[jbpm-dev] Re: gpd 3.1.7 release
Ronald van Kuijk
ronald at jbpm.org
Fri Feb 20 08:19:40 EST 2009
http://fisheye.jboss.com/browse/JbpmSvn/projects/jsf-console/trunk/console/src/main/webapp/WEB-INF/web.xml?r1=3412&r2=3298
Two months ago the 'url-pattern' of the upload servlet was changed from
/upload to /app/upload which resulted in it being secured by a
username/password.
This was not realy announced so there were some posts on a changed location,
but now I know it's secured it might be the cause of several other posts in
the forum regarding errors when deploying and people starting to use
workarounds (deploy via ant).
So a small change in web.xml could revert this, but then people who started
using this new location will have to also make changes...
Personally, I'd change it to /upload again and have it unprotected as Koen
states
Ronald
2009/2/20 Thomas Diesler <thomas.diesler at jboss.com>
> That the upload servlet is protected is new to me. Could you please find
> out who did this so we know who to talk to?
>
> cheers
> -thomas
>
> Koen Aers wrote:
>
>> Hi Thomas,
>>
>> While testing the deployment of processes from the gpd I came across the
>> fact that the deployment servlet in the previous jBPM releases (3.3.1 and
>> 3.2.5) is now secured. Also, the connection url for the deployment has
>> changed. While the latter is not that much of an issue (as it can be changed
>> in the preferences pages of the designer), the former is very much so. To be
>> able to make this work again I need to be able to provide the credentials in
>> a programmatic way. Maybe you can help me, but I couldn't find an easy way
>> to do so as the logon mechanism used is a jsf specific one. Additionally,
>> there should be a way to change the user and password strings (or store them
>> as preferences). I am not sure if I will be able to incorporate these
>> changes before the release.
>> In addition, as argued in https://jira.jboss.org/jira/browse/GPD-278 and
>> the other related issues, we need to keep the out-of-the-box experience as
>> smooth as possible for our community users, so IMO the upload servlet does
>> not need to be protected as the SOA platform removes the servlet for
>> production use.
>> I am not sure if creating a new GPD makes sense if users will not be able
>> to deploy their processes.
>>
>> Regards,
>> Koen
>>
>
> --
> xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Thomas Diesler
> BPM Product Lead
> JBoss, a division of Red Hat
> xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> _______________________________________________
> jbpm-dev mailing list
> jbpm-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jbpm-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jbpm-dev/attachments/20090220/54ca4e10/attachment.html
More information about the jbpm-dev
mailing list