<a href="http://fisheye.jboss.com/browse/JbpmSvn/projects/jsf-console/trunk/console/src/main/webapp/WEB-INF/web.xml?r1=3412&r2=3298">http://fisheye.jboss.com/browse/JbpmSvn/projects/jsf-console/trunk/console/src/main/webapp/WEB-INF/web.xml?r1=3412&r2=3298</a><br>
<br>Two months ago the 'url-pattern' of the upload servlet was changed from /upload to /app/upload which resulted in it being secured by a username/password. <br><br>This was not realy announced so there were some posts on a changed location, but now I know it's secured it might be the cause of several other posts in the forum regarding errors when deploying and people starting to use workarounds (deploy via ant).<br>
<br>So a small change in web.xml could revert this, but then people who started using this new location will have to also make changes... <br><br>Personally, I'd change it to /upload again and have it unprotected as Koen states<br>
<br>Ronald<br><br><br><br><div class="gmail_quote">2009/2/20 Thomas Diesler <span dir="ltr"><<a href="mailto:thomas.diesler@jboss.com">thomas.diesler@jboss.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
That the upload servlet is protected is new to me. Could you please find out who did this so we know who to talk to?<br>
<br>
cheers<br>
-thomas<br>
<br>
Koen Aers wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Thomas,<br>
<br>
While testing the deployment of processes from the gpd I came across the fact that the deployment servlet in the previous jBPM releases (3.3.1 and 3.2.5) is now secured. Also, the connection url for the deployment has changed. While the latter is not that much of an issue (as it can be changed in the preferences pages of the designer), the former is very much so. To be able to make this work again I need to be able to provide the credentials in a programmatic way. Maybe you can help me, but I couldn't find an easy way to do so as the logon mechanism used is a jsf specific one. Additionally, there should be a way to change the user and password strings (or store them as preferences). I am not sure if I will be able to incorporate these changes before the release.<br>
In addition, as argued in <a href="https://jira.jboss.org/jira/browse/GPD-278" target="_blank">https://jira.jboss.org/jira/browse/GPD-278</a> and the other related issues, we need to keep the out-of-the-box experience as smooth as possible for our community users, so IMO the upload servlet does not need to be protected as the SOA platform removes the servlet for production use.<br>
I am not sure if creating a new GPD makes sense if users will not be able to deploy their processes.<br>
<br>
Regards,<br>
Koen<br>
</blockquote>
<br>
-- <br>
xxxxxxxxxxxxxxxxxxxxxxxxxxxx<br><font color="#888888">
Thomas Diesler<br>
BPM Product Lead<br>
JBoss, a division of Red Hat<br>
xxxxxxxxxxxxxxxxxxxxxxxxxxxx<br>
_______________________________________________<br>
jbpm-dev mailing list<br>
<a href="mailto:jbpm-dev@lists.jboss.org" target="_blank">jbpm-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/jbpm-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/jbpm-dev</a><br>
</font></blockquote></div><br>