Owen Farrell created JSPWIKI-841: ------------------------------------ Summary: Container Managed Security Not Working Key: JSPWIKI-841 URL: https://issues.apache.org/jira/browse/JSPWIKI-841 Project: JSPWiki Issue Type: Bug Components: Authentication & Authorization Affects Versions: 2.10 Environment: Tomcat 7.0.42 Java 1.7.0_51 Windows 2008R2 Reporter: Owen Farrell Fix For: 2.10.1
In order to set up container-managed security, I've set set jspwiki.security to 'off' and uncommented the security constraints defined in the deployment descriptor. However, by setting jspwiki.security to off, no AuthorizationManager registers itself with the WikiEngine. As a result, all logins fail with the following exception: {quote} INFO SecurityLog CMO Development Services Wiki:/wiki/Edit.jsp - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=org.apache.wiki.auth.AuthenticationManager@1c42c135, princpal=org.apache.catalina.realm.GenericPrincipal ofarrell, target=org.apache.wiki.WikiSession@1708e9ad] WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile 'ofarrell' not found. This is normal for container-auth users who haven't set up a profile yet. org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize properly. Check the logs. at org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336) at org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312) at org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159) {quote} -- This message was sent by Atlassian JIRA (v6.2#6252)