Return-Path: Delivered-To: apmail-incubator-jspwiki-dev-archive@locus.apache.org Received: (qmail 44493 invoked from network); 5 Apr 2008 10:13:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Apr 2008 10:13:59 -0000 Received: (qmail 63951 invoked by uid 500); 5 Apr 2008 10:13:59 -0000 Delivered-To: apmail-incubator-jspwiki-dev-archive@incubator.apache.org Received: (qmail 63925 invoked by uid 500); 5 Apr 2008 10:13:59 -0000 Mailing-List: contact jspwiki-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jspwiki-dev@incubator.apache.org Delivered-To: mailing list jspwiki-dev@incubator.apache.org Received: (qmail 63910 invoked by uid 99); 5 Apr 2008 10:13:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 05 Apr 2008 03:13:59 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 05 Apr 2008 10:13:26 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 3CD6F234C0AD for ; Sat, 5 Apr 2008 03:11:24 -0700 (PDT) Message-ID: <1599913539.1207390284234.JavaMail.jira@brutus> Date: Sat, 5 Apr 2008 03:11:24 -0700 (PDT) From: "Harry Metske (JIRA)" To: jspwiki-dev@incubator.apache.org Subject: [jira] Commented: (JSPWIKI-212) transport-guarantee CONFIDENTIAL should be removed from web.xml In-Reply-To: <733249558.1205749764293.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/JSPWIKI-212?page=3Dcom.atlassia= n.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D125= 85943#action_12585943 ]=20 Harry Metske commented on JSPWIKI-212: -------------------------------------- I agree with J=C3=BCrgen, I remember it cost me quite some time to solve th= e same issue. I have transport guarantee NONE everywhere. But, if we change the default, I think we should put in a warning or a tip = somewhere that in order to safely send userid and password you should enabl= e it.=20 > transport-guarantee CONFIDENTIAL should be removed from web.xml > --------------------------------------------------------------- > > Key: JSPWIKI-212 > URL: https://issues.apache.org/jira/browse/JSPWIKI-212 > Project: JSPWiki > Issue Type: Improvement > Components: Authentication&Authorization > Affects Versions: 2.6.2 > Environment: apache-tomcat-6.0.16 > Reporter: J=C3=BCrgen Weber > Priority: Minor > > The default web.xml of JSPWiki contains two times > > CONFIDENTIAL > > for container managed authorization. > But by default Tomcat has not switched on SSL, and trying to log in to JS= PWiki you get > Firefox can't establish a connection to the server at localhost:8443. > By default the user-data-constraint element should be removed as it makes= activating container managed authorization unnecessarily difficult. > Especially as it is not easy or obvious to notice the connection between = the cited error message and the user-data-constraint element. --=20 This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.