Owen Farrell created JSPWIKI-841:
------------------------------------
Summary: Container Managed Security Not Working
Key: JSPWIKI-841
URL: https://issues.apache.org/jira/browse/JSPWIKI-841
Project: JSPWiki
Issue Type: Bug
Components: Authentication & Authorization
Affects Versions: 2.10
Environment: Tomcat 7.0.42
Java 1.7.0_51
Windows 2008R2
Reporter: Owen Farrell
Fix For: 2.10.1
In order to set up container-managed security, I've set set jspwiki.security to
'off' and uncommented the security constraints defined in the deployment
descriptor.
However, by setting jspwiki.security to off, no AuthorizationManager registers
itself with the WikiEngine. As a result, all logins fail with the following
exception:
{quote}
INFO SecurityLog CMO Development Services Wiki:/wiki/Edit.jsp -
WikiSecurityEvent.LOGIN_AUTHENTICATED
[source=org.apache.wiki.auth.AuthenticationManager@1c42c135,
princpal=org.apache.catalina.realm.GenericPrincipal ofarrell,
target=org.apache.wiki.WikiSession@1708e9ad]
WARN org.apache.wiki.WikiSession JSPWiki:/wiki/Edit.jsp - User profile
'ofarrell' not found. This is normal for container-auth users who haven't set
up a profile yet.
org.apache.wiki.auth.WikiSecurityException: Authorizer did not initialize
properly. Check the logs.
at
org.apache.wiki.auth.AuthorizationManager.getAuthorizer(AuthorizationManager.java:336)
at
org.apache.wiki.auth.AuthenticationManager.login(AuthenticationManager.java:312)
at
org.apache.wiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:159)
{quote}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
