Login on edit fails with container managed security and write enabled only for
logged in users
----------------------------------------------------------------------------------------------
Key: JSPWIKI-313
URL: https://issues.apache.org/jira/browse/JSPWIKI-313
Project: JSPWiki
Issue Type: Bug
Components: Authentication&Authorization
Environment: JSPWiki v2.7.0-alpha-3
Reporter: Jürgen Weber
Fix For: 2.7.x
With container managed authorization AND a security permission on "createPages"
(i.e. only logged in users may create or edit) the following error happens:
User is NOT logged in (do a log-out first to reproduce)
Enter the URL of a non-existent page
Browser URL line: http://myhost/wiki/FAQx
-> This page does not exist. Why don't you go and create it?
Browser URL line: http://et/wiki/FAQx?do=Login
-> Sign in to JSPWiki page is displayed
Fill in data and Login
Browser URL line: http://et/wiki/j_security_check
HTTP Status 400 - Invalid direct reference to form login page
type Status report
message Invalid direct reference to form login page
description The request sent by the client was syntactically incorrect (Invalid
direct reference to form login page).
Apache Tomcat/6.0.16
-------
Google shows lots of results for "Invalid direct reference to form login page"
e.g.
https://issues.apache.org/bugzilla/show_bug.cgi?id=8976
https://issues.apache.org/bugzilla/show_bug.cgi?id=3839
Basically it seems you may not directly call j_security_check
But I don't see where j_security_check is called directly from JSPWiki, as the
container intercepts the call to http://et/wiki/FAQx?do=Login, does it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
