Hi Scott, Looking at the AuthenticationManager code for the version you mentioned, here: http://svn.eu.apache.org/repos/asf/jspwiki/tags/jspwiki_2_4_104/src/com/ecyrd/jspwiki/auth/
The main configuration should be web.xml, however if it's not as you mentioned you may want to check these other files also: * public static final String PROP_SECURITY = "jspwiki.security"; * private static final String PROP_JAAS_CONFIG = "java.security.auth.login.config"; * private static final String PROP_POLICY_CONFIG = "java.security.policy"; * private static final String DEFAULT_JAAS_CONFIG = "jspwiki.jaas"; * private static final String DEFAULT_POLICY = "jspwiki.policy"; Otherwise it could be something in jspwiki.properties or jspwiki-custom.properties files. Not sure if that's the answer you want, but ultimately it should be one of these files, unless a core JSP or Java was changed. You could compare the files on your system with the defaults here: http://svn.eu.apache.org/repos/asf/jspwiki/tags/jspwiki_2_4_104/etc/ They are usually found in WEB-INF/ or WEB-INF/classes/ Kind regards, David V On Wed, May 4, 2016 at 1:30 AM, Scott Dudley <sc...@telesoft.com> wrote: > No security-constraint as they were using NTLM: > > <filter> > <filter-name>NtlmHttpFilter</filter-name> > <filter-class>jcifs.http.NtlmHttpFilter</filter-class> > <init-param> > <param-name>jcifs.netbios.wins</param-name> > <param-value>10.30.2.51</param-value> > </init-param> > <init-param> > <param-name>jcifs.http.domainController</param-name> > <param-value>wiki.telesoft.com</param-value> > </init-param> > <init-param> > <param-name>jcifs.resolveOrder</param-name> > <param-value>DNS</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>NtlmHttpFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > I tried commenting it out to no avail. >
