Hi Stuart,
I’m checking it in the debugger, with a breakpoint in the doGet method of a (test) servlet.
I then examine the request property at the following path:
request.exchange.attachments and look for the ServletRequestContext,
and from there the currentServlet.managedServlet.servletInfo.servletSecurityInfo
The reason for the investigation is that I’m using JASPI which relies on ServletSecurityInfo being populated, as in the JASPIAuthenticationMechanism.isMandatory() method
here.
Make sense?
Paul
When you say 'in the request the ServletSecurityInfo is (correctly) populated.' how are you actually checking this?
Stuart
----- Original Message -----
From: "Paul K Moore" <paulkmoore@gmail.com>
To: undertow-dev@lists.jboss.org
Sent: Thursday, 13 February, 2014 9:59:42 PM
Subject: [undertow-dev] Security constraints and population of ServletSecurityInfo
Hi all,
I am seeing some odd behaviour regarding security constraints.
If I add an @ServletSecurity annotation to a servlet, in the request the
ServletSecurityInfo is (correctly) populated.
However, if I add (notionally) the same constraint in web.xml, the
ServletSecurityInfo is *not* populated (it’s actually a null).
Is this the intended behaviour?
Many thanks
Paul
PS: Undertow version is Undertow 1.0.0.Final-SNAPSHOT, I’ve not moved to
Wildfly 8.0.0 Final yet :)
_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev