'Edit in Word' requires login or doesn't work at all

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

問題

  1. Using the "Edit in Word" feature opens an authentication dialog in Microsoft Word
  2. "Edit in Word" opens a blank document in Word and on save prompts the user to save the document as a local file.

With "Allow authentication tokens in the URL path" enabled

診断

  1. The Office Connector plugin setting is set to "Allow authentication tokens in the URL path".
  2. Use Firebug and set a breakpoint on if (jsession) in the batch.js file:

    function filterPath(urlPath)
    {
        var jsession = getCookie('jsessionid');
        if (!jsession){
            jsession = getCookie('JSESSIONID');
        }
        if (jsession){
    
  3. The jsessionid is empty and Word tries to open a document without a valid session id and the /ocauth path component in the path:

    http://example.com/confluence/plugins/servlet/editinword/EW/Home.doc instead of \\
    http://example.com/confluence/plugins/servlet/editinword/EW/ocauth/9558BE4F5D9F8FC99AC8AA5F22842CFE/Home.doc
    

原因

As of Confluence 3.3.1 the standalone distribution use the useHttpOnly flag to mitigate the risk of client side scripting attacks. This prevents the "Edit in Word" feature of the Office Connector plugin bundled with Confluence 3.3.x from working properly.

回避策

Sending HttpOnly cookies helps prevent client side scripting vulnerabilities. Consider using this workaround for non public instances of Confluence only.

In <confluence-install>/conf/server.xml, set useHttpOnly to false. Change:

<Context path="/confluence" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">

to:

<Context path="/confluence" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="false">

With "Allow authentication tokens in the URL path" disabled

診断

  1. You are using Windows XP SP 2, Windows Server 2003 or Windows 7
  2. Your Confluence installation does not use SSL (i.e. http://confluence.example.com and not https://confluence.example.com)
  3. The "Edit in Word" link launches Word but the document is empty or wasn't opened.

原因

With path authentication disabled the Office Connector uses "Basic Authentication" to authenticate the user.

The following operating systems disable the use of "Basic Authentication" if the WebDAV server does not use a secure channel (this is in accordance with the WebDAV spec):

  • Windows Vista
  • Microsoft Windows XP Service Pack 2 (SP2) or later versions of Windows XP
  • The 64-bit version of Windows XP or later versions of Windows XP
  • Windows Server 2003 Service Pack 1 (SP1) or later versions of Windows Server

See Disabling Basic Authentication over a clear channel for further information.

回避策

Either ensure that your Confluence installation uses a secure channel (i.e. SSL/https) or change the registry settings to allow basic authentication over a clear channel as outlined in KB 2123563.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

最終更新日 2016 年 5 月 6 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.