Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-836

container-managed authorization broken

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Duplicate
    • Affects Version/s: 2.10
    • Fix Version/s: None
    • Labels:
      None
    • Environment:

      tomcat-7.0.52, Oracle Java 1.7.0_51, Ubuntu 13.10

      Description

      I did a fresh installation of JSPWiki 2.10.0 on apache-tomcat-7.0.52 (Java 7) and enabled container-managed authorization in web.xml

      When I try to log into the wiki, the login screen reappears forever.

      User and role in tomcat-users.xml seem to be fine, when I try the Tomcat security sample (to which I added the Authenticated role) at
      http://ubuntu:8080/examples/jsp/security/protected/index.jsp
      the user has the role:

      You are logged in as remote user wiki in session ACD11187E8CF5E70FD05C88D77F36F46

      Your user principal name is wiki

      You have been granted role Authenticated

      But the wiki refuses to accept the user (this container-managed authorization setup used to work with 2.8.4)

      I am not sure what actually went wrong, there is nothing in the logs, might be that the user could not be gotten from the container, might be, that the policy (which I did not touch) is wrong, or that web.xml could not be parsed.

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              weberjn Jürgen Weber
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development