You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by Anil Gangolli <an...@busybuddha.org> on 2005/12/07 17:00:14 UTC
CharEncodingFilter and the Acegi security filter
The Acegi security filter got placed before CharEncodingFilter (which
sets the request encoding to UTF-8 and synchronizes the Struts and JSTL
notions of locale).
Unless we're very sure that the security filter never triggers request
parsing (which gets triggered by any reference to parameters or things
beyond the header), I'd like to keep CharEncodingFilter first in the
chain. I believe its operations are safe to have in front of the
security filter, and not having it in front threatens to break i18n on
paths similar to ROL-670 (which hopefully Acegi resolves).
I'd like to do this before 2.1 but after Dave resolves the blank page
issue; don't want to add any additional noise to that picture.
Objections?
--a.
Re: CharEncodingFilter and the Acegi security filter
Posted by Allen Gilliland <Al...@Sun.COM>.
I agree. I think we can go ahead and do this now, it should be affecting the blank page issue.
-- Allen
On Wed, 2005-12-07 at 08:00, Anil Gangolli wrote:
> The Acegi security filter got placed before CharEncodingFilter (which
> sets the request encoding to UTF-8 and synchronizes the Struts and JSTL
> notions of locale).
>
> Unless we're very sure that the security filter never triggers request
> parsing (which gets triggered by any reference to parameters or things
> beyond the header), I'd like to keep CharEncodingFilter first in the
> chain. I believe its operations are safe to have in front of the
> security filter, and not having it in front threatens to break i18n on
> paths similar to ROL-670 (which hopefully Acegi resolves).
>
> I'd like to do this before 2.1 but after Dave resolves the blank page
> issue; don't want to add any additional noise to that picture.
>
> Objections?
>
> --a.
>