geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Closed: (GERONIMO-2420) No support of WebDAV http-methods (MKCOL ...) in web-app with security-constraint
Date Fri, 21 Sep 2007 03:37:51 GMT


David Jencks closed GERONIMO-2420.

       Resolution: Fixed
    Fix Version/s: 2.0.1
         Assignee: David Jencks

The jacc spec was emended for javaee 5 to allow much fancier specification of HTTP methods,
and all the DAV ones should work now in geronimo 2.x

> No support of WebDAV http-methods (MKCOL ...) in web-app with security-constraint
> ---------------------------------------------------------------------------------
>                 Key: GERONIMO-2420
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: deployment
>         Environment: Release in WASCE (probably 1.0) - Windows XP - Java 1.5
>            Reporter: Daniel Sportes
>            Assignee: David Jencks
>             Fix For: 2.0.1
>         Attachments: err.log, http-1.txt, http-2.txt, server-Bug-Deployment.log, web-app_2_4b.xsd,
> The schema web-app_2_4.xsd does not accept WebDAV http-method as PROPFIND, MKCOL, etc.
in security-constraint (in web.xml).
> As consequence as I develop a business server based on WebDAV, I cannot require an authentication
for accessing the WebDAV servlet. Just observe it is possible with Tomcat.
> As the error message indicates the web-app_2_4.xsd schema, I patched this schema in the
directory %install%/schema.
> Eclipse is now happy and does not mark anymore my web.xml in error.
> However, this causes an exception at deployment in the server.
> If I remove all forbidden http-method, no more deployment exception of course, but I
do not receive PROPFIND method calls in my servlet.
> If I completely remove the security-constraint section, PROPFIND methods are correctly
received in my servlet ... but the user authentication is no more required (that is not an
acceptable solution for a business server). The method list seems to be coded somewhere else
than in the schema.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message