Hi! Well, I’m not quite sure why we have this active by default at all. It’s defined by the spec, but most people don’t inject the Principals. So it’s unused overhead most of the times…
Will need to take a peek at it, cannot remember exactly how this stuff works. I think we should only register it ‚on demand‘. Or at least make this configurable. LieGrue, strub > Am 10.06.2015 um 18:04 schrieb [email protected]: > > Dear all, > > I have a problem with org.apache.webbeans.web.tomcat7.TomcatSecurityFilter. > It does not support async but is configured to filter everything. > > Its web fragment is : > > <web-fragment metadata-complete="true" version="3.0" > xmlns="http://java.sun.com/xml/ns/javaee"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd";> > <name>OwbTomcat7</name> > <ordering> > <before>others</before> > </ordering> > <filter> > <icon/> > <filter-name>OwbSecurityFilter</filter-name> > <filter-class>org.apache.webbeans.web.tomcat7.TomcatSecurityFilter</filter-class> > </filter> > <filter-mapping> > <filter-name>OwbSecurityFilter</filter-name> > <url-pattern>*</url-pattern> > <dispatcher>REQUEST</dispatcher> > </filter-mapping> > </web-fragment> > > > This annoys me as OwbSecurityFilter always put itself in the chain, even when > it is not at all cdi related. In my case, I am using Atmosphere for > WebSockets, and I always get errors because OwbSecurityFilter denies async > processing. > > As far as I understand, OwbSecurityFilter does really not support async > operations. > > One obvious (but (not so) dirty) solution for me would be to shade > openwebbeans-tomcat7 and filter only on *.xhtml. > > Is there a less dirty way to override this configuration ? > > Thanks in advance, > > Ludovic > > > | > | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. > | >
