You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Thomas Engelschmidt (JIRA)" <ji...@apache.org> on 2008/08/01 13:54:33 UTC
[jira] Commented: (JSPWIKI-313) Login on edit fails with container
managed security, ShortURLConstructor and write enabled only for logged in
users
[ https://issues.apache.org/jira/browse/JSPWIKI-313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12618994#action_12618994 ]
Thomas Engelschmidt commented on JSPWIKI-313:
---------------------------------------------
I found out that this also happens when there is a mismatch between
jspwiki.baseurl=https://mywiki/wiki
and the real URL eks:
in the firefox browser : https://myrealwiki/wiki
This happens also with the DefaultURLConstructor
> Login on edit fails with container managed security, ShortURLConstructor and write enabled only for logged in users
> --------------------------------------------------------------------------------------------------------------------
>
> Key: JSPWIKI-313
> URL: https://issues.apache.org/jira/browse/JSPWIKI-313
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Environment: JSPWiki v2.7.0-alpha-3
> Reporter: Jürgen Weber
> Fix For: 2.7.x
>
>
> With container managed authorization AND a security permission on "createPages" (i.e. only logged in users may create or edit) the following error happens:
> User is NOT logged in (do a log-out first to reproduce)
> Enter the URL of a non-existent page
> Browser URL line: http://myhost/wiki/FAQx
> -> This page does not exist. Why don't you go and create it?
> Browser URL line: http://et/wiki/FAQx?do=Login
> -> Sign in to JSPWiki page is displayed
> Fill in data and Login
> Browser URL line: http://et/wiki/j_security_check
> HTTP Status 400 - Invalid direct reference to form login page
> type Status report
> message Invalid direct reference to form login page
> description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
> Apache Tomcat/6.0.16
> -------
> Google shows lots of results for "Invalid direct reference to form login page"
> e.g.
> https://issues.apache.org/bugzilla/show_bug.cgi?id=8976
> https://issues.apache.org/bugzilla/show_bug.cgi?id=3839
> Basically it seems you may not directly call j_security_check
> But I don't see where j_security_check is called directly from JSPWiki, as the container intercepts the call to http://et/wiki/FAQx?do=Login, does it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.