Hi Ron,
My initial solution is pretty much the same as yours, except modifying the web.xml config file instead of the policy file, which make it easier to configure individual application I think.
Here is the syntax:
<url-ignore-colon/>
Ignores any colon delimiter contained within url
<url-replace-colon>*new delimiter*</url-replace-colon>
Replaces colon with the given delimiter
<url-ignore-prefix>*prefix*</url-ignore-prefix>
Ignores the colon (or refined delimiter) if it has the specified prefix. For example <url-ignore-prefix>Special</url-ignore-prefix> will ignore any colon after Special. Jamwiki uses Special: as a namespace for special pages.
<url-ignore-surfix>*surfix*</url-ignore-surfix>
Just like prefix except anything followed by surfix will get ignored.
The above condition should be placed after <url-pattern> tag inside web.xml and within <web-resource-collection> tag. If none of the above url exception has been define the glassfish will assume ":" as delimiter for backward compatibility.
So here is my solution, as I am pretty new to glassfish I am not sure whether it is a good idea or not or if it causes any new security issue. I believe the same thing can be achieved by policy file but I just think changing the web.xml file prior to deployment might make things abit easier.
Cheers,
Leo
[Message sent by forum member 'leogui' (leogui)]
http://forums.java.net/jive/thread.jspa?messageID=273423