Commit df2e9e7a authored by Andrea Aime's avatar Andrea Aime Committed by Jody Garnett
Browse files

[GEOS-8913] Layer Preview URL contained a potentially malicious String,...

[GEOS-8913] Layer Preview URL contained a potentially malicious String, [GEOS-8988] WMTS tile requests fail with 'RequestRejectedException: The request was rejected because the URL was not normalized', [GEOS-9054] Geoserver object names cannot contain special characters (dot,...) when the are used in URLs for the REST API.
parent e7878cd5
......@@ -30,6 +30,7 @@ import org.springframework.context.ApplicationContextAware;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.util.matcher.RequestMatcher;
public class GeoServerSecurityFilterChainProxy
......@@ -203,6 +204,7 @@ public class GeoServerSecurityFilterChainProxy
securityManager.getAuthenticationCache().removeAll();
proxy = new FilterChainProxy(filterChains);
proxy.setFirewall(new DefaultHttpFirewall());
proxy.afterPropertiesSet();
chainsInitialized = true;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment