Details
-
Bug
-
Resolution: Won't Fix
-
Minor
-
None
-
11.10.4
-
Firefox 74.0
-
Unknown
-
Description
After upgrading an instance to XWiki 11.10.4, I'm beginning to see a lot of warnings in the logs, on each page view (and for each request the browser makes) about Authentication failures:
2020-05-07 18:37:09,109 [http://myXWikiDomain.com/xwiki/bin/jsx/XWiki/MySkin?language=en&docVersion=4.1] WARN nticationFailureLoggerListener - Authentication failure with login [null] 2020-05-07 18:37:09,302 [http://myXWikiDomain.com/xwiki/bin/download/FlamingoThemes/SomeTheme/logo.svg?rev=1.1] WARN nticationFailureLoggerListener - Authentication failure with login [null] 2020-05-07 18:37:09,303 [http://myXWikiDomain.com/xwiki/bin/skin/resources/icons/xwiki/noavatar.png?cache-version=1585573978000] WARN nticationFailureLoggerListener - Authentication failure with login [null] 2020-05-07 18:37:09,370 [http://myXWikiDomain.com/xwiki/bin/skin/XWiki/MySkin/arrow.png] WARN nticationFailureLoggerListener - Authentication failure with login [null] 2020-05-07 18:37:09,383 [http://myXWikiDomain.com/xwiki/bin/get/Code/AccountsDataSource?outputSyntax=plain&transprefix=network.accounts.index.&classname=Code.AccountClass&collist=name%2Ccountry%2CisValid%2CisClient%2Ccurrency%2Cdoc.creator%2Cdoc.creationDate&queryFilters=currentlanguage%2Chidden&offset=1&limit=20&reqNo=1&sort=doc.creationDate&dir=desc] WARN nticationFailureLoggerListener - Authentication failure with login [null] 2020-05-07 18:37:09,398 [http://myXWikiDomain.com/xwiki/bin/get/Accounts/WebHome?xpage=xpart&vm=commentsinline.vm] WARN nticationFailureLoggerListener - Authentication failure with login [null] 2020-05-07 18:37:10,078 [http://myXWikiDomain.com/xwiki/bin/get/Accounts/WebHome?outputSyntax=plain&sheet=XWiki.ExportDocumentTree&filterHiddenDocuments=false&showAttachments=false&showTranslations=false&root=document%3Axwiki%3AAccounts.WebHome&showRoot=true&data=children&id=%23] WARN nticationFailureLoggerListener - Authentication failure with login [null]
On another instance, again 11.10.4, I have a sub section of the URL set up to require HTTP basic auth (with a web frontent). After accessing that section (that lead to some non-xwiki software), any URL I access that is XWiki produces the following warnings:
2020-05-12 12:32:15,394 [https://myDomain.com/xwiki/bin/get/XWiki/SolrSearchAdmin?outputSyntax=plain&action=getQueueSize] WARN nticationFailureLoggerListener - Authentication failure with login [SomeHTTPAuthUser] 2020-05-12 12:33:16,597 [https://myDomain.com/xwiki/bin/get/XWiki/SolrSearchAdmin?outputSyntax=plain&action=getQueueSize] WARN nticationFailureLoggerListener - Authentication failure with login [SomeHTTPAuthUser] 2020-05-12 12:34:16,989 [https://myDomain.com/xwiki/bin/get/XWiki/SolrSearchAdmin?outputSyntax=plain&action=getQueueSize] WARN nticationFailureLoggerListener - Authentication failure with login [SomeHTTPAuthUser] 2020-05-12 12:35:17,277 [https://myDomain.com/xwiki/bin/get/XWiki/SolrSearchAdmin?outputSyntax=plain&action=getQueueSize] WARN nticationFailureLoggerListener - Authentication failure with login [SomeHTTPAuthUser] 2020-05-12 12:36:17,719 [https://myDomain.com/xwiki/bin/get/XWiki/SolrSearchAdmin?outputSyntax=plain&action=getQueueSize] WARN nticationFailureLoggerListener - Authentication failure with login [SomeHTTPAuthUser] 2020-05-12 12:37:18,650 [https://myDomain.com/xwiki/bin/get/XWiki/SolrSearchAdmin?outputSyntax=plain&action=getQueueSize] WARN nticationFailureLoggerListener - Authentication failure with login [SomeHTTPAuthUser]
So far, I have noticed this behavior only on Firefox, but maybe I did not perform the HTTP Auth step on Chrome.
AFAIU, from the quick chat with surli, XWiki might be trying to interpret the HTTP auth the browser is sending next to the XWiki, even if there is no ?basicauth=1 parameter specified in the URL, which might also be a regression.
Possible temporary workaround: restart the browser and it should forget the HTTP basic auth credentials that were previously entered.