[Geoserver-devel] [jira] (GEOS-5990) Accesses to the secured catalog can start before the REQUEST thread local is set

[Andrea Aime (JIRA)]

Andrea Aime created GEOS-5990 Accesses to the secured catalog can start before the REQUEST thread local is set Issue Type: Bug Assignee: Justin Deoliveira Components: Configuration Created: 23/Aug/13 7:32 AM Description: During the KVP parse, and while running the init for the dispatcher callbacks, we have the REQUEST thread local set to null, and those can do catalog accesses. Generally speaking, this is a problem for security systems as they cannot known about the current service, request and and version while evaluating the catalog access request. However, it should be possible to load version, request and service before doing the rest of the KVP parse, and XML parses normally do not do any validation, thus they should not end up accessing the catalog Project: GeoServer Priority: Major Reporter: Andrea Aime

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel