On Sun, Apr 10, 2011 at 10:04 AM, Andrea Aime <[email protected]> wrote: > On Sun, Apr 10, 2011 at 3:21 AM, Gabriel Roldán <[email protected]> wrote: >> I am far from an expert in the geoserver security system, but this >> caught my attention. In main's applicationSecurityContext we have the >> following path to security chain mapping : >> .... >> /wcs/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,filterInvocationInterceptor >> /rest/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,restFilterInvocationInterceptor >> /gwc/rest/web/**=anonymousProcessingFilter,consoleExceptionTranslationFilter,filterInvocationInterceptor >> /gwc/rest/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,restFilterInvocationInterceptor >> /**=httpSessionContextIntegrationFilterWithASCTrue,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,consoleExceptionTranslationFilter,filterInvocationInterceptor > > Gabriel, you're probably right.
See: http://jira.codehaus.org/browse/GEOS-4477 http://jira.codehaus.org/browse/GEOS-4478 During my tests using GWC did not cause session creations, but any attempt to hit the "www" folder, and any access to secured layers without proper credentials did indeed create a session. Now on to see if and how to integrate these fixes in 2.1.x (that is, before or after the 2.1.0 release, which is already at RC4). I've started a discussion on gs-devel on the topic Cheers Andrea -- ------------------------------------------------------- Ing. Andrea Aime GeoSolutions S.A.S. Tech lead Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 962313 mob: +39 333 8128928 http://www.geo-solutions.it http://geo-solutions.blogspot.com/ http://www.youtube.com/user/GeoSolutionsIT http://www.linkedin.com/in/andreaaime http://twitter.com/geowolf ------------------------------------------------------- ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
