Check that WFS GetFeature calls are secured when accessed from the browser
--------------------------------------------------------------------------
Key: GEOS-1099
URL: http://jira.codehaus.org/browse/GEOS-1099
Project: GeoServer
Issue Type: Improvement
Components: WFS
Reporter: Andrea Aime
Assignee: Andrea Aime
Fix For: 1.6.0
Apparently one user managed to get out GML from a secured GetFeature call. Try with different browsers or different machines.
"Now i have one question. If i post wfs request from demo request form.
http://localhost/geoserversecure/wfs?request=getfeature&service=wfs&ve
rsion=1.0.0&typename=topp:tasmania_roadsI get this message if I dont type user and psw. Thats ok
<?xml version="1.0" encoding="UTF-8" ?>
<servlet-exception>HTTP response: 401 Bad
credentials</servlet-exception>But if I type request
http://localhost/geoserversecure/wfs?request=getfeature&service=wfs&ve
rsion=1.0.0&typename=topp:tasmania_roadsdirectly in browzer security fails and I get back Gml file for requested layer.It seems that HTTP POST works fine, HTTP GET not. Is there any way to prevent this.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira