Dietrich Schmidt created JSPWIKI-831:
----------------------------------------
Summary: Container managed authorization does not work in tomcat
Key: JSPWIKI-831
URL: https://issues.apache.org/jira/browse/JSPWIKI-831
Project: JSPWiki
Issue Type: Bug
Components: Servlet Container/Java compatibility
Affects Versions: 2.10
Environment: JSPWiki v2.10.0 and Tomcat 7.0.52
Reporter: Dietrich Schmidt
Fix For: 2.10.1
I have just installed JSPWiki v2.10.0 into a Tomcat 7.0.52.
I enabled comtainer managed authorization through
uncommenting the last section in web.xml and added appropriate
users to the tomcat-user.xml.
But logging in did not work.
So I debugged jspwiki (/tags/jspwiki_2_10_0) and found,
that WebContainerAuthorizer.java contains these lines starting from line 105
// Add the J2EE 2.4 schema namespace
m_webxml.getRootElement().setNamespace( Namespace.getNamespace(
J2EE_SCHEMA_24_NAMESPACE ) );
m_containerAuthorized = isConstrained( "/Delete.jsp", Role.ALL )
&& isConstrained( "/Login.jsp", Role.ALL );
Unfortunately, the shipped web.xml contains a 2.5 namespace,
therefor the check for container manager authorization failed.
Replacing in web.xml the lines
<web-app xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
version="2.5">
with these
<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd";
version="2.4">
solved the problem - logging into jspwiki worked again.
Suggestion: either ship a web.xml with a 2.4 namespace or improve the namespace
handling.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
