[jira] Created: (JSPWIKI-217) Support for DBCS page names when using web container authorization

Wed, 19 Mar 2008 07:30:29 -0700 

Support for DBCS page names when using web container authorization
------------------------------------------------------------------

                 Key: JSPWIKI-217
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-217
             Project: JSPWiki
          Issue Type: Bug
    Affects Versions: 2.6.0
         Environment: Tomcat 5.5.26 with URIEncoding=utf-8 enabled using AJP
JSPWiki 2.6.0 
            Reporter: David Gao


JSPWiki Configuration:
* jspwiki.encoding = UTF-8
* jspwiki.breakTitleWithSpaces = true
* Web container authorization via LDAP (Sun One Directory Server)
* Security constraint enabled in web.xml with default setting ( Users need to 
login first before editing or commenting)

Recreation Scenario:
DBCS String used for page name:  测试 (codepoint: U+6D4B U+8BD5, UTF-8 String: 
%E6%B5%8B%E8%AF%95) // I'm not sure if you can read Chinese characters in this 
mail)

1. Create & Savie a new page with the above string (U+6D4B U+8BD5) as the page 
name with a valid login
2. Logout JSPWiki after creating the page. Clear cookies.
3. Browse to the page and click on the Edit link. This will direct you to the 
login page
4. Login with a valid user name
5. The page name displayed in main area will change to "Ƶ È" and page content 
becomes blank
6. Choose Cancel. And the page name in URL becomes "%C3%86%C2%B5%C3%88". Wiki 
prompts to create a new page.

------------------
Security Constraint in web.xml
  <security-constraint>
      <web-resource-collection>
          <web-resource-name>Authenticated area</web-resource-name>
          <url-pattern>/Edit.jsp</url-pattern>
          <url-pattern>/Comment.jsp</url-pattern>
          <url-pattern>/Login.jsp</url-pattern>
          <url-pattern>/NewGroup.jsp</url-pattern>
          <url-pattern>/Rename.jsp</url-pattern>
          <url-pattern>/Upload.jsp</url-pattern>
          <http-method>DELETE</http-method>
          <http-method>GET</http-method>
          <http-method>HEAD</http-method>
          <http-method>POST</http-method>
          <http-method>PUT</http-method>
      </web-resource-collection>

      <web-resource-collection>
          <web-resource-name>Read-only Area</web-resource-name>
          <url-pattern>/attach</url-pattern>
          <http-method>DELETE</http-method>
          <http-method>POST</http-method>
          <http-method>PUT</http-method>
      </web-resource-collection>

      <auth-constraint>
          <role-name>tomcat-admin</role-name>
          <role-name>LGE-SH</role-name>

      </auth-constraint>
     <!--
      <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      -->
  </security-constraint>

  <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
          <form-login-page>/LoginForm.jsp</form-login-page>
          <form-error-page>/LoginForm.jsp</form-error-page>
      </form-login-config>
  </login-config>

  <security-role>
      <description>
          This logical role includes all authenticated users
      </description>
      <role-name>LGE-SH</role-name>
  </security-role>

  <security-role>
      <description>
          This logical role includes all administrative users
      </description>
      <role-name>tomcat-admin</role-name>
  </security-role> 

Please log on to my environment to check the issue with this credential 
(tester/tester). I think this may be an issue of JSPWiki.

http://vanceinfo-sh.vicp.net:8081/wiki/Wiki.jsp?page=%E6%B5%8B%E8%AF%95

The page name becomes 3 question marks (???) in log entries:
------------------------------------------------------------------------------------------------------------------
2008-03-05 09:21:40,098 [ajp-8009-2] INFO JSPWiki Knowledge Base:/wiki/Edit.jsp 
Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Editing page ???. 
User=高建民, host=192.168.253.68
2008-03-05 09:21:40,098 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.PageManager 
Knowledge Base:/wiki/Edit.jsp Knowledge 
Base:http://192.168.253.200/wiki/Edit.jsp - Locked page ??? for 高建民
2008-03-05 09:21:40,129 [ajp-8009-2] DEBUG 
com.ecyrd.jspwiki.auth.SessionMonitor Knowledge Base:/wiki/Edit.jsp Knowledge 
Base:http://192.168.253.200/wiki/Edit.jsp - Looking up WikiSession for session 
ID=84941ECC59FDEEEECB06385D30641E22... found it
2008-03-05 09:21:40,129 [ajp-8009-2] DEBUG 
com.ecyrd.jspwiki.auth.SessionMonitor Knowledge Base:/wiki/Edit.jsp Knowledge 
Base:http://192.168.253.200/wiki/Edit.jsp - Looking up WikiSession for session 
ID=84941ECC59FDEEEECB06385D30641E22... found it
2008-03-05 09:21:40,145 [ajp-8009-2] DEBUG 
com.ecyrd.jspwiki.render.RenderingManager Knowledge Base:/wiki/Edit.jsp 
Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Re-rendering and storing 
???::-1
2008-03-05 09:21:40,145 [ajp-8009-2] DEBUG 
com.ecyrd.jspwiki.providers.CachingAttachmentProvider Knowledge 
Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - 
Getting attachments for WikiPage [Knowledge Base:???,ver=-1,mod=null], 
name=高建民, version=-1 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to