[Geoserver-devel] [jira] (GEOS-5824) http://..../geoserver matches wrong security filter chain

Christian Mueller created BugGEOS-5824
http://…/geoserver matches wrong security filter chain

Issue Type:

BugBug

Affects Versions:

2.3.2

Assignee:

Christian Mueller

Components:

Security

Created:

23/May/13 8:33 AM

Description:

The GeoServer start url http://…/geoserver matches the default security chain (handling OGC services). The request is finally redirected to

http://…/geoserver/web.

As a consequence, http://…/geoserver should match the web filter chain.

A more detailed description is here

http://sourceforge.net/mailarchive/forum.php?thread_name=CAK2H3M00bGDhRfh_UToJjwuPczkihbW_UPSk64cvakTqVZQRog%40mail.gmail.com&forum_name=geoserver-devel

The Web filter chain has the following ant patterns

/web/**
/gwc/rest/web/**

Adding the pattern

/

solves this problem.

Unfortunately a data directory migration is required. (A small one, but it is one).

Workaround for 2.3.x series:

On the GeoServer “Authentication” page, click on the filter chain called “web”.

There is a list of ant patterns.

/web/,/gwc/rest/web/

Change the list to

/web/,/gwc/rest/web/,/

Click close. Back on the “Autentication” page, click “Save”. Finished.

Project:

GeoServer

Priority:

MajorMajor

Reporter:

Christian Mueller

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: [http://www.atlassian.com/software/jira](http://www.atlassian.com/software/jira)