[jira] [Commented] (JSPWIKI-841) Container Managed Security Not Working

Thu, 22 May 2014 13:35:39 -0700 

    [ 
https://issues.apache.org/jira/browse/JSPWIKI-841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14006413#comment-14006413
 ] 

Juan Pablo Santos Rodríguez commented on JSPWIKI-841:
-----------------------------------------------------

Hi Owen,

what version of JSPWiki are you using? Could you be affected by 
JSPWIKI-836/JSPWIKI-831?

as a side-note, now that I'm having the source in front of me, 
{{jspwiki.security=jaas}} isn't added to jspwiki.properties file, 
AuthenticationManager.PROP_SECURITY's javadoc states that "this is now 
deprecated - we do not guarantee that it works.", so the correct fix would be 
removing all the reference to this property and associated checks. I'm 
attaching a suggested patch in a few minutes

> Container Managed Security Not Working
> --------------------------------------
>
>                 Key: JSPWIKI-841
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-841
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication & Authorization
>    Affects Versions: 2.10
>         Environment: Tomcat 7.0.42
> Java 1.7.0_51
> Windows 2008R2
>            Reporter: Owen Farrell
>             Fix For: 2.10.1
>
>
> In order to set up container-managed security, I've set set jspwiki.security 
> to 'off' and uncommented the security constraints defined in the deployment 
> descriptor.
> However, by setting jspwiki.security to off, no AuthorizationManager 
> registers itself with the WikiEngine. As a result, all logins fail with the 
> following exception:
> {quote}
> INFO SecurityLog JSPWiki:/wiki/Edit.jsp - 
> WikiSecurityEvent.LOGIN_AUTHENTICATED 
> [source=org.apache.wiki.auth.AuthenticationManager@1c42c135, 
> princpal=org.apache.catalina.realm.GenericPrincipal ofarrell, 
> target=org.apache.wiki.WikiSession@1708e9ad]
> WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile 
> 'ofarrell' not found. This is normal for container-auth users who haven't set 
> up a profile yet.
> org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize 
> properly. Check the logs.
>       at 
> org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336)
>       at 
> org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312)
>       at 
> org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159)
> {quote}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to