Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
JSPWiki v2.7.0-alpha-3
Description
With container managed authorization AND a security permission on "createPages" (i.e. only logged in users may create or edit) the following error happens:
User is NOT logged in (do a log-out first to reproduce)
Enter the URL of a non-existent page
Browser URL line: http://myhost/wiki/FAQx
-> This page does not exist. Why don't you go and create it?
Browser URL line: http://et/wiki/FAQx?do=Login
-> Sign in to JSPWiki page is displayed
Fill in data and Login
Browser URL line: http://et/wiki/j_security_check
HTTP Status 400 - Invalid direct reference to form login page
type Status report
message Invalid direct reference to form login page
description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
Apache Tomcat/6.0.16
-------
Google shows lots of results for "Invalid direct reference to form login page"
e.g.
https://issues.apache.org/bugzilla/show_bug.cgi?id=8976
https://issues.apache.org/bugzilla/show_bug.cgi?id=3839
Basically it seems you may not directly call j_security_check
But I don't see where j_security_check is called directly from JSPWiki, as the container intercepts the call to http://et/wiki/FAQx?do=Login, does it?