Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-924

Attachments fail using JAAS SSO container authentication

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.10.1
    • Fix Version/s: 2.10.1
    • Component/s: Core & storage
    • Labels:
      None
    • Environment:

      CentOS 6.5 OS, Tomcat 7.0.42, 32-byte single line plain text attachment test file.

      Description

      I'm trying to implement JSPWiki in a JAAS authentication
      SSO environment. I have installed JSPWiki and made some
      minor adjustments to the jspwiki.policy to account for
      different user role names, and everything seems to be
      working OK, except for one thing. None of the users
      (including the administrator) can add attachments to
      any of the pages. If I run the wiki standalone, (outside
      JAAS), attachments work fine.

      I'm using JSPWiki 2.10.1 with Tomcat 7.0.42 on a CentOS
      6.5 server. My attachment test file is a one-line 32 byte text file.

      I have three basic user roles, all require JAAS authorization
      to access the wiki. User roles are admin, approved (read
      and write for most pages), and unapproved (read only).

      I'm fairly confident that the authentication methods are
      working properly as all page permissions are working as
      expected for each user type.

      But when any admin or approved user tries to add an
      attachment to any page, they get redirected to an Error.jsp
      page showing a java.lang.Exception. To try and track down
      the error source, I rewrote the AttachmentServlet class
      and added a number of additional debug messages.

      Based on what I'm seeing, it appears to me that the error
      is caused by the upload.parseRequest ( req ) returning
      an empty List<FileItem> fileItems in the upload method.

      I added a debug line to verify the contents of the request
      and it is properly populated entering the upload method,
      but it is consumed @ req.getParameter( "progressid" ).

      I commented out the use of the progress bar and found
      the request consumption moves to the context creation
      @ m_engine.createContext( req, WikiContext.ATTACH );

      Once it is consumed there, there is nothing left for the
      upload.parseRequest (req ) to read.

      I realize that I consumed the request by reading it for the
      debug message, but I only used it once per test run to
      determine where it was consumed. In the following log
      extract, that was at time 2015-11-25 14:05:41.892,
      which was after the createContext and before the
      upload.parseRequest.

      I'm inexperienced with the doFilter mechanism, and I see
      that it is part of the exception dump, and I don't know if
      that is working or not, but since upload.parseRequest ( req )
      is returning an empty fileItems list, I suspect there is
      something going on there. But I'm in over my head here.

      This is the log extract, starting right after the container JAAS
      has authorized the user.

