incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Janne Jalkanen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JSPWIKI-217) Support for DBCS page names when using web container authorization
Date Wed, 19 Mar 2008 17:52:24 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580476#action_12580476
] 

Janne Jalkanen commented on JSPWIKI-217:
----------------------------------------

Oh yeah, my *guess* is that Tomcat does some internal redirection when it uses container authentication,
and *that* loses the URI encoding.

> Support for DBCS page names when using web container authorization
> ------------------------------------------------------------------
>
>                 Key: JSPWIKI-217
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-217
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.6.0
>         Environment: Tomcat 5.5.26 with URIEncoding=utf-8 enabled using AJP
> JSPWiki 2.6.0 
>            Reporter: David Gao
>
> JSPWiki Configuration:
> * jspwiki.encoding = UTF-8
> * jspwiki.breakTitleWithSpaces = true
> * Web container authorization via LDAP (Sun One Directory Server)
> * Security constraint enabled in web.xml with default setting ( Users need to login first
before editing or commenting)
> Recreation Scenario:
> DBCS String used for page name:  测试 (codepoint: U+6D4B U+8BD5, UTF-8 String: %E6%B5%8B%E8%AF%95)
// I'm not sure if you can read Chinese characters in this mail)
> 1. Create & Savie a new page with the above string (U+6D4B U+8BD5) as the page name
with a valid login
> 2. Logout JSPWiki after creating the page. Clear cookies.
> 3. Browse to the page and click on the Edit link. This will direct you to the login page
> 4. Login with a valid user name
> 5. The page name displayed in main area will change to "Ƶ È" and page content becomes
blank
> 6. Choose Cancel. And the page name in URL becomes "%C3%86%C2%B5%C3%88". Wiki prompts
to create a new page.
> ------------------
> Security Constraint in web.xml
>   <security-constraint>
>       <web-resource-collection>
>           <web-resource-name>Authenticated area</web-resource-name>
>           <url-pattern>/Edit.jsp</url-pattern>
>           <url-pattern>/Comment.jsp</url-pattern>
>           <url-pattern>/Login.jsp</url-pattern>
>           <url-pattern>/NewGroup.jsp</url-pattern>
>           <url-pattern>/Rename.jsp</url-pattern>
>           <url-pattern>/Upload.jsp</url-pattern>
>           <http-method>DELETE</http-method>
>           <http-method>GET</http-method>
>           <http-method>HEAD</http-method>
>           <http-method>POST</http-method>
>           <http-method>PUT</http-method>
>       </web-resource-collection>
>       <web-resource-collection>
>           <web-resource-name>Read-only Area</web-resource-name>
>           <url-pattern>/attach</url-pattern>
>           <http-method>DELETE</http-method>
>           <http-method>POST</http-method>
>           <http-method>PUT</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>           <role-name>tomcat-admin</role-name>
>           <role-name>LGE-SH</role-name>
>       </auth-constraint>
>      <!--
>       <user-data-constraint>
>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>       </user-data-constraint>
>       -->
>   </security-constraint>
>   <login-config>
>       <auth-method>FORM</auth-method>
>       <form-login-config>
>           <form-login-page>/LoginForm.jsp</form-login-page>
>           <form-error-page>/LoginForm.jsp</form-error-page>
>       </form-login-config>
>   </login-config>
>   <security-role>
>       <description>
>           This logical role includes all authenticated users
>       </description>
>       <role-name>LGE-SH</role-name>
>   </security-role>
>   <security-role>
>       <description>
>           This logical role includes all administrative users
>       </description>
>       <role-name>tomcat-admin</role-name>
>   </security-role> 
> Please log on to my environment to check the issue with this credential (tester/tester).
I think this may be an issue of JSPWiki.
> http://vanceinfo-sh.vicp.net:8081/wiki/Wiki.jsp?page=%E6%B5%8B%E8%AF%95
> The page name becomes 3 question marks (???) in log entries:
> ------------------------------------------------------------------------------------------------------------------
> 2008-03-05 09:21:40,098 [ajp-8009-2] INFO JSPWiki Knowledge Base:/wiki/Edit.jsp Knowledge
Base:http://192.168.253.200/wiki/Edit.jsp - Editing page ???. User=高建民, host=192.168.253.68
> 2008-03-05 09:21:40,098 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.PageManager Knowledge Base:/wiki/Edit.jsp
Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Locked page ??? for 高建民
> 2008-03-05 09:21:40,129 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.auth.SessionMonitor Knowledge
Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Looking up WikiSession
for session ID=84941ECC59FDEEEECB06385D30641E22... found it
> 2008-03-05 09:21:40,129 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.auth.SessionMonitor Knowledge
Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Looking up WikiSession
for session ID=84941ECC59FDEEEECB06385D30641E22... found it
> 2008-03-05 09:21:40,145 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.render.RenderingManager
Knowledge Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Re-rendering
and storing ???::-1
> 2008-03-05 09:21:40,145 [ajp-8009-2] DEBUG com.ecyrd.jspwiki.providers.CachingAttachmentProvider
Knowledge Base:/wiki/Edit.jsp Knowledge Base:http://192.168.253.200/wiki/Edit.jsp - Getting
attachments for WikiPage [Knowledge Base:???,ver=-1,mod=null], name=高建民, version=-1


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message