Authentication is not working. How do I debug this (debugging log files?)#

I followed AuthorizationAndAuthenticationHOWTO (and restarted) but nothing seems to happen. What can I look at, in order to see what's going on? Don I'm using: RHEL3, Apache Tomcat 5.0.27, JSPWiki 2.1.103

By default, everything is allowed. You can check the logs - crank the log level at DEBUG and you'll see more information about authentication than you would ever want :-)

--JanneJalkanen

I'm going to hijack this page to describe what Don might have been seeing. If you set

• jspwiki.policy.strictLogins = true
• jspwiki.authenticator = someAuthenticatorClass

but did NOT set

• jspwiki.authorizer = someAuthorizorClass

Then it seems that the way Wiki.jsp is coded, (silently?) ignores the strictLogins request and shows all pages without requireing logins.

A while back I changed my Wiki.jsp and forgot about until recently and never got aroudn to reporting this. It just poped up again today when I was tinkering with a new "feature" I'm hacking at. So consider this a psuedo-bug report.

Here is a scap pf my Wiki.jsp to make a demand for strictLogins work even when no authorizer is defined. (Not a diff, sorry.)

    //If the requested page is setup as a redirection immediatly and always just do the redirection...
    String redirect = wiki.getRedirectURL( wikiContext );
    if( redirect != null )
    {
        response.sendRedirect( redirect );
        return;
    }

   //Get the auth manager and the current user...
    AuthorizationManager authManager = wiki.getAuthorizationManager();
    UserProfile currentUser  = wiki.getUserManager().getUserProfile( request );

    if( authManager.strictLogins() && !currentUser.isAuthenticated())
    {
        String pageurl = wiki.encodeName( pagereq );
        response.sendRedirect( wiki.getBaseURL()+"Login.jsp?page="+pageurl );
        return;
    } //if logins required...

    if ( !authManager.checkPermission( wikiContext.getPage(), currentUser, new ViewPermission() ) )
    {
        response.sendRedirect( wiki.getBaseURL()+"Sorry.jsp" );
        return;
    }


    //Finally, show the user the darn page since either we don't requrie logins 
    //or he is logged in and has view permission...    
    pageContext.setAttribute( WikiTagBase.ATTR_CONTEXT, wikiContext, PageContext.REQUEST_SCOPE );
    response.setContentType("text/html; charset="+wiki.getContentEncoding() );
    String contentPage = "templates/"+wikiContext.getTemplate()+"/ViewTemplate.jsp";

Oh yeah, the "looped config detected" thingie, I just ignore and show Sorry.jsp instead. Simpler, and templatable by including template/SorryMessage.jsp from Sorry.jsp. Clear? probably not. Oh well. --JohnV