From user-return-4029-archive-asf-public=cust-asf.ponee.io@jspwiki.apache.org Thu Jul 4 16:17:53 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 5F19A180595 for ; Thu, 4 Jul 2019 18:17:53 +0200 (CEST) Received: (qmail 35200 invoked by uid 500); 4 Jul 2019 16:17:52 -0000 Mailing-List: contact user-help@jspwiki.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@jspwiki.apache.org Delivered-To: mailing list user@jspwiki.apache.org Received: (qmail 35189 invoked by uid 99); 4 Jul 2019 16:17:52 -0000 Received: from Unknown (HELO mailrelay1-lw-us.apache.org) (10.10.3.159) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jul 2019 16:17:52 +0000 Received: from mail-io1-f48.google.com (mail-io1-f48.google.com [209.85.166.48]) by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id F16578177 for ; Thu, 4 Jul 2019 16:17:51 +0000 (UTC) Received: by mail-io1-f48.google.com with SMTP id k8so13887704iot.1 for ; Thu, 04 Jul 2019 09:17:51 -0700 (PDT) X-Gm-Message-State: APjAAAXPNo5qhbmuUICA0Sv3eKw8n//eeV3N49YNaexvE7QmPz1oaJQV fM7c/s6hFj+3q448km049/fpo36pWoCIC/SPZzE= X-Google-Smtp-Source: APXvYqzSJqHjTDhk1jFcaWn40BSOYMgHeCSeC1QO5YPMltHedaDsUZYCK804aBse9wmHk2gpLQd1cTKN+/WgWowpQRk= X-Received: by 2002:a02:5a02:: with SMTP id v2mr48759447jaa.124.1562257071551; Thu, 04 Jul 2019 09:17:51 -0700 (PDT) MIME-Version: 1.0 References: <32c3cbd2-d4e9-9e8f-95c5-bfd293d993c5@malcolms.com> <7c32c14f-b201-7be1-3d3a-a9d8628086f3@malcolms.com> <6e357c56-adb5-d7af-c83c-b95e7a7c60f0@malcolms.com> In-Reply-To: From: =?UTF-8?Q?Juan_Pablo_Santos_Rodr=C3=ADguez?= Date: Thu, 4 Jul 2019 18:17:43 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Login issues after upgrade - mgr.isContainerAuthenticated() has incorrect value To: user@jspwiki.apache.org Content-Type: multipart/alternative; boundary="000000000000cc3f07058cdd514e" --000000000000cc3f07058cdd514e Content-Type: text/plain; charset="UTF-8" Hi, there are some integration tests that try a login+logout on several jspwiki instances, two of these instances are using container managed authentication, jspwiki-it-test-cma (uses tomcat-users.xml [#1]) and jspwiki-it-test-cma-jdbc (users and groups stored on an in-memory database [#2]); I've got both of them running and passing the tests, before applying 2.11.0-M5-git-05, so container managed authentication should be working with latest releases. This integration tests can be run via maven like: mvn clean verify -Pintegration-tests you just need a Chrome browser, with the chrome executable being on $PATH Regarding documentation, I followed the instructions at [#3]. It's a bit outdated as it refers to jspwiki 2.8 (so classes noted in there refer to the old package namespace), but IIRC that should be enough. Another thing that could be done is comparing your configurations against the integration tests wars, which are available on Maven Central [#4], or against their source counterparts on GitHub (again, [#1] and [#2]). Finally, I'm deploying an snapshot with 2.11.0-M5-git-05 to [#5] right now so it should be available half and hour from now, more or less. Please note that this is an snapshot, not an official release, although it should be enough to see if latest master fixes your issues. HTH, juan pablo [#1]: https://github.com/apache/jspwiki/tree/master/jspwiki-it-tests/jspwiki-it-test-cma [#2]: https://github.com/apache/jspwiki/tree/master/jspwiki-it-tests/jspwiki-it-test-cma-jdbc [#3]: https://wikis.forgerock.org/confluence/display/OPENDJ/Configure+JSPWiki+for+Authentication+to+OpenDJ [#4]: f.ex., https://search.maven.org/search?q=a:jspwiki-it-test-cma [#5]: https://repository.apache.org/content/repositories/snapshots On Thu, Jul 4, 2019 at 12:10 PM Dirk Frederickx wrote: > Plz try deploying 2.11.0-M5-git-05 > > On Thu, Jul 4, 2019 at 10:28 AM Dirk Frederickx > > wrote: > > > Jerry, Ulf, > > > > I can try to push a quick fix on WebContainerAuthorizer to github. > > But I'm not able to fully test ; so appreciate if you can validate this. > > > > We also need to change the automated tests, cause those web.xml are also > > pointing to the wrong namespace. > > This can be done later. > > > > > > dirk > > > > On Thu, Jul 4, 2019 at 5:49 AM Jerry Malcolm > > wrote: > > > >> Update... I tried changing web.xml namespace back to sun. I found that > >> version 2.10.0 had the sun site in web.xml. I copied the web-app tag > >> and all of its attributes from 2.10.0 to the web.xml for my 2.11.0-M4. > >> No change. Stills says it's using custom auth. So I'm assuming the fix > >> has to be in the WebContainerAuthorizer.java class and requires a > >> rebuild, correct? Anybody already set up to make that change, do a new > >> build, and post a fixed jar file? (I assume turning new fix releases is > >> not quick....) I'm not thrilled about having to set up a build > >> environment. But if that's the only option.... :-( > >> > >> On 7/3/2019 9:45 PM, Jerry Malcolm wrote: > >> > Hey, Dirk, > >> > > >> > Thanks so much for the info. You are correct that > >> > WebContainerAuthorizer points to java.sun.com and the web.xml points > >> > to the javaee. What change do I make? Should I change the web.xml to > >> > point to the sun site? I can't really change the > >> > WebContainerAuthorizer code without doing a full rebuild. I don't > >> > have a build environment set up. > >> > > >> > Jerry > >> > > >> > On 7/3/2019 4:18 PM, Dirk Frederickx wrote: > >> >> Jerry, Ulf, > >> >> > >> >> > >> >> Probably the namespace used by > >> >> org.apache.wiki.auth.authorizer.WebContainerAuthorizer.java > >> >> is incorrect, as it still points to java.sun.com : > >> >> > >> >> private static final String J2EE_SCHEMA_25_NAMESPACE = " > >> >> http://java.sun.com/xml/ns/javaee"; > >> >> > >> >> > >> >> The web.xml points to > >> >> > >> >> http://xmlns.jcp.org/xml/ns/javaee > >> >> > >> >> > >> >> Could you check if that would help to fix this issue? > >> >> Not sure why this has not been catched by the tests. > >> >> > >> >> > >> >> Best regards, > >> >> dirk > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> On Wed, Jul 3, 2019 at 10:28 PM Jerry Malcolm < > techstuff@malcolms.com> > >> >> wrote: > >> >> > >> >>> Thanks, Ulf. At least I know it's not just me. Are any developers > of > >> >>> JSPWiki monitoring this forum? > >> >>> > >> >>> I debugged this down to the isConstrained(...) method in > >> >>> org.apache.wiki.auth.authorizer.WebContainerAuthorizer.java. I'm not > >> >>> sure of the reason for adding the "j:" tag qualifier prefix. Comment > >> >>> says it is required for J2EE 2.3. But it's searching for > >> >>> and other "j:" tags in web.xml, which aren't > >> there. > >> >>> And the search is failing. So basically it is not finding > /Login.jsp > >> >>> and /Delete.jsp constraints even though they are present and in the > >> >>> correct location (and uncommented). I tried adding the "j:" > >> >>> prefixes to > >> >>> my web.xml. But the webapp wouldn't even start with prefixes > manually > >> >>> added. So the problem is straightforward. It may have nothing to > do > >> >>> with the "j:" prefix. But that line that search for the constraint > >> tag > >> >>> is still failing. I ultimately get the log entry that says "JSPWiki > >> is > >> >>> using custom authentication." from the WebContainerAuthorizer class > >> >>> even > >> >>> though web.xml is configured for container-managed authentication. > >> >>> > >> >>> So I'm dead with this release. Either I'm doing something horribly > >> >>> wrong or there is a serious bug in the WebContainerAuthorizer code. > >> >>> But > >> >>> I've gone as far as I can go short of having to modify JSPWiki and > >> >>> build > >> >>> my own release (which I do NOT want to do or have time to do). > >> >>> > >> >>> Can someone tell me what I'm doing wrong and/or how many releases > >> >>> back I > >> >>> have to go (and where to find archived releases) in order to get my > >> >>> sites back online for my clients? > >> >>> > >> >>> Will a developer PLEASE reply? > >> >>> > >> >>> Jerry > >> >>> > >> >>> > >> >>> On 7/3/2019 1:33 AM, Ulf Dittmer wrote: > >> >>> > >> >>>> I have not gotten container auth to work with 2.11.0.M3. I'm quite > >> >>> familiar > >> >>>> with Java web apps, so I know what to comment and what not in > >> web.xml, > >> >>> but > >> >>>> no dice. I don't use SSO, though. But container auth works fine > with > >> >>> other > >> >>>> web apps on the same Tomcat instance. > >> >>>> > >> >>>> Ulf > >> >>>> > >> > > > --000000000000cc3f07058cdd514e--