issue with security-constraints #4136
Unanswered
sunilkalra123
asked this question in
Q&A
Replies: 1 comment 2 replies
-
Looks like a problem in your |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Just wondered if anyone has encountered this before.
Running the latest opengrok on tomcat 10.
enabled https by default in tomcat and configured security-constraints in web.xml that redirects to a form for authentication
when i go to the SSL site (no security-constraints) all looks and works fine.
When i enable SSL with security-constraints it logs in ok but the main page has no formatting. if i then navigate away and click "home" it renders fine.
when i have security-constraints enabled (with or without ssl) it seems to keep asking for credentials. for example, it logs in fine, i get the main search page, click search and it comes back with the login page. Again, authenticates ok. A few rounds of this and it then seems to settle down and work as intended
Edit: Ive done some more investigating. Catalina.out shows the following:
initial logon
org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /source/ org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Protected Area]' against GET /index.jsp --> true org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[API Page]' against GET /index.jsp --> false org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Protected Area]' against GET /index.jsp --> true org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[API Page]' against GET /index.jsp --> false org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission() org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
Page loads and i click the search button
org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /source/search org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Protected Area]' against GET /search --> true org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[API Page]' against GET /search --> false org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Protected Area]' against GET /search --> true org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[API Page]' against GET /search --> false org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission() org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
After this, it appears i can click the search button to my hearts content and it continues working
If i then click on a repo or project i get the following
org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /source/api/v1/suggest/config org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Protected Area]' against GET /api/v1/suggest/config --> true org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[API Page]' against GET /api/v1/suggest/config --> true org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Protected Area]' against GET /api/v1/suggest/config --> true org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[API Page]' against GET /api/v1/suggest/config --> true org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission() org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
Now i can access all the code without further authentication
However, if I log in, then go to a repo/project i get asked to authenticate twice and then i can search or look at code without issue.
Beta Was this translation helpful? Give feedback.
All reactions