jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Malcolm <techst...@malcolms.com>
Subject Re: Login issues after upgrade - mgr.isContainerAuthenticated() has incorrect value
Date Tue, 02 Jul 2019 05:05:11 GMT
After several hours of debugging this problem, I figured out 'what' is 
happening.  But I'm really not sure 'why'.  Again my installations 
worked for several years prior to an upgrade to v2.11.0.M4.  After 
upgrading, no login id/pw would be accepted. However, if I logged in 
using another webapp on the same Tomcat vhost with SingleSignOn, JSPWiki 
was happy and accepted my credentials and worked fine.

What I figured out is that now JSPWiki has decided that my installation 
is NOT container authenticated.  I removed the comments from web.xml as 
instructed, and I still have the /Login.jsp and /Delete.jsp constraints 
listed which the doc said you use to determine if container 
authentication is in use. Tomcat is definitely enforcing the 
constraints.  I added /Wiki.jsp to a constraint, and Tomcat began 
blocking it as I would expect. So my web.inf is ok.  I added a logger 
statement to Login.jsp to log the value of 
mgr.isContainerAuthenticated() and it is FALSE. This means that the 
custom login code is run instead, which is obviously going to fail.

Has anyone else experienced this?  Better question, has anyone got 
container authentication working successfully on this release?

Has something else been added to the check (along with /Delete.jsp and 
/Login.jsp constraints) in the determination of which type of 
authentication is in use?  Something is not working right.

Suggestions?

Thx.

Jerry


On 6/23/2019 11:58 PM, Jerry Malcolm wrote:
> I just upgraded several of my sites to JSPWiki v2.11.0-M4.  I'm not 
> sure what the previous version was.  But it was probably 3 or 4 years 
> old.  I am using container-managed authorization.  The same security 
> realm on the vHost in Tomcat (v9.0) is shared across several webapps 
> using SingleSignOn.  Everything was working prior to the JSPWiki 
> migration.  After migration, I can't log in directly using the JSPWiki 
> login form to the wiki's on any of the sites.  It just keeps coming 
> back with the same login form. However, if I log in to another webapp 
> on the same virtual host, login works fine, and then I can get to the 
> wiki.
>
> I migrated the security stuff in web-xml from the old version to the 
> new version and diff'd the files to make sure I didn't miss anything. 
>   I did a SQL trace when I logged in using the JSPWiki login form, and 
> it appears that the query for the user record is not even being sent 
> to mysql.
>
> I've coded container-managed authorization many times.  I'm not aware 
> of a situation where it would reject the login from this webapp's 
> login form, but still accept a pre-existing login (using SingleSignOn) 
> from another webapp on the same host.
>
> This problem is consistent across all the vHosts I migrated the new 
> Wiki version.  Am I missing something obvious?
>
> Thx
>
> Jerry
>

Mime
View raw message