geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Commented: (GERONIMO-2420) No support of WebDAV http-methods (MKCOL ...) in web-app with security-constraint
Date Thu, 21 Sep 2006 23:18:25 GMT
    [ ] 
David Jencks commented on GERONIMO-2420:

We can't modify the j2ee schemas supplied from sun, and we're pretty much obligated to validate
your spec depoyment descriptors against the schemas supplied by sun.  So we can't adopt the
modified web-app schema you've supplied, and we will continue to reject your web.xml as being
non-compliant to the schema.

We might be able to figure out an alternate way to add more permissions for additional http
methods by specifying them in the geronimo plan.  Is there a complete list of possible http
methods somewhere?  Is the list recognized by sun expanded in the servlet 2.5 spec?

> No support of WebDAV http-methods (MKCOL ...) in web-app with security-constraint
> ---------------------------------------------------------------------------------
>                 Key: GERONIMO-2420
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: deployment
>         Environment: Release in WASCE (probably 1.0) - Windows XP - Java 1.5
>            Reporter: Daniel Sportes
>         Attachments: err.log, server-Bug-Deployment.log, web-app_2_4b.xsd, web.xml
> The schema web-app_2_4.xsd does not accept WebDAV http-method as PROPFIND, MKCOL, etc.
in security-constraint (in web.xml).
> As consequence as I develop a business server based on WebDAV, I cannot require an authentication
for accessing the WebDAV servlet. Just observe it is possible with Tomcat.
> As the error message indicates the web-app_2_4.xsd schema, I patched this schema in the
directory %install%/schema.
> Eclipse is now happy and does not mark anymore my web.xml in error.
> However, this causes an exception at deployment in the server.
> If I remove all forbidden http-method, no more deployment exception of course, but I
do not receive PROPFIND method calls in my servlet.
> If I completely remove the security-constraint section, PROPFIND methods are correctly
received in my servlet ... but the user authentication is no more required (that is not an
acceptable solution for a business server). The method list seems to be coded somewhere else
than in the schema.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message