incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Florian Holeczek (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JSPWIKI-212) transport-guarantee CONFIDENTIAL should be removed from web.xml
Date Sat, 05 Apr 2008 10:11:24 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585945#action_12585945
] 

Florian Holeczek commented on JSPWIKI-212:
------------------------------------------

I think that container managed authentication is used in environments where this setting makes
sense.
Also, it isn't something that makes JSPWiki harder to use out of the box, because it's commented
out initially.
This is why I think the setting should stay, but some configuration hint should be inserted.

> transport-guarantee CONFIDENTIAL should be removed from web.xml
> ---------------------------------------------------------------
>
>                 Key: JSPWIKI-212
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-212
>             Project: JSPWiki
>          Issue Type: Improvement
>          Components: Authentication&Authorization
>    Affects Versions: 2.6.2
>         Environment: apache-tomcat-6.0.16
>            Reporter: J├╝rgen Weber
>            Priority: Minor
>
> The default web.xml of JSPWiki contains two times
>  <user-data-constraint>
>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>        </user-data-constraint>
> for container managed authorization.
> But by default Tomcat has not switched on SSL, and trying to log in to JSPWiki you get
> Firefox can't establish a connection to the server at localhost:8443.
> By default the user-data-constraint element should be removed as it makes activating
container managed authorization unnecessarily difficult.
> Especially as it is not easy or obvious to notice the connection between the cited error
message and the user-data-constraint element.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message