Jürgen Weber created JSPWIKI-836:
------------------------------------
Summary: container-managed authorization broken
Key: JSPWIKI-836
URL: https://issues.apache.org/jira/browse/JSPWIKI-836
Project: JSPWiki
Issue Type: Bug
Components: Authentication & Authorization
Affects Versions: 2.10
Environment: tomcat-7.0.52, Oracle Java 1.7.0_51, Ubuntu 13.10
Reporter: Jürgen Weber
Priority: Critical
I did a fresh installation of JSPWiki 2.10.0 on apache-tomcat-7.0.52 (Java 7)
and enabled container-managed authorization in web.xml
When I try to log into the wiki, the login screen reappears forever.
User and role in tomcat-users.xml seem to be fine, when I try the Tomcat
security sample (to which I added the Authenticated role) at
http://ubuntu:8080/examples/jsp/security/protected/index.jsp
the user has the role:
You are logged in as remote user wiki in session
ACD11187E8CF5E70FD05C88D77F36F46
Your user principal name is wiki
You have been granted role Authenticated
But the wiki refuses to accept the user (this container-managed authorization
setup used to work with 2.8.4)
I am not sure what actually went wrong, there is nothing in the logs, might be
that the user could not be gotten from the container, might be, that the policy
(which I did not touch) is wrong, or that web.xml could not be parsed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
