The problem occurs at assembly time. gt-app-schema correctly declares its dependency on commons-digester, and gs-app-schema-test runs fine, but the assembly mechanism requires explicit naming of the jars to be included in the plugin. All I have to do is add it to src/release/ext-app-schema.xml and update the readme. Victor has just confirmed that app-schema works once this plugin is added (deployment based on 2.7-SNAPSHOT).
We have seen similar assembly problems with web-cas, so this is not new. The awful truth is that nobody tested RC1 with app-schema.
Super catch from Victor (who also provided the working demo of the WMS XSS vulnerability). He has been saving my neck this week.
On 03/09/14 13:20, Jody Garnett wrote:
Good catch - but why was this not picked up by maven dependency
analysis? Is app-schema depending on commons-digester and not
advertising that fact?
Jody Garnett
--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre
I have pushed a fix onto 2.6.x and master. Release is no longer blocked by this problem.
Kind regards,
Ben.
On 03/09/14 13:34, Ben Caradoc-Davies wrote:
The problem occurs at assembly time. gt-app-schema correctly declares
its dependency on commons-digester, and gs-app-schema-test runs fine,
but the assembly mechanism requires explicit naming of the jars to be
included in the plugin. All I have to do is add it to
src/release/ext-app-schema.xml and update the readme. Victor has just
confirmed that app-schema works once this plugin is added (deployment
based on 2.7-SNAPSHOT).
We have seen similar assembly problems with web-cas, so this is not new.
The awful truth is that nobody tested RC1 with app-schema.
Super catch from Victor (who also provided the working demo of the WMS
XSS vulnerability). He has been saving my neck this week.
On 03/09/14 13:20, Jody Garnett wrote:
Good catch - but why was this not picked up by maven dependency
analysis? Is app-schema depending on commons-digester and not
advertising that fact?
Jody Garnett
--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre
On Wed, Sep 3, 2014 at 7:34 AM, Ben Caradoc-Davies <
Ben.Caradoc-Davies@anonymised.com> wrote:
We have seen similar assembly problems with web-cas, so this is not new.
The awful truth is that nobody tested RC1 with app-schema.
Maybe there is a way out of this, to ensure some continous functional
testing of app-schema
and its artifacts: implement WFS complex feature CITE tests support.
The CITE tests are using the nightly builds, so they would have to unpack
the assembly,
merge it into geoserver, and then run the tests
Quite a bit of work, I realize it, it's just the only way I could think of
to give app-schema
some of the same coverage the other modules get via the CITE tests
Cheers
Andrea
--
GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information.
Ing. Andrea Aime @geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
On Wed, Sep 3, 2014 at 7:34 AM, Ben Caradoc-Davies
<Ben.Caradoc-Davies@anonymised.com <mailto:Ben.Caradoc-Davies@anonymised.com>> wrote:
We have seen similar assembly problems with web-cas, so this is not new.
The awful truth is that nobody tested RC1 with app-schema.
Maybe there is a way out of this, to ensure some continous functional
testing of app-schema
and its artifacts: implement WFS complex feature CITE tests support.
The CITE tests are using the nightly builds, so they would have to
unpack the assembly,
merge it into geoserver, and then run the tests
Quite a bit of work, I realize it, it's just the only way I could think
of to give app-schema
some of the same coverage the other modules get via the CITE tests
Andrea, that is a great idea. Are there any complex feature CITE suites?
Kind regards,
--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre
On Wed, Sep 3, 2014 at 10:32 AM, Ben Caradoc-Davies <
Ben.Caradoc-Davies@anonymised.com> wrote:
Quite a bit of work, I realize it, it's just the only way I could think
of to give app-schema
some of the same coverage the other modules get via the CITE tests
Andrea, that is a great idea. Are there any complex feature CITE suites?
In the WFS ones there is a flag that can be enabled when starting the test
to enable also complex features tests, so yes, those
Cheers
Andrea
--
GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information.
Ing. Andrea Aime @geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549