incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Janne Jalkanen (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JSPWIKI-313) Login on edit fails with container managed security, ShortURLConstructor and write enabled only for logged in users
Date Sat, 16 Aug 2008 09:09:44 GMT

     [ https://issues.apache.org/jira/browse/JSPWIKI-313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Janne Jalkanen updated JSPWIKI-313:
-----------------------------------

    Fix Version/s:     (was: 2.7.x)
                   2.8

Proper fix version.

> Login on edit fails with container managed security, ShortURLConstructor and write enabled
only for logged in users 
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: JSPWIKI-313
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-313
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>         Environment: JSPWiki v2.7.0-alpha-3 
>            Reporter: J├╝rgen Weber
>             Fix For: 2.8
>
>
> With container managed authorization AND a security permission on "createPages" (i.e.
only logged in users may create or edit) the following error happens:
> User is NOT logged in (do a log-out first to reproduce)
> Enter the URL of a non-existent page
> Browser URL line:  http://myhost/wiki/FAQx
> -> This page does not exist. Why don't you go and create it? 
> Browser URL line:  http://et/wiki/FAQx?do=Login
> -> Sign in to JSPWiki page is displayed
>     Fill in data and Login
> Browser URL line:  http://et/wiki/j_security_check 
> HTTP Status 400 - Invalid direct reference to form login page
> type Status report
> message Invalid direct reference to form login page
> description The request sent by the client was syntactically incorrect (Invalid direct
reference to form login page).
> Apache Tomcat/6.0.16
> -------
> Google shows lots of results for "Invalid direct reference to form login page"
> e.g. 
> https://issues.apache.org/bugzilla/show_bug.cgi?id=8976
> https://issues.apache.org/bugzilla/show_bug.cgi?id=3839
> Basically it seems you may not directly call j_security_check 
> But I don't see where j_security_check is called directly from JSPWiki, as the container
intercepts the call to http://et/wiki/FAQx?do=Login, does it?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message