From tomcat-dev-return-56609-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org Wed Mar 02 19:56:33 2005 Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 75035 invoked from network); 2 Mar 2005 19:56:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 2 Mar 2005 19:56:33 -0000 Received: (qmail 44976 invoked by uid 500); 2 Mar 2005 19:56:26 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 44923 invoked by uid 500); 2 Mar 2005 19:56:26 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 44908 invoked by uid 99); 2 Mar 2005 19:56:25 -0000 X-ASF-Spam-Status: No, hits=-10.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from minotaur.apache.org (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Wed, 02 Mar 2005 11:56:25 -0800 Received: (qmail 74963 invoked from network); 2 Mar 2005 19:56:24 -0000 Received: from localhost.hyperreal.org (HELO ?127.0.0.1?) (127.0.0.1) by localhost.hyperreal.org with SMTP; 2 Mar 2005 19:56:24 -0000 Message-ID: <42261A67.1090409@apache.org> Date: Wed, 02 Mar 2005 20:56:23 +0100 From: Remy Maucherat User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java References: <20050302192711.62873.qmail@minotaur.apache.org> In-Reply-To: <20050302192711.62873.qmail@minotaur.apache.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Rating: localhost.hyperreal.org 1.6.2 0/1000/N X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N luehe@apache.org wrote: > luehe 2005/03/02 11:27:11 > > Modified: catalina/src/share/org/apache/catalina/realm RealmBase.java > Log: > Consider the case where original request was mapped to welcome page. > In this case, the mapped welcome page (and not the original request > URI!) needs to be the target of hasResourcePermission(). > > This is consistent with the change that had been made in findSecurityConstraints(). > > BTW, shouldn't request.getDecodedRequestURI() return the mapped > welcome page (instead of the original URI) in this case? > In other words, shouldn't the path passed to > mappingData.requestPath.setString(pathStr) > in Mapper.java be propagated to the request object associatd with the > mappingData? I consider welcome files to be internal forwards (since it is allowed to handle them this way). As a result, they shouldn't be matched by secrurity constraints. Only the original request path should be the used (so here it's getDecodedRequestURI - as sent by the client). Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org