cool, switching discussion to gt-devel then. Thanks for looking at it. Gabriel On Sun, 2011-04-10 at 15:33 +0200, Andrea Aime wrote: > On Sun, Apr 10, 2011 at 10:04 AM, Andrea Aime > <[email protected]> wrote: > > On Sun, Apr 10, 2011 at 3:21 AM, Gabriel Roldán <[email protected]> wrote: > >> I am far from an expert in the geoserver security system, but this > >> caught my attention. In main's applicationSecurityContext we have the > >> following path to security chain mapping : > >> .... > >> /wcs/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,filterInvocationInterceptor > >> /rest/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,restFilterInvocationInterceptor > >> /gwc/rest/web/**=anonymousProcessingFilter,consoleExceptionTranslationFilter,filterInvocationInterceptor > >> /gwc/rest/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,restFilterInvocationInterceptor > >> /**=httpSessionContextIntegrationFilterWithASCTrue,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,consoleExceptionTranslationFilter,filterInvocationInterceptor > > > > Gabriel, you're probably right. > > See: > http://jira.codehaus.org/browse/GEOS-4477 > http://jira.codehaus.org/browse/GEOS-4478 > > During my tests using GWC did not cause session creations, but any attempt > to hit the "www" folder, and any access to secured layers without > proper credentials > did indeed create a session. > > Now on to see if and how to integrate these fixes in 2.1.x (that is, > before or after > the 2.1.0 release, which is already at RC4). > > I've started a discussion on gs-devel on the topic > > Cheers > Andrea >
-- Gabriel Roldan [email protected] Expert service straight from the developers ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
