Got it. A look into web.xml shows me that the security filter is applied
before the advanced dispatch filter. ServletPath and pathinfo used by the
security filters are not preprocessed by the advanced dispatch filter.
The security tests override the createRequest method, anything works fine.
As a consequence for web.xml, the filter mapping for the filterchainproxy
MUST always be before the mapping for the advanced dispatch filter,
otherwise the security system will not work.
Good to know :-)
2012/11/5 Justin Deoliveira <[email protected]>
> I think this will have unintended side affects if we do that. With the
> "advanced dispatch" that was added for GeoServer 2.1 we hack the servlet
> path and path info in order to make servlet paths pluggable. See the
> AdavncedDispatchFilter for details. You will also notice that that filter
> actually ignores MockHttpServletRequest requests... although i can't
> remember why.
>
> On Sat, Nov 3, 2012 at 9:29 AM, Christian Mueller <[email protected]>wrote:
>
>> The method
>>
>> org.geoserver.test.GeoServerSystemTestSupport.createRequest(String)
>>
>> creates an MockHttpServletRequest object for testing. If you call with
>> "/foo/bar", the servlet path is "/foo" and the pathinfo is "/bar". All our
>> <filter-mapping> elements in web.xml map all filters to "/*".
>>
>> IMHO, in this case, the servlet path has to be "" (empty String) and the
>> path info has to be "/foo/bar". I detected this issue during working on
>> the security filter tests and I found this
>>
>>
>> http://bluxte.net/musings/2006/03/29/servletpath-and-pathinfo-servlet-api-weirdness
>>
>> I want to ask here because I am not 100% sure, but I believe we should
>> fix this.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> LogMeIn Central: Instant, anywhere, Remote PC access and management.
>> Stay in control, update software, and manage PCs from one command center
>> Diagnose problems and improve visibility into emerging IT issues
>> Automate, monitor and manage. Do more in less time with Central
>> http://p.sf.net/sfu/logmein12331_d2d
>> _______________________________________________
>> Geoserver-devel mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>
>>
>
>
> --
> Justin Deoliveira
> OpenGeo - http://opengeo.org
> Enterprise support for open source geospatial.
>
>
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
