tell we have to account for the following gwc paths: > /gwc/web/** --> same as /www > /gwc/service/** --> same as /wms /wcs etc which means, for both, same as the new /** rule (which covers everything but web ui and rest) > /gwc/demo --> same as as /rest > /gwc/rest/** --> same as /rest Humm... ha. I guess demo was not in the list of rest-y paths > I'll try to narrow the list as appropriate and post back a patch to > GEOS-4477 Thanks! >> >> The patch fixes the issues I've seen and should result in greater >> scalability for applications that are using secured data layers and >> the "www" folder. >> However the testing I've made is quite on the light side (checked with some >> secured layers)... we'd need someone heavily using security to confirm the >> changes are not breaking anything else. Any takers? > I'll test with GeoNode and report back, as it uses an alternate > authentication mechanism. Yep, that would be good, again, thanks :-) Cheers -- ------------------------------------------------------- Ing. Andrea Aime GeoSolutions S.A.S. Tech lead Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 962313 mob: +39 333 8128928 http://www.geo-solutions.it http://geo-solutions.blogspot.com/ http://www.youtube.com/user/GeoSolutionsIT http://www.linkedin.com/in/andreaaime http://twitter.com/geowolf ------------------------------------------------------- ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
