You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Ilya Platonov (JIRA)" <de...@geronimo.apache.org> on 2006/03/16 10:54:00 UTC
[jira] Created: (GERONIMO-1747) HTTP-methods checks
HTTP-methods checks
-------------------
Key: GERONIMO-1747
URL: http://issues.apache.org/jira/browse/GERONIMO-1747
Project: Geronimo
Type: Bug
Components: security
Versions: 1.0
Environment: Windows 2003, java 1.4
Reporter: Ilya Platonov
I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:534)
When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-1747) HTTP-methods checks
Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1747?page=all ]
Aaron Mulder updated GERONIMO-1747:
-----------------------------------
Fix Version/s: 1.1.2
> HTTP-methods checks
> -------------------
>
> Key: GERONIMO-1747
> URL: http://issues.apache.org/jira/browse/GERONIMO-1747
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.0
> Environment: Windows 2003, java 1.4
> Reporter: Ilya Platonov
> Fix For: 1.1.2
>
> Attachments: web.xml
>
>
> I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
> When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
> 15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
> at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
> at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
> at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
> at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
> at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
> at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
> at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
> at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:534)
> When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
> Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-1747) HTTP-methods checks
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12461834 ]
David Jencks commented on GERONIMO-1747:
----------------------------------------
HTTP extension methods are supported in jacc-1.1 which is currently (somewhat untestedly) in 2.0 (trunk). So, your app should work on 2.0. I'd be very interested to know if it does :-).
jacc-1.0 does not support http extensions. You might be able to put the jacc 1.1 jar into your pre-2.0 server and use the artifact_aliases.xml file to map one to the other, but I don't recall when the artifact_aliases file appeared and I'm not sure it it works for plain jars.
> HTTP-methods checks
> -------------------
>
> Key: GERONIMO-1747
> URL: http://issues.apache.org/jira/browse/GERONIMO-1747
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.0
> Environment: Windows 2003, java 1.4
> Reporter: Ilya Platonov
> Fix For: 1.1.2
>
> Attachments: web.xml
>
>
> I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
> When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
> 15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
> at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
> at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
> at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
> at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
> at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
> at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
> at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
> at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:534)
> When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
> Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-1747) HTTP-methods checks
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated GERONIMO-1747:
-----------------------------------
Fix Version/s: (was: 1.1.2)
> HTTP-methods checks
> -------------------
>
> Key: GERONIMO-1747
> URL: https://issues.apache.org/jira/browse/GERONIMO-1747
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.0
> Environment: Windows 2003, java 1.4
> Reporter: Ilya Platonov
> Attachments: slide.war, web.xml
>
>
> I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
> When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
> 15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
> at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
> at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
> at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
> at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
> at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
> at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
> at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
> at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:534)
> When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
> Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-1747) HTTP-methods checks
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks closed GERONIMO-1747.
----------------------------------
Resolution: Fixed
Fix Version/s: 2.1
Assignee: David Jencks
I think the problem was an incorrect regular expression in the servlet schema. I believe its been fixed.
> HTTP-methods checks
> -------------------
>
> Key: GERONIMO-1747
> URL: https://issues.apache.org/jira/browse/GERONIMO-1747
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.0
> Environment: Windows 2003, java 1.4
> Reporter: Ilya Platonov
> Assignee: David Jencks
> Fix For: 2.1
>
> Attachments: slide.war, web.xml
>
>
> I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
> When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
> 15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
> at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
> at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
> at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
> at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
> at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
> at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
> at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
> at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:534)
> When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
> Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-1747) HTTP-methods checks
Posted by "Christopher M. Cardona (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12462317 ]
Christopher M. Cardona commented on GERONIMO-1747:
--------------------------------------------------
Hi David,
I tried deploying Apache Slide webapp with security constraint set to enable authentication on 2.0-M1 but I got the following error:
{code:xml}
...
