Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-217

Support for DBCS page names when using web container authorization

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Invalid
    • 2.6.0
    • FutureVersion
    • None
    • None

    • Tomcat 5.5.26 with URIEncoding=utf-8 enabled using AJP
      JSPWiki 2.6.0

    Description

      JSPWiki Configuration:

      • jspwiki.encoding = UTF-8
      • jspwiki.breakTitleWithSpaces = true
      • Web container authorization via LDAP (Sun One Directory Server)
      • Security constraint enabled in web.xml with default setting ( Users need to login first before editing or commenting)

      Recreation Scenario:
      DBCS String used for page name: 测试 (codepoint: U+6D4B U+8BD5, UTF-8 String: %E6%B5%8B%E8%AF%95) // I'm not sure if you can read Chinese characters in this mail)

      1. Create & Savie a new page with the above string (U+6D4B U+8BD5) as the page name with a valid login
      2. Logout JSPWiki after creating the page. Clear cookies.
      3. Browse to the page and click on the Edit link. This will direct you to the login page
      4. Login with a valid user name
      5. The page name displayed in main area will change to "Ƶ È" and page content becomes blank
      6. Choose Cancel. And the page name in URL becomes "%C3%86%C2%B5%C3%88". Wiki prompts to create a new page.

      ------------------
      Security Constraint in web.xml
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Authenticated area</web-resource-name>
      <url-pattern>/Edit.jsp</url-pattern>
      <url-pattern>/Comment.jsp</url-pattern>
      <url-pattern>/Login.jsp</url-pattern>
      <url-pattern>/NewGroup.jsp</url-pattern>
      <url-pattern>/Rename.jsp</url-pattern>
      <url-pattern>/Upload.jsp</url-pattern>
      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>HEAD</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      </web-resource-collection>

      <web-resource-collection>
      <web-resource-name>Read-only Area</web-resource-name>
      <url-pattern>/attach</url-pattern>
      <http-method>DELETE</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      </web-resource-collection>

      <auth-constraint>
      <role-name>tomcat-admin</role-name>
      <role-name>LGE-SH</role-name>

      </auth-constraint>
      <!--
      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      -->
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/LoginForm.jsp</form-login-page>
      <form-error-page>/LoginForm.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <description>
      This logical role includes all authenticated users
      </description>
      <role-name>LGE-SH</role-name>
      </security-role>

      <security-role>
      <description>
      This logical role includes all administrative users
      </description>
      <role-name>tomcat-admin</role-name>
      </security-role>

      Please log on to my environment to check the issue with this credential (tester/tester). I think this may be an issue of JSPWiki.

      http://vanceinfo-sh.vicp.net:8081/wiki/Wiki.jsp?page=%E6%B5%8B%E8%AF%95

      The page name becomes 3 question marks (???) in log entries:
      ------------------------------------------------------------------------------------------------------------------
      2008-03-05 09:21:40,098 [ajp-8009-2] INFO JSPWiki Knowledge Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Editing page ???. User=高建民, host=192.168.253.68
      2008-03-05 09:21:40,098 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.PageManager Knowledge Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Locked page ??? for 高建民
      2008-03-05 09:21:40,129 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.auth.SessionMonitor Knowledge Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Looking up WikiSession for session ID=84941ECC59FDEEEECB06385D30641E22... found it
      2008-03-05 09:21:40,129 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.auth.SessionMonitor Knowledge Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Looking up WikiSession for session ID=84941ECC59FDEEEECB06385D30641E22... found it
      2008-03-05 09:21:40,145 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.render.RenderingManager Knowledge Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Re-rendering and storing ???::-1
      2008-03-05 09:21:40,145 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.providers.CachingAttachmentProvider Knowledge Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Getting attachments for WikiPage [Knowledge Base:???,ver=-1,mod=null], name=高建民, version=-1

      Attachments

        Activity

          People

            Unassigned Unassigned
            davidgjm David Gao
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: