[Geoserver-devel] [jira] Created: (GEOS-1099) Check that WFS GetFeature calls are secured when accessed from the browser

Check that WFS GetFeature calls are secured when accessed from the browser
--------------------------------------------------------------------------

                 Key: GEOS-1099
                 URL: http://jira.codehaus.org/browse/GEOS-1099
             Project: GeoServer
          Issue Type: Improvement
          Components: WFS
            Reporter: Andrea Aime
            Assignee: Andrea Aime
             Fix For: 1.6.0

Apparently one user managed to get out GML from a secured GetFeature call. Try with different browsers or different machines.

"Now i have one question. If i post wfs request from demo request form.

http://localhost/geoserversecure/wfs?request=getfeature&service=wfs&ve
rsion=1.0.0&typename=topp:tasmania_roads

I get this message if I dont type user and psw. Thats ok

  <?xml version="1.0" encoding="UTF-8" ?>
  <servlet-exception>HTTP response: 401 Bad
credentials</servlet-exception>

But if I type request

http://localhost/geoserversecure/wfs?request=getfeature&service=wfs&ve
rsion=1.0.0&typename=topp:tasmania_roads

directly in browzer security fails and I get back Gml file for requested layer.It seems that HTTP POST works fine, HTTP GET not. Is there any way to prevent this.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira