Announcement Announcement Module
Collapse
No announcement yet.
Servlet filtering for 2.4 API Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Servlet filtering for 2.4 API

    Hello,

    I know that servlet forwards (as opposed to redirects) arent supposed to be secured by ACEGI as per the post below:

    http://forum.springframework.org/showthread.php?t=11025

    However when using a 2.4 servlet container a filter can be used to intercept forwards (as the last post on the above thread points out). But checking the FilterSecurityInterceptor code I noticed that it does not apply the filter for requests that were already verified, so when the filter is invoked for forwards the access is not secured anymore. I tried simply removing this check and security works just fine for both requests and forwards. Is there a reason why this repeated security check is avoided, or it can be safely removed?

    Regards,

    Victor
    Last edited by robyn; May 16th, 2006, 05:27 AM.

  • #2
    We should make the behaviour switchable. I've added a task to JIRA: http://opensource.atlassian.com/proj.../browse/SEC-14

    Comment


    • #3
      JIRA task resolved. Will be in 0.9.0.

      Comment


      • #4
        Thanks a lot Ben!

        Regards,

        Victor

        Comment

        Working...
        X