Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.10
-
JSPWiki v2.10.0 and Tomcat 7.0.52
Description
I have just installed JSPWiki v2.10.0 into a Tomcat 7.0.52.
I enabled comtainer managed authorization through
uncommenting the last section in web.xml and added appropriate
users to the tomcat-user.xml.
But logging in did not work.
So I debugged jspwiki (/tags/jspwiki_2_10_0) and found,
that WebContainerAuthorizer.java contains these lines starting from line 105
// Add the J2EE 2.4 schema namespace
m_webxml.getRootElement().setNamespace( Namespace.getNamespace( J2EE_SCHEMA_24_NAMESPACE ) );
m_containerAuthorized = isConstrained( "/Delete.jsp", Role.ALL )
&& isConstrained( "/Login.jsp", Role.ALL );
Unfortunately, the shipped web.xml contains a 2.5 namespace,
therefor the check for container manager authorization failed.
Replacing in web.xml the lines
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
with these
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd"
version="2.4">
solved the problem - logging into jspwiki worked again.
Suggestion: either ship a web.xml with a 2.4 namespace or improve the namespace handling.
Attachments
Issue Links
- is duplicated by
-
JSPWIKI-836 container-managed authorization broken
- Closed