geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Sportes (JIRA)" <>
Subject [jira] Commented: (GERONIMO-2420) No support of WebDAV http-methods (MKCOL ...) in web-app with security-constraint
Date Mon, 25 Sep 2006 08:27:50 GMT
    [ ] 
Daniel Sportes commented on GERONIMO-2420:

Report of last tests:

a) if no one http-method is listed in web-resource-collection:
  1) OPTIONS method is routed in the servlet
  2) PROPFIND methods are not transmitted  to the service() method of my servlet : "An exception
or error occurred in the container during the request processing org.apache.catalina.connector.CoyoteAdapter"
This behaviour is hardly correct.

b) if allowed methods (OPTIONS, HEAD, GET, POST, PUT, DELETE) are listed in web-resource-collection,
both OPTIONS and PROPFIND are routed in the service().
This behaviour could be considered as a bit strange, but DO NOT CHANGE IT.
This is a good work around for this issue and exactly the result I hoped:
1) authentication is well required
2) all methods are transmittd to the service() method.

The Apache Slide project just would require a different web-xml for Geronimo than for Tomcat

> No support of WebDAV http-methods (MKCOL ...) in web-app with security-constraint
> ---------------------------------------------------------------------------------
>                 Key: GERONIMO-2420
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: deployment
>         Environment: Release in WASCE (probably 1.0) - Windows XP - Java 1.5
>            Reporter: Daniel Sportes
>         Attachments: err.log, server-Bug-Deployment.log, web-app_2_4b.xsd, web.xml
> The schema web-app_2_4.xsd does not accept WebDAV http-method as PROPFIND, MKCOL, etc.
in security-constraint (in web.xml).
> As consequence as I develop a business server based on WebDAV, I cannot require an authentication
for accessing the WebDAV servlet. Just observe it is possible with Tomcat.
> As the error message indicates the web-app_2_4.xsd schema, I patched this schema in the
directory %install%/schema.
> Eclipse is now happy and does not mark anymore my web.xml in error.
> However, this causes an exception at deployment in the server.
> If I remove all forbidden http-method, no more deployment exception of course, but I
do not receive PROPFIND method calls in my servlet.
> If I completely remove the security-constraint section, PROPFIND methods are correctly
received in my servlet ... but the user authentication is no more required (that is not an
acceptable solution for a business server). The method list seems to be coded somewhere else
than in the schema.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message