|Title|Binary Attachment Download fails with IE 6.0 when Container Managed Authentication is activated.
|Date|09-May-2006 18:03:48 EEST
|Submitter|[Christoph Sauer]
|[Bug criticality]|BadBug
|Browser version|IE Version 6.0.29xxx, Updateversion SP2
|[Bug status]|[ClosedBug]
|[PageProvider] used|VersioningFileProvider
|Servlet Container|5.0.28 and 5.5.17
|Operating System|Windows XP
|URL|[http://wiki.swl.hs-heilbronn.de/demo/attach/Main/jwhich.zip] login = demouser/demouser
|Java version|1.5.xx


This bug is the same as [BugSSLAndIENoCacheBug]. Solution is described there. Thanks Janne for the hint. --[ChristophSauer] 11-Sep-06


I'am using 2.2.33 and Container Managed Security. I added the 
to the web.xml to secure download of attachments

heres the full mapping (stripped down to the essential stuff):

           <web-resource-name>Restricted Download Area</web-resource-name>


Now if i try to download attachments with IE the download fails: After entering the login the download dialog for the given attachment opens, but then a message saying that it could not locate the file shows up. 

Screenshot saying something like "can't download file, try later".

With firefox and opera it works fine. 

I tried to download an attached zip file. Inlined downloads like Images work with IE, it seems that only binary attachments do not work.

I am not using SSL. Authentication is Basic.

With latest IE on Mac download works, so don't bother to try it on your shiny PowerBooks ;)

As soon as i remove the url-pattern download works again in IE.

If i put the url pattern like in the example in the web.xml of 2.2.33 it does not authenticate at all: 
<url-pattern>/attach</url-pattern> <!-- doesn't work -->

I've traced AttachmentServlet and it runs through without any exception. I have no clue what went wrong with IE. Is there a way to activate some kind of debugging mode on the client side for IE that shows me what went wrong?

I have Wikis running with 2.0.52 that work well with that authentication setting, so it seems that somewhere along the way the bug came in.

I tried to reproduce it with the latest 2.4.5-cvs (i set the jspwiki.security property to container like described in http://www.nabble.com/Turning-OFF-security--t1573022.html and added my security constraints. ), but then i was not even asked for a login and acces was denied, showing me an error page as if the property didn't work.


Hmm... If you're not using SSL, then why does the URL you give above start with "https://"?

Just a thought - could be that IE needs SSL.

--Janne Jalkanen, 10-May-2006

I tested it locally. OK, removed the user-data-constraint CONFIDENTIAL from the setup above, still does not work.

--Christoph Sauer, 10-May-2006


Does this occur with 2.4 line?