[jira] [Commented] (JSPWIKI-831) Container managed authorization does not work in tomcat

Mon, 17 Mar 2014 13:25:06 -0700 

    [ 
https://issues.apache.org/jira/browse/JSPWIKI-831?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13938328#comment-13938328
 ] 

Harry Metske commented on JSPWIKI-831:
--------------------------------------

My previously suggested patch failed. 
Do we want to switch back to a 2.4 namespace in web.xml (as Dietrich suggests) ?

regards,
Harry


> Container managed authorization does not work in tomcat
> -------------------------------------------------------
>
>                 Key: JSPWIKI-831
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-831
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Servlet Container/Java compatibility
>    Affects Versions: 2.10
>         Environment: JSPWiki v2.10.0 and Tomcat 7.0.52
>            Reporter: Dietrich Schmidt
>              Labels: security
>             Fix For: 2.10.1
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> I have just installed JSPWiki v2.10.0 into a Tomcat 7.0.52.
> I enabled comtainer managed authorization through
> uncommenting the last section in web.xml and added appropriate
> users to the tomcat-user.xml.
> But logging in did not work.
> So I debugged jspwiki (/tags/jspwiki_2_10_0) and found,
> that WebContainerAuthorizer.java contains these lines starting from line 105
>       // Add the J2EE 2.4 schema namespace
>       m_webxml.getRootElement().setNamespace( Namespace.getNamespace( 
> J2EE_SCHEMA_24_NAMESPACE ) );
>       m_containerAuthorized = isConstrained( "/Delete.jsp", Role.ALL )
>             && isConstrained( "/Login.jsp", Role.ALL );
> Unfortunately, the shipped web.xml contains a 2.5 namespace,
> therefor the check for container manager authorization failed.
> Replacing in web.xml the lines
> <web-app xmlns="http://java.sun.com/xml/ns/javaee";
>         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
>         version="2.5">
> with these
> <web-app xmlns="http://java.sun.com/xml/ns/j2ee";
>         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
> http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd";
>         version="2.4">
> solved the problem - logging into jspwiki worked again.
> Suggestion: either ship a web.xml with a 2.4 namespace or improve the 
> namespace handling.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to