[jira] [Created] (JSPWIKI-868) Ugly error when attempting to add attachments while unauthenticated

Wed, 24 Sep 2014 23:58:59 -0700 

Dave Koelmeyer created JSPWIKI-868:
--------------------------------------

             Summary: Ugly error when attempting to add attachments while 
unauthenticated
                 Key: JSPWIKI-868
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-868
             Project: JSPWiki
          Issue Type: Improvement
          Components: Default template
    Affects Versions: 2.10.2
         Environment: JSPWiki v2.10.2-svn-4, running in a GlassFish 3.1.2.2 app 
server. Container-managed authentication configured. This is using the 
"PlainVanilla" skin.
            Reporter: Dave Koelmeyer
            Priority: Minor


My JSPWiki container is configured such that users must authenticate using LDAP 
credentials before they are permitted to edit a page. Practically, this means 
they can view a page, and when the "Edit" button is clicked they are presented 
with a JSPWiki authentication prompt.

Keeping this in mind, the problematic behaviour can be triggered as follows.

First, ensure that the user is not authenticated to JSPWiki (either by 
explicitly logging out, or letting an active session time out).

Next, for an existing JSPWiki page, click on the "Attach" tab. Instead of being 
presented with an authentication prompt as one would probably expect as 
described above, the "Add new attachment" dialogue is displayed instead.

Next, the user can browse for and select an attachment for uploading. When they 
click on the "Upload" button, *then* the JSPWiki authentication prompt appears.

Finally, after entering their credentials and clicking "Login", GlassFish 
throws an HTTP 404 error:

"HTTP Status 404 - Attachment 'Main', version -1 does not exist.
type Status report
messageAttachment 'Main', version -1 does not exist.
descriptionThe requested resource (Attachment 'Main', version -1 does not 
exist.) is not available."

>From here, the user can choose to hit the back button in the web browser and 
>repeat the procedure (as they will now be authenticated and the operation will 
>succeed on the next attempt), but it's perhaps unreasonable to expect the 
>average user to expect this or know what to do next.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to