TitleAdd Comment throws exception reliably
Date25-May-2007 21:22:50 EEST
Version2.4.102
SubmitterJerryAndrews
Bug criticalityMediumBug
Browser versionFirefox 1.5.0.11
Bug statusClosedBug
PageProvider usedVersioningFileProvider
Servlet ContainerApache Tomcat/5.5.12
Operating SystemRed Hat Enterprise Linux AS release 3 (Taroon Update 1)
URLsave button on any "add comment" edit page
Java version 1.5.0_05-b05

Adding a comment to any page in my install results in the following error page content:

JSPWiki has detected an error

Error Message

        * Attempt to post from a different IP address than where the page was originally fetched.
        * An unknown error was caught by Error.jsp

Exception
    java.lang.Exception
Place where detected
    org.apache.jsp.Error_jsp._jspService(), line 109 
Here's the log from an attempt when I was logged in (behavior is the same whether or not I'm logged in) -- no indication that there's a problem:
2007-05-25 13:06:37,113 [http-8080-Processor25] INFO JSPWiki DevDocs:/wiki/Comment.jsp DevDocs:http://devdocs.bx05.aa.com/wiki/Comment.jsp - Commenting page SystemInfo. User=null, host=10.56.240.137
2007-05-25 13:06:42,769 [http-8080-Processor25] INFO JSPWiki DevDocs:/wiki/Comment.jsp DevDocs:http://devdocs.bx05.aa.com/wiki/Comment.jsp - Saving page SystemInfo. User=Jerry Andrews, host=10.56.240.137
Here's the relevant security configuration information:
grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};


grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
};
grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
};


A quick workaround: remove the following lines in your Comment.jsp:

        //
        //  Do a basic check that the IP address is the same as to where
        //  the page was originally requested.  This curbs some bots.
        //
        String ipaddr = request.getParameter("addr");
        if( !request.getRemoteAddr().equals(ipaddr) )
        {
            wikiSession.addMessage( "Attempt to post from a different IP address than where the page was originally fetched.");
            pageContext.forward( "Error.jsp" );
            return;
        }

The reason why you're seen that is that your editor does not send the IP address properly. You need to have something like this in the form which sends the message:

  <input name="addr" type="hidden" value="<%=request.getRemoteAddr()%>" />

Now, if you have a weird rotating proxy, this can be a problem.

--JanneJalkanen, 25-May-2007


An odd behavior, though: if I'm on the same subnet as the wiki, and I click the "Add Comment" button on the page, then type my comment and click submit, and I've configured Mozilla to think it's "directly connected to the internet", how would the IP address sent, change?

Thanks for the workaround!

--Jerry Andrews, 30-May-2007

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-22) was last changed on 02-Oct-2010 14:27 by Janne Jalkanen