Caused by: org.apache.xmlbeans.XmlException: Invalid deployment descriptor: [err
or: cvc-datatype-valid.1.1: string value 'VERSION-CONTROL' does not match patter
n for http-methodType in namespace http://java.sun.com/xml/ns/javaee, error: cvc
-datatype-valid.1.1: string value 'BASELINE-CONTROL' does not match pattern for
http-methodType in namespace http://java.sun.com/xml/ns/javaee]
Descriptor: <web-app xsi:schemaLocation="http://java.sun.com/xml/ns/javaeehttp:/
/java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns:xsi="http://www
.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee">
<display-name>Jakarta Slide WebDAV Server</display-name>
<!--Definition and configuration of servlet filters-->
<filter>
<filter-name>webdavlog</filter-name>
<filter-class>org.apache.slide.webdav.filter.LogFilter</filter-class>
<init-param>
<description>Defines the format of a log line.
The following placeholders are available:
%T=thread-name,
%t=date-time,
%P=principal-name,
%m=method-name,
%s=status-code,
%l=default-status-text,
%L=detailed-status-text,
%i=elapsed-time,
%p=relative-request-uri,
%u=request-uri.
%x=request-content-length.
%A=header User-Agent.</description>
<param-name>logFormat</param-name>
<param-value>%T, %t, %P, %m, %s "%l", %i, %p</param-value>
</init-param>
<init-param>
<description>If true, output is directed to STDOUT.</description>
<param-name>outputToConsole</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<description>If true, output is directed to the servlet's log file.</descr
iption>
<param-name>outputToServletLog</param-name>
<param-value>false</param-value>
</init-param>
<!--<init-param>
<param-name>outputToFile</param-name>
<param-value>c:\webdav.log.xml</param-value>
<description>If present, output is directed to the specified file.</
description>
</init-param>-->
</filter>
<!--If you're operating Slide with an SSL connection and with authentication e
nabled
and you notice that Internet Explorer is unable to open some file types
you may
want to uncomment the following filter and its associated filter-mappin
g. See the
javadoc for the NoCacheFilter class for a description of the problem an
d discussion
of the ramifications.-->
<!--<filter>
<filter-name>nocache</filter-name>
<filter-class>org.apache.slide.webdav.filter.NoCacheFilter</filter-class
>
</filter>-->
<filter-mapping>
<filter-name>webdavlog</filter-name>
<servlet-name>webdav</servlet-name>
</filter-mapping>
<!--<filter-mapping>
<filter-name>nocache</filter-name>
<servlet-name>webdav</servlet-name>
</filter-mapping>-->
<!--Definition and configuration of Slide's WebDAV servlet.-->
<servlet>
<display-name>Slide DAV Server</display-name>
<servlet-name>webdav</servlet-name>
<servlet-class>org.apache.slide.webdav.WebdavServlet</servlet-class>
<init-param>
<description>Path to the domain configuration file, relative to the path o
f the
web application.
The default is '/Domain.xml'.</description>
<param-name>domain</param-name>
<param-value>/Domain.xml</param-value>
</init-param>
<init-param>
<description>Name of the Slide namespace that should be accessed by this s
ervlet.
If this parameter is provided, make sure the corresponding names
pace
is defined in the domain configuration file. Otherwise, the defa
ult
namespace will be used, if one exists.</description>
<param-name>namespace</param-name>
<param-value>slide</param-value>
</init-param>
<init-param>
<description>Scope of the Slide namespace that should be exposed by this s
ervlet.
For example, if you want to expose only the /files collection v
ia
WebDAV, set this parameter to '/files'. In that case, any URLs
of the
form '/context-path/servlet-path/*' will be mapped to '/files/*
'
in the Slide namespace.
The default value is an empty string.</description>
<param-name>scope</param-name>
<param-value/>
</init-param>
<init-param>
<description>This init-parameter determines the depth limit for PROPFIND a
nd other
methods, to avoid performance hits on the server for requests w
ith
infinite depth.
