[ https://issues.apache.org/jira/browse/JSPWIKI-831?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harry Metske resolved JSPWIKI-831. ---------------------------------- Resolution: Fixed Assignee: Harry Metske fixed in 2.10.1-svn-13 > Container managed authorization does not work in tomcat > ------------------------------------------------------- > > Key: JSPWIKI-831 > URL: https://issues.apache.org/jira/browse/JSPWIKI-831 > Project: JSPWiki > Issue Type: Bug > Components: Servlet Container/Java compatibility > Affects Versions: 2.10 > Environment: JSPWiki v2.10.0 and Tomcat 7.0.52 > Reporter: Dietrich Schmidt > Assignee: Harry Metske > Labels: security > Fix For: 2.10.1 > > Original Estimate: 1h > Remaining Estimate: 1h > > I have just installed JSPWiki v2.10.0 into a Tomcat 7.0.52. > I enabled comtainer managed authorization through > uncommenting the last section in web.xml and added appropriate > users to the tomcat-user.xml. > But logging in did not work. > So I debugged jspwiki (/tags/jspwiki_2_10_0) and found, > that WebContainerAuthorizer.java contains these lines starting from line 105 > // Add the J2EE 2.4 schema namespace > m_webxml.getRootElement().setNamespace( Namespace.getNamespace( > J2EE_SCHEMA_24_NAMESPACE ) ); > m_containerAuthorized = isConstrained( "/Delete.jsp", Role.ALL ) > && isConstrained( "/Login.jsp", Role.ALL ); > Unfortunately, the shipped web.xml contains a 2.5 namespace, > therefor the check for container manager authorization failed. > Replacing in web.xml the lines > <web-app xmlns="http://java.sun.com/xml/ns/javaee" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" > version="2.5"> > with these > <web-app xmlns="http://java.sun.com/xml/ns/j2ee" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee > http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd" > version="2.4"> > solved the problem - logging into jspwiki worked again. > Suggestion: either ship a web.xml with a 2.4 namespace or improve the > namespace handling. -- This message was sent by Atlassian JIRA (v6.2#6252)