You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Christopher M. Cardona (JIRA)" <ji...@apache.org> on 2007/01/04 22:05:27 UTC
[jira] Updated: (GERONIMO-1747) HTTP-methods checks
[ https://issues.apache.org/jira/browse/GERONIMO-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher M. Cardona updated GERONIMO-1747:
---------------------------------------------
Attachment: slide.war
> HTTP-methods checks
> -------------------
>
> Key: GERONIMO-1747
> URL: https://issues.apache.org/jira/browse/GERONIMO-1747
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.0
> Environment: Windows 2003, java 1.4
> Reporter: Ilya Platonov
> Fix For: 1.1.2
>
> Attachments: slide.war, web.xml
>
>
> I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
> When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
> 15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
> at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
> at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
> at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
> at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
> at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
> at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
> at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
> at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:534)
> When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
> Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira