[
https://issues.apache.org/jira/browse/JSPWIKI-868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dave Koelmeyer updated JSPWIKI-868:
-----------------------------------
Description:
My JSPWiki container is configured such that users must authenticate using LDAP
credentials before they are permitted to edit a page. Practically, this means
they can view a page, and when the "Edit" button is clicked they are presented
with a JSPWiki authentication prompt.
Keeping this in mind, the problematic behaviour can be triggered as follows.
First, ensure that the user is not authenticated to JSPWiki (either by
explicitly logging out, or letting an active session time out).
Next, for an existing JSPWiki page, click on the "Attach" tab. Instead of being
presented with an authentication prompt as one would probably expect as
described above, the "Add new attachment" dialogue is displayed instead.
Next, the user can browse for and select an attachment for uploading. When they
click on the "Upload" button, *then* the JSPWiki authentication prompt appears.
Finally, after entering their credentials and clicking "Login", GlassFish
throws an HTTP 404 error:
"HTTP Status 404 - Attachment 'Main', version -1 does not exist.
type Status report
messageAttachment 'Main', version -1 does not exist.
descriptionThe requested resource (Attachment 'Main', version -1 does not
exist.) is not available."
>From here, the user can choose to hit the back button in the web browser and
>repeat the procedure (as they will now be authenticated and the operation will
>succeed on the next attempt), but it's perhaps unreasonable to expect the
>average user to understand this or know what to do next.
was:
My JSPWiki container is configured such that users must authenticate using LDAP
credentials before they are permitted to edit a page. Practically, this means
they can view a page, and when the "Edit" button is clicked they are presented
with a JSPWiki authentication prompt.
Keeping this in mind, the problematic behaviour can be triggered as follows.
First, ensure that the user is not authenticated to JSPWiki (either by
explicitly logging out, or letting an active session time out).
Next, for an existing JSPWiki page, click on the "Attach" tab. Instead of being
presented with an authentication prompt as one would probably expect as
described above, the "Add new attachment" dialogue is displayed instead.
Next, the user can browse for and select an attachment for uploading. When they
click on the "Upload" button, *then* the JSPWiki authentication prompt appears.
Finally, after entering their credentials and clicking "Login", GlassFish
throws an HTTP 404 error:
"HTTP Status 404 - Attachment 'Main', version -1 does not exist.
type Status report
messageAttachment 'Main', version -1 does not exist.
descriptionThe requested resource (Attachment 'Main', version -1 does not
exist.) is not available."
>From here, the user can choose to hit the back button in the web browser and
>repeat the procedure (as they will now be authenticated and the operation will
>succeed on the next attempt), but it's perhaps unreasonable to expect the
>average user to expect this or know what to do next.
> Ugly error when attempting to add attachments while unauthenticated
> -------------------------------------------------------------------
>
> Key: JSPWIKI-868
> URL: https://issues.apache.org/jira/browse/JSPWIKI-868
> Project: JSPWiki
> Issue Type: Improvement
> Components: Default template
> Affects Versions: 2.10.2
> Environment: JSPWiki v2.10.2-svn-4, running in a GlassFish 3.1.2.2
> app server. Container-managed authentication configured. This is using the
> "PlainVanilla" skin.
> Reporter: Dave Koelmeyer
> Priority: Minor
>
> My JSPWiki container is configured such that users must authenticate using
> LDAP credentials before they are permitted to edit a page. Practically, this
> means they can view a page, and when the "Edit" button is clicked they are
> presented with a JSPWiki authentication prompt.
> Keeping this in mind, the problematic behaviour can be triggered as follows.
> First, ensure that the user is not authenticated to JSPWiki (either by
> explicitly logging out, or letting an active session time out).
> Next, for an existing JSPWiki page, click on the "Attach" tab. Instead of
> being presented with an authentication prompt as one would probably expect as
> described above, the "Add new attachment" dialogue is displayed instead.
> Next, the user can browse for and select an attachment for uploading. When
> they click on the "Upload" button, *then* the JSPWiki authentication prompt
> appears.
> Finally, after entering their credentials and clicking "Login", GlassFish
> throws an HTTP 404 error:
> "HTTP Status 404 - Attachment 'Main', version -1 does not exist.
> type Status report
> messageAttachment 'Main', version -1 does not exist.
> descriptionThe requested resource (Attachment 'Main', version -1 does not
> exist.) is not available."
> From here, the user can choose to hit the back button in the web browser and
> repeat the procedure (as they will now be authenticated and the operation
> will succeed on the next attempt), but it's perhaps unreasonable to expect
> the average user to understand this or know what to do next.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