The default value is '3'.</description>
<param-name>depth-limit</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<description>The MIME type that should be used for resources of unknown ty
pe. For
example, if a WebDAV client uploads a file (via PUT) without spe
cifying
the Content-Type header, the MIME type defined here will be used
.
The default value is 'application/octet-stream'.</description>
<param-name>default-mime-type</param-name>
<param-value>application/octet-stream</param-value>
</init-param>
<init-param>
<description>By default, the WebDAV servlet is mapped as default servlet o
f the
web application context (the url-pattern in servlet-mapping is '
/').
If you want to change that mapping so the servlet is no longer t
he
default servlet, you must change this initialization parameter t
o
indicate the situation to the servlet, by setting it to 'false'.
The default value is 'true'.</description>
<param-name>default-servlet</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<description>Use the 'directory-browsing' init-parameter to turn off gener
ation of
HTML index pages that enable browsing of collections (by settin
g this
parameter to 'false'), or to specify a web-app relative path to
a
template resource (a JSP page, for example) which should handle
generation of the HTML index page. In the latter case, you can
use a
JSP page at WEB-INF/index.jsp by specifying '/WEB-INF/index.jsp
' as
value of this parameter.
The default value is 'true'.</description>
<param-name>directory-browsing</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<description>Use this parameter to hide ACL information in generated HTML
index pages.
(see parameter "directory-browsing")
The default value is 'true'.</description>
<param-name>directory-browsing-hide-acl</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<description>Use this parameter to hide locking information in generated H
TML index pages.
(see parameter "directory-browsing")
The default value is 'true'.</description>
<param-name>directory-browsing-hide-locks</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<description>If set to false, the PropFindMethod will first create a (larg
e) JDOM
document in memory and then write it to the response stream.
If set true, the PropFindMethod will write results to the stream
as
soon as they are available. This will reduce memory consumption
in the case of large responses (PROPFIND on many resources).
The output of these two variants differ slightly, since in optim
ized
mode the D:DAV namespace is declared in the multistatus element
AND
in all response elements. Since this is still a valid XML docume
nt
it shouldn't be a problem, but in case you encounter any diffcul
ties
this switch provides a way to get around it.</description>
<param-name>optimizePropfindOutput</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<description>According to RFC3253 (DeltaV), RFCxxxx (ACL) and RFCxxxx (Bin
ding),
a DAV:allprop PROPFIND should not return any of the properties defin
ed
in any of that documents.
For testing purposes, the specified behaviour can be disabled by
setting this parameter "true".</description>
<param-name>extendedAllprop</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<description>As proposed on February 08, 2003 by Lisa Dusseault in
w3c-dist-auth-request@w3.org, the DAV:lockdiscovery property sho
uld
include an element DAV:principal-URL with the semantics of the
WebDAV/ACL specification. This feature is switched-off
by default as it lead to compatibility problems with MacOS X client.</de
scription>
<param-name>lockdiscoveryIncludesPrincipalURL</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<description>This parameter controls whether modifying properties via
PROPPATCH causes the last modification date of the
resource to be updated or not.</description>
<param-name>updateLastModified</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<!--Uncomment this to get authentication-->
<security-role-ref>
<role-name>root</role-name>
<role-link>root</role-link>
</security-role-ref>
<security-role-ref>
<role-name>guest</role-name>
<role-link>guest</role-link>
</security-role-ref>
<security-role-ref>
<role-name>user</role-name>
<role-link>user</role-link>
</security-role-ref>
</servlet>
<!--The mapping for the Slide WebDAV servlet.
