You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Owen Farrell (JIRA)" <ji...@apache.org> on 2014/05/20 22:37:37 UTC
[jira] [Updated] (JSPWIKI-841) Container Managed Security Not
Working
[ https://issues.apache.org/jira/browse/JSPWIKI-841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Owen Farrell updated JSPWIKI-841:
---------------------------------
Description:
In order to set up container-managed security, I've set set jspwiki.security to 'off' and uncommented the security constraints defined in the deployment descriptor.
However, by setting jspwiki.security to off, no AuthorizationManager registers itself with the WikiEngine. As a result, all logins fail with the following exception:
{quote}
INFO SecurityLog JSPWiki:/wiki/Edit.jsp - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=org.apache.wiki.auth.AuthenticationManager@1c42c135, princpal=org.apache.catalina.realm.GenericPrincipal ofarrell, target=org.apache.wiki.WikiSession@1708e9ad]
WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile 'ofarrell' not found. This is normal for container-auth users who haven't set up a profile yet.
org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize properly. Check the logs.
at org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336)
at org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312)
at org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159)
{quote}
was:
In order to set up container-managed security, I've set set jspwiki.security to 'off' and uncommented the security constraints defined in the deployment descriptor.
However, by setting jspwiki.security to off, no AuthorizationManager registers itself with the WikiEngine. As a result, all logins fail with the following exception:
{quote}
INFO SecurityLog CMO Development Services Wiki:/wiki/Edit.jsp - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=org.apache.wiki.auth.AuthenticationManager@1c42c135, princpal=org.apache.catalina.realm.GenericPrincipal ofarrell, target=org.apache.wiki.WikiSession@1708e9ad]
WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile 'ofarrell' not found. This is normal for container-auth users who haven't set up a profile yet.
org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize properly. Check the logs.
at org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336)
at org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312)
at org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159)
{quote}
> Container Managed Security Not Working
> --------------------------------------
>
> Key: JSPWIKI-841
> URL: https://issues.apache.org/jira/browse/JSPWIKI-841
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication & Authorization
> Affects Versions: 2.10
> Environment: Tomcat 7.0.42
> Java 1.7.0_51
> Windows 2008R2
> Reporter: Owen Farrell
> Fix For: 2.10.1
>
>
> In order to set up container-managed security, I've set set jspwiki.security to 'off' and uncommented the security constraints defined in the deployment descriptor.
> However, by setting jspwiki.security to off, no AuthorizationManager registers itself with the WikiEngine. As a result, all logins fail with the following exception:
> {quote}
> INFO SecurityLog JSPWiki:/wiki/Edit.jsp - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=org.apache.wiki.auth.AuthenticationManager@1c42c135, princpal=org.apache.catalina.realm.GenericPrincipal ofarrell, target=org.apache.wiki.WikiSession@1708e9ad]
> WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile 'ofarrell' not found. This is normal for container-auth users who haven't set up a profile yet.
> org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize properly. Check the logs.
> at org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336)
> at org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312)
> at org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159)
> {quote}
--
This message was sent by Atlassian JIRA
(v6.2#6252)