[Geoserver-devel] [JIRA] (GEOS-9054) Geoserver object names cannot contain special characters (dot, ...) when the are used in URLs for the REST API.

Christian Mueller created an issue

GeoServer / BugGEOS-9054

Geoserver object names cannot contain special characters (dot,…) when the are used in URLs for the REST API.

Issue Type:

BugBug

Affects Versions:

2.14.1, 2.15-RC

Assignee:

Unassigned

Components:

Security

Created:

11/Dec/18 12:52 PM

Environment:

Spring Security Version 4.2.7
Geoserver 2.14.x and master

Priority:

HighHigh

Reporter:

Christian Mueller

The class org.springframework.security.web.FilterChainProxy used by org.geoserver.security.GeoServerSecurityFilterChainProxy
changed its default behavior.

The proxy uses an instance of org.springframework.security.web.firewall.StrictHttpFirewall instead of org.springframework.security.web.firewall.DefaultHttpFirewall.

The class StrictHttpFirewall disallows (as default ) the usage of special characters(dot,colon,…) in an URL. As a consequence the GeoServer Rest API cannot handle GeoServer objects ( layers, featuretypes,…) with a special character in their name.

Btw, dots are required by INSPIRE.

Restoring the original behavior can be done by adding the following bean definition

<bean id=“defaultFirewall” class=“org.springframework.security.web.firewall.DefaultHttpFirewall”/>

to applicationSecurityContext.xml

Should I prepare a pull request for master and 2.14.x ?

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100095-sha1:b32a154)

Atlassian logo