If you change the mapping so that the servlet isn't the default servlet
anymore, make sure to set the init-parameter 'default-servlet' to
'false'.-->
<servlet-mapping>
<servlet-name>webdav</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!--For some app servers (Tomcat)
.jsp files must be mapped
explicitly-->
<servlet-mapping>
<servlet-name>webdav</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
<!--Set the default session timeout (in minutes)-->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<!--Establish the default MIME type mappings-->
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>htm</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>gif</extension>
<mime-type>image/gif</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jpg</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jpe</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jpeg</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>java</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>body</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>rtx</extension>
<mime-type>text/richtext</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tsv</extension>
<mime-type>text/tab-separated-values</mime-type>
</mime-mapping>
<mime-mapping>
<extension>etx</extension>
<mime-type>text/x-setext</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ps</extension>
<mime-type>application/x-postscript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>class</extension>
<mime-type>application/java</mime-type>
</mime-mapping>
<mime-mapping>
<extension>csh</extension>
<mime-type>application/x-csh</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sh</extension>
<mime-type>application/x-sh</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tcl</extension>
<mime-type>application/x-tcl</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tex</extension>
<mime-type>application/x-tex</mime-type>
</mime-mapping>
<mime-mapping>
<extension>texinfo</extension>
<mime-type>application/x-texinfo</mime-type>
</mime-mapping>
<mime-mapping>
<extension>texi</extension>
<mime-type>application/x-texinfo</mime-type>
</mime-mapping>
<mime-mapping>
<extension>t</extension>
<mime-type>application/x-troff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tr</extension>
<mime-type>application/x-troff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>roff</extension>
<mime-type>application/x-troff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>man</extension>
<mime-type>application/x-troff-man</mime-type>
</mime-mapping>
<mime-mapping>
<extension>me</extension>
<mime-type>application/x-troff-me</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ms</extension>
<mime-type>application/x-wais-source</mime-type>
</mime-mapping>
<mime-mapping>
<extension>src</extension>
<mime-type>application/x-wais-source</mime-type>
</mime-mapping>
<mime-mapping>
<extension>zip</extension>
<mime-type>application/zip</mime-type>
</mime-mapping>
<mime-mapping>
<extension>bcpio</extension>
<mime-type>application/x-bcpio</mime-type>
</mime-mapping>
<mime-mapping>
<extension>cpio</extension>
<mime-type>application/x-cpio</mime-type>
</mime-mapping>
<mime-mapping>
<extension>gtar</extension>
<mime-type>application/x-gtar</mime-type>
</mime-mapping>
<mime-mapping>
<extension>shar</extension>
<mime-type>application/x-shar</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sv4cpio</extension>
<mime-type>application/x-sv4cpio</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sv4crc</extension>
<mime-type>application/x-sv4crc</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tar</extension>
<mime-type>application/x-tar</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ustar</extension>
<mime-type>application/x-ustar</mime-type>
</mime-mapping>
<mime-mapping>
<extension>dvi</extension>
<mime-type>application/x-dvi</mime-type>
</mime-mapping>
<mime-mapping>
<extension>hdf</extension>
<mime-type>application/x-hdf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>latex</extension>
<mime-type>application/x-latex</mime-type>
</mime-mapping>
<mime-mapping>
<extension>bin</extension>
<mime-type>application/octet-stream</mime-type>
</mime-mapping>
<mime-mapping>
<extension>oda</extension>
<mime-type>application/oda</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pdf</extension>
<mime-type>application/pdf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ps</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>eps</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ai</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>rtf</extension>
<mime-type>application/rtf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>nc</extension>
<mime-type>application/x-netcdf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>cdf</extension>
<mime-type>application/x-netcdf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>cer</extension>
<mime-type>application/x-x509-ca-cert</mime-type>
</mime-mapping>
<mime-mapping>
<extension>exe</extension>
<mime-type>application/octet-stream</mime-type>
</mime-mapping>
<mime-mapping>
<extension>gz</extension>
<mime-type>application/x-gzip</mime-type>
</mime-mapping>
<mime-mapping>
<extension>Z</extension>
<mime-type>application/x-compress</mime-type>
</mime-mapping>
<mime-mapping>
<extension>z</extension>
<mime-type>application/x-compress</mime-type>
</mime-mapping>
<mime-mapping>
<extension>hqx</extension>
<mime-type>application/mac-binhex40</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mif</extension>
<mime-type>application/x-mif</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ief</extension>
<mime-type>image/ief</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tiff</extension>
<mime-type>image/tiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tif</extension>