      =================

      2015-11-25 14:05:41.797 [http-bio-8080-exec-1] DEBUG AttachmentServlet 168 - UploadServlet initialized. Using /home/testwiki/storage//attach-tmp for temporary storage.
      2015-11-25 14:05:41.797 [http-bio-8080-exec-1] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.797 [http-bio-8080-exec-1] DEBUG WikiSession 851 - Custom com.apache.wiki.WikiSession.isIPV4Address has been entered
      2015-11-25 14:05:41.798 [http-bio-8080-exec-1] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.798 [http-bio-8080-exec-1] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.798 [http-bio-8080-exec-1] DEBUG WikiServletFilter 164 - Executed security filters for user=AdminUser, path=/TestWiki/attach
      2015-11-25 14:05:41.799 [http-bio-8080-exec-1] DEBUG AttachmentServlet 437 - AttachmentServlet doPost entered
      2015-11-25 14:05:41.799 [http-bio-8080-exec-1] DEBUG AttachmentServlet 490 - AttachmentServlet upload entered
      2015-11-25 14:05:41.820 [http-bio-8080-exec-1] DEBUG AttachmentServlet 509 - AttachmentServlet upload; starting try
      2015-11-25 14:05:41.887 [http-bio-8080-exec-1] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.888 [http-bio-8080-exec-1] DEBUG WikiContext 248 - Creating WikiContext for session ID=8974D02E77F76467ACB66B0EAC09C4D7; target=Main
      2015-11-25 14:05:41.892 [http-bio-8080-exec-1] DEBUG AttachmentServlet 515 - AttachmentServlet upload; after wikiContext req=
      2015-11-25 14:05:41.903 [http-bio-8080-exec-1] DEBUG AttachmentServlet 535 - AttachmentServlet upload; fileItems.size()=0
      2015-11-25 14:05:41.903 [http-bio-8080-exec-1] DEBUG AttachmentServlet 536 - AttachmentServlet upload; before for loop
      2015-11-25 14:05:41.903 [http-bio-8080-exec-1] DEBUG AttachmentServlet 579 - AttachmentServlet upload; after for loop
      2015-11-25 14:05:41.903 [http-bio-8080-exec-1] DEBUG AttachmentServlet 583 - AttachmentServlet upload; fileItems size was 0; doing redirect to errorPage
      2015-11-25 14:05:41.904 [http-bio-8080-exec-1] DEBUG AttachmentServlet 640 - AttachmentServlet upload; after multiple catch, in finally
      2015-11-25 14:05:41.904 [http-bio-8080-exec-1] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.904 [http-bio-8080-exec-1] DEBUG AttachmentServlet 451 - AttachmentServlet doPost catch doing redirect
      2015-11-25 14:05:41.904 [http-bio-8080-exec-1] DEBUG AttachmentServlet 454 - AttachmentServlet doPost exiting
      2015-11-25 14:05:41.944 [http-bio-8080-exec-2] DEBUG WikiServletFilter 107 - Using ByteArrayResponseWrapper
      2015-11-25 14:05:41.944 [http-bio-8080-exec-2] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.945 [http-bio-8080-exec-2] DEBUG WikiSession 851 - Custom com.apache.wiki.WikiSession.isIPV4Address has been entered
      2015-11-25 14:05:41.945 [http-bio-8080-exec-2] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.945 [http-bio-8080-exec-2] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.945 [http-bio-8080-exec-2] DEBUG WikiServletFilter 164 - Executed security filters for user=AdminUser, path=/TestWiki/Error.jsp
      2015-11-25 14:05:41.963 [http-bio-8080-exec-2] DEBUG SessionMonitor 117 - Looking up WikiSession for session ID=8974D02E77F76467ACB66B0EAC09C4D7... found it
      2015-11-25 14:05:41.965 [http-bio-8080-exec-2] DEBUG WikiContext 248 - Creating WikiContext for session ID=8974D02E77F76467ACB66B0EAC09C4D7; target=Error
      2015-11-25 14:05:41.966 [http-bio-8080-exec-2] DEBUG JSPWiki 125 - Error.jsp exception is:
      2015-11-25 14:05:41.967 [http-bio-8080-exec-2] ERROR WikiTagBase 84 - WikiTagBase pageContext IS NOT NULL
      2015-11-25 14:05:41.970 [http-bio-8080-exec-2] ERROR WikiTagBase 97 - Tag failed
      javax.servlet.jsp.JspException: WikiContext may not be NULL - serious internal problem!
      at org.apache.wiki.tags.WikiTagBase.doStartTag(WikiTagBase.java:90)
      at org.apache.jsp.Error_jsp._jspx_meth_wiki_005fMessages_005f0(Error_jsp.java:193)
      at org.apache.jsp.Error_jsp._jspService(Error_jsp.java:138)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:177)
      at org.apache.wiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:121)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
      at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:341)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:724)
      2015-11-25 14:05:41.973 [http-bio-8080-exec-2] ERROR WikiTagBase 116 - Tag failed, check logs: WikiContext may not be NULL - serious internal problem!
      javax.servlet.jsp.JspException: Tag failed, check logs: WikiContext may not be NULL - serious internal problem!
      at org.apache.wiki.tags.WikiTagBase.doStartTag(WikiTagBase.java:98)
      at org.apache.jsp.Error_jsp._jspx_meth_wiki_005fMessages_005f0(Error_jsp.java:193)
      at org.apache.jsp.Error_jsp._jspService(Error_jsp.java:138)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:177)
      at org.apache.wiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:121)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
      at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:341)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:724)

        Attachments

        1. jspwiki-EditRenameAttach-extract1.txt
          46 kB
          Steven Walsh
        2. jspwiki.policy-extract
          2 kB
          Steven Walsh

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              stevenhwalsh Steven Walsh
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: