Xwiki 15.5

I tried logging into xwiki today and I could not. I restarted xwiki and was finally able to login in, but when I try to edit a panel (global administration, look and feel, panels, panel list, , edit) I get a 423 error.

The log entry I get is in catalina.out is “AuthenticationFailureLoggerListener - Authentication failure with login [pdwalker]” which seems kind of weird as I am logged in and able to access the administration section.

Does anyone have any idea as to how I can debug this issue?

Additional information

I enabled the superadmin account, restarted tomcat, logged in, and then attempted to access the admin interface

I get the same 423 error. The error shown in the apache front end is:

Unknown Reason

The requested resource is currently locked. The lock must be released or proper identification given before the method can be applied.

Apache/2.4.41 (Ubuntu) Server at xwiki.example.com Port 443

I am not seeing any errors in the log files.

I have a 15.4 installation, and I am not getting this problem.

Hi, not sure what’s happening I’ve asked on the #xwiki matrix chat:

I guess the thing to do is to configure xwiki to remove the proxy and go straight to tomcat to see if I can get the real error.

I’ll try that and see if I get more informative results.

Interesting.

I reconfigured tomcat to accept connections directly and everything works exactly as it should, so clearly the problem is between tomcat and the apache proxying.

As I’m currently using the http proxy, I’ll enable the ajp protocol for apache to tomcat and see if that fixes anything.

Same error when using the ajp protocol.

From the apache access log:

“GET /xwiki/bin/edit/Panels/Recently%20Modified HTTP/1.1” 423 5516 “https://wiki.example.com/xwiki/bin/admin/XWiki/XWikiPreferences?editor=globaladmin&section=Pan
els.PanelWizard&section=Panels.PanelWizard&forceLeftPanels=1&forceRightPanels=1”

Next step - use the http proxy protocol and then sniff the traffic between apache and tomcat and see what shows up.

sniffing the http traffic between tomcat and apache shows that tomcat is returning the correct html responses.

so apache is barfing on the returned 423 code?

it’s time to look into my apache configuration and see if I’ve done anything funny.

And there we go.

In this apache installation, I was overriding (what I thought was only) the 502 error. However

ProxyErrorOverride On
ErrorDocument 502 “The backend server is down.”

I thought this would only override http error 502, but it overrides everything.

According to the apache docs, the following config should allow only error 502 to be overridden

ProxyErrorOverride On 502

but unfortunately, it still captures the 423 return code.

I’ve disabled this for now until I figure out how to configure apache properly to achieve what I want without breaking the mod_proxy / tomcat9 configuration.

tl;dr; Don’t override apache’s built in http error handling when proxying to xwiki/tomcat or some things will break

Michael’s insight was what helped me figure it out.

Thanks for the help in getting it to me.

but unfortunately, it still captures the 423 return code.

picking specific codes only happens in Apache 2.4.47 and later versions. I am on 2.4.41.

Thanks @pdwalker for explaining your findings. I’m sure this can help future users!