[
https://issues.apache.org/jira/browse/JSPWIKI-841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Owen Farrell updated JSPWIKI-841:
---------------------------------
Description:
In order to set up container-managed security, I've set set jspwiki.security to
'off' and uncommented the security constraints defined in the deployment
descriptor.
However, by setting jspwiki.security to off, no AuthorizationManager registers
itself with the WikiEngine. As a result, all logins fail with the following
exception:
{quote}
INFO SecurityLog JSPWiki:/wiki/Edit.jsp - WikiSecurityEvent.LOGIN_AUTHENTICATED
[source=org.apache.wiki.auth.AuthenticationManager@1c42c135,
princpal=org.apache.catalina.realm.GenericPrincipal ofarrell,
target=org.apache.wiki.WikiSession@1708e9ad]
WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile
'ofarrell' not found. This is normal for container-auth users who haven't set
up a profile yet.
org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize
properly. Check the logs.
at
org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336)
at
org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312)
at
org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159)
{quote}
was:
In order to set up container-managed security, I've set set jspwiki.security to
'off' and uncommented the security constraints defined in the deployment
descriptor.
However, by setting jspwiki.security to off, no AuthorizationManager registers
itself with the WikiEngine. As a result, all logins fail with the following
exception:
{quote}
INFO SecurityLog CMO Development Services Wiki:/wiki/Edit.jsp -
WikiSecurityEvent.LOGIN_AUTHENTICATED
[source=org.apache.wiki.auth.AuthenticationManager@1c42c135,
princpal=org.apache.catalina.realm.GenericPrincipal ofarrell,
target=org.apache.wiki.WikiSession@1708e9ad]
WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile
'ofarrell' not found. This is normal for container-auth users who haven't set
up a profile yet.
org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize
properly. Check the logs.
at
org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336)
at
org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312)
at
org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159)
{quote}
> Container Managed Security Not Working
> --------------------------------------
>
> Key: JSPWIKI-841
> URL: https://issues.apache.org/jira/browse/JSPWIKI-841
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication & Authorization
> Affects Versions: 2.10
> Environment: Tomcat 7.0.42
> Java 1.7.0_51
> Windows 2008R2
> Reporter: Owen Farrell
> Fix For: 2.10.1
>
>
> In order to set up container-managed security, I've set set jspwiki.security
> to 'off' and uncommented the security constraints defined in the deployment
> descriptor.
> However, by setting jspwiki.security to off, no AuthorizationManager
> registers itself with the WikiEngine. As a result, all logins fail with the
> following exception:
> {quote}
> INFO SecurityLog JSPWiki:/wiki/Edit.jsp -
> WikiSecurityEvent.LOGIN_AUTHENTICATED
> [source=org.apache.wiki.auth.AuthenticationManager@1c42c135,
> princpal=org.apache.catalina.realm.GenericPrincipal ofarrell,
> target=org.apache.wiki.WikiSession@1708e9ad]
> WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile
> 'ofarrell' not found. This is normal for container-auth users who haven't set
> up a profile yet.
> org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize
> properly. Check the logs.
> at
> org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336)
> at
> org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312)
> at
> org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159)
> {quote}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
