[
https://issues.apache.org/jira/browse/JSPWIKI-868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14147527#comment-14147527
]
Jürgen Weber commented on JSPWIKI-868:
--------------------------------------
I have JSPWiki v2.10.2-svn-5 unter Tomcat with JNDI-Realm container auth for
LDAP.
There is no way to start the upload without being logged-in, there is no
button, no menu entry, see attached screen shot.
> Ugly error when attempting to add attachments while unauthenticated
> -------------------------------------------------------------------
>
> Key: JSPWIKI-868
> URL: https://issues.apache.org/jira/browse/JSPWIKI-868
> Project: JSPWiki
> Issue Type: Improvement
> Components: Default template
> Affects Versions: 2.10.2
> Environment: JSPWiki v2.10.2-svn-4, running in a GlassFish 3.1.2.2
> app server. Container-managed authentication configured. This is using the
> "PlainVanilla" skin.
> Reporter: Dave Koelmeyer
> Priority: Minor
> Attachments: Attachment menu.png
>
>
> My JSPWiki container is configured such that users must authenticate using
> LDAP credentials before they are permitted to edit a page. Practically, this
> means they can view a page, and when the "Edit" button is clicked they are
> presented with a JSPWiki authentication prompt.
> Keeping this in mind, the problematic behaviour can be triggered as follows.
> First, ensure that the user is not authenticated to JSPWiki (either by
> explicitly logging out, or letting an active session time out).
> Next, for an existing JSPWiki page, click on the "Attach" tab. Instead of
> being presented with an authentication prompt as one would probably expect as
> described above, the "Add new attachment" dialogue is displayed instead.
> Next, the user can browse for and select an attachment for uploading. When
> they click on the "Upload" button, *then* the JSPWiki authentication prompt
> appears.
> Finally, after entering their credentials and clicking "Login", GlassFish
> throws an HTTP 404 error:
> "HTTP Status 404 - Attachment 'Main', version -1 does not exist.
> type Status report
> messageAttachment 'Main', version -1 does not exist.
> descriptionThe requested resource (Attachment 'Main', version -1 does not
> exist.) is not available."
> From here, the user can choose to hit the back button in the web browser and
> repeat the procedure (as they will now be authenticated and the operation
> will succeed on the next attempt), but it's perhaps unreasonable to expect
> the average user to understand this or know what to do next.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
