tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
Date Wed, 02 Mar 2005 19:56:23 GMT wrote:
> luehe       2005/03/02 11:27:11
>   Modified:    catalina/src/share/org/apache/catalina/realm
>   Log:
>   Consider the case where original request was mapped to welcome page.
>   In this case, the mapped welcome page (and not the original request
>   URI!) needs to be the target of hasResourcePermission().
>   This is consistent with the change that had been made in findSecurityConstraints().
>   BTW, shouldn't request.getDecodedRequestURI() return the mapped
>   welcome page (instead of the original URI) in this case?
>   In other words, shouldn't the path passed to
>     mappingData.requestPath.setString(pathStr)
>   in be propagated to the request object associatd with the
>   mappingData?

I consider welcome files to be internal forwards (since it is allowed to 
handle them this way). As a result, they shouldn't be matched by 
secrurity constraints. Only the original request path should be the used 
(so here it's getDecodedRequestURI - as sent by the client).


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message