transport-guarantee CONFIDENTIAL should be removed from web.xml
---------------------------------------------------------------
Key: JSPWIKI-212
URL: https://issues.apache.org/jira/browse/JSPWIKI-212
Project: JSPWiki
Issue Type: Improvement
Components: Authentication&Authorization
Affects Versions: 2.6.2
Environment: apache-tomcat-6.0.16
Reporter: Jürgen Weber
Priority: Minor
Fix For: 2.6.2
The default web.xml of JSPWiki contains two times
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
for container managed authorization.
But by default Tomcat has not switched on SSL, and trying to log in to JSPWiki
you get
Firefox can't establish a connection to the server at localhost:8443.
By default the user-data-constraint element should be removed as it makes
activating container managed authorization unnecessarily difficult.
Especially as it is not easy or obvious to notice the connection between the
cited error message and the user-data-constraint element.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