<mime-type>image/tiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ras</extension>
<mime-type>image/x-cmu-raster</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pnm</extension>
<mime-type>image/x-portable-anymap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pbm</extension>
<mime-type>image/x-portable-bitmap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pgm</extension>
<mime-type>image/x-portable-graymap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ppm</extension>
<mime-type>image/x-portable-pixmap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>rgb</extension>
<mime-type>image/x-rgb</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xbm</extension>
<mime-type>image/x-xbitmap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xpm</extension>
<mime-type>image/x-xpixmap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xwd</extension>
<mime-type>image/x-xwindowdump</mime-type>
</mime-mapping>
<mime-mapping>
<extension>au</extension>
<mime-type>audio/basic</mime-type>
</mime-mapping>
<mime-mapping>
<extension>snd</extension>
<mime-type>audio/basic</mime-type>
</mime-mapping>
<mime-mapping>
<extension>aif</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>aiff</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>aifc</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>wav</extension>
<mime-type>audio/x-wav</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpeg</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpg</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpe</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>qt</extension>
<mime-type>video/quicktime</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mov</extension>
<mime-type>video/quicktime</mime-type>
</mime-mapping>
<mime-mapping>
<extension>avi</extension>
<mime-type>video/x-msvideo</mime-type>
</mime-mapping>
<mime-mapping>
<extension>movie</extension>
<mime-type>video/x-sgi-movie</mime-type>
</mime-mapping>
<mime-mapping>
<extension>avx</extension>
<mime-type>video/x-rad-screenplay</mime-type>
</mime-mapping>
<mime-mapping>
<extension>wrl</extension>
<mime-type>x-world/x-vrml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpv2</extension>
<mime-type>video/mpeg2</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jpg</extension>
<mime-type>image/pjpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sgml</extension>
<mime-type>text/sgml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sgm</extension>
<mime-type>text/sgml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>css</extension>
<mime-type>text/css</mime-type>
</mime-mapping>
<mime-mapping>
<extension>png</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
<mime-mapping>
<extension>bmp</extension>
<mime-type>image/bmp</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpga</extension>
<mime-type>audio/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mp2</extension>
<mime-type>audio/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mp3</extension>
<mime-type>audio/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>js</extension>
<mime-type>application/x-javascript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xml</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xls</extension>
<mime-type>application/vnd.ms-excel</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ppt</extension>
<mime-type>application/vnd.ms-powerpoint</mime-type>
</mime-mapping>
<mime-mapping>
<extension>doc</extension>
<mime-type>application/msword</mime-type>
</mime-mapping>
<!--Establish the default list of welcome files-->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
<!--Authetication for the WebDAV servlet-->
<!--Uncomment this to get authentication-->
<security-constraint>
<web-resource-collection>
<web-resource-name>DAV resource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>COPY</http-method>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>LOCK</http-method>
<http-method>MKCOL</http-method>
<http-method>MOVE</http-method>
<http-method>OPTIONS</http-method>
<http-method>POST</http-method>
<http-method>PROPFIND</http-method>
<http-method>PROPPATCH</http-method>
<http-method>PUT</http-method>
<http-method>UNLOCK</http-method>
<http-method>VERSION-CONTROL</http-method>
<http-method>REPORT</http-method>
<http-method>CHECKIN</http-method>
<http-method>CHECKOUT</http-method>
<http-method>UNCHECKOUT</http-method>
<http-method>MKWORKSPACE</http-method>
<http-method>UPDATE</http-method>
<http-method>LABEL</http-method>
<http-method>MERGE</http-method>
<http-method>BASELINE-CONTROL</http-method>
<http-method>MKACTIVITY</http-method>
<http-method>ACL</http-method>
<http-method>SEARCH</http-method>
<http-method>BIND</http-method>
<http-method>UNBIND</http-method>
<http-method>REBIND</http-method>
<http-method>SUBSCRIBE</http-method>
<http-method>UNSUBSCRIBE</http-method>
<http-method>POLL</http-method>
<http-method>NOTIFY</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>root</role-name>
<role-name>guest</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Slide DAV Server</realm-name>
</login-config>
<security-role>
<role-name>root</role-name>
</security-role>
<security-role>
<role-name>guest</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
at org.apache.geronimo.deployment.xmlbeans.XmlBeansUtil.validateDD(XmlBe
ansUtil.java:213)
at org.apache.geronimo.web25.deployment.AbstractWebModuleBuilder.convert
ToServletSchema(AbstractWebModuleBuilder.java:362)
at org.apache.geronimo.tomcat.deployment.TomcatModuleBuilder.createModul
e(TomcatModuleBuilder.java:140)
... 41 more
{code}
Looks like it doesn't like <http-method>VERSION-CONTROL</http-method> and <http-method>BASELINE-CONTROL</http-method>. Are these methods unsupported in G 2.0 / JACC 1.1? Thanks.
