Yup, my bad, however it does look like if the HttpContext.handleSecurity throws a RuntimeException it assumes that the method returned true. I believe that is the source of my confusion.
Dave Smith Candata Ltd. 416-493-9020x2413 Direct: 416-855-2413 On Sat, Jan 19, 2013 at 9:21 AM, Chetan Mehrotra <[email protected]>wrote: > Hi Dave, > > Looking at the HttpContextManager [1] which is used by the whiteboard > logic to obtain content it appears that it takes care of case when > http content with given contextId does not exist. > > How are you registering Servlet and HttpContext? > > Chetan Mehrotra > [1] > https://github.com/apache/felix/blob/trunk/http/whiteboard/src/main/java/org/apache/felix/http/whiteboard/internal/manager/HttpContextManager.java#L108 > > On Sat, Jan 19, 2013 at 9:50 AM, Dave Smith <[email protected]> > wrote: > > I am trying to have both my Servlet and HttpContext created by SCR . > > Unfortunately the current implementation is order specific , if the > > HttpContext is not registered first it the Whiteboard quietly ignores it > > and creates a default context and continues on. The quick fix is to add a > > SCR reference to the HttpContext in the Servlet but it seems that the > > Servlet should just wait until the context appears instead of no context > at > > all. In my case it creates a HUGE security hole quite quietly. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