> HTTP-methods checks
> -------------------
>
> Key: GERONIMO-1747
> URL: https://issues.apache.org/jira/browse/GERONIMO-1747
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.0
> Environment: Windows 2003, java 1.4
> Reporter: Ilya Platonov
> Fix For: 1.1.2
>
> Attachments: web.xml
>
>
> I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
> When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
> 15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
> at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
> at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
> at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
> at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
> at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
> at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
> at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
> at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:534)
> When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
> Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-1747) HTTP-methods checks
Posted by "Ilya Platonov (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1747?page=all ]
Ilya Platonov updated GERONIMO-1747:
------------------------------------
Attachment: web.xml
attach my web.xml
> HTTP-methods checks
> -------------------
>
> Key: GERONIMO-1747
> URL: http://issues.apache.org/jira/browse/GERONIMO-1747
> Project: Geronimo
> Type: Bug
> Components: security
> Versions: 1.0
> Environment: Windows 2003, java 1.4
> Reporter: Ilya Platonov
> Attachments: web.xml
>
> I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
> When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
> 15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
> at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
> at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
> at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
> at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
> at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
> at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
> at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
> at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:534)
> When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
> Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-1747) HTTP-methods checks
Posted by "Christopher M. Cardona (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher M. Cardona updated GERONIMO-1747:
---------------------------------------------
Attachment: slide.war
> HTTP-methods checks
> -------------------
>
> Key: GERONIMO-1747
> URL: https://issues.apache.org/jira/browse/GERONIMO-1747
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.0
> Environment: Windows 2003, java 1.4
> Reporter: Ilya Platonov
> Fix For: 1.1.2
>
> Attachments: slide.war, web.xml
>
>
> I'm tring to run jakarta-slide web-application on geronimo application server. Slide provides WebDAV support.
> When security constrain is not set, everything works fine exept some minor issues but when I put some security constraints for servlets I got following error in server.log.
> 15:43:58,132 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
> java.lang.IllegalArgumentException: Invalid HTTPMethodSpec
> at javax.security.jacc.HTTPMethodSpec.<init>(HTTPMethodSpec.java:114)
> at javax.security.jacc.WebUserDataPermission.<init>(WebUserDataPermission.java:84)
> at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasUserDataPermission(TomcatGeronimoRealm.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:428)
> at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:262)
> at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
> at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
> at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
> at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:534)
> When I looked through Geronimo source code I found that "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS" and "TRACE" http-methods hardcoded into HTTPMethodSpec class and if you tring to use another method it throws this exception. Problem is that WebDAV specification extends standard HTTP-methods, for example it uses MKCOL and LOCK methods so jakarta-slide just not working.
> Is there any workaround for this bug or geronimo is just not able to handle any HTTP protocol extensions???
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira