[undertow-dev] UNDERTOW-577 - response code from SAM

Stuart Douglas sdouglas at redhat.com
Wed Dec 23 20:00:36 EST 2015 

Looks like I made a mistake in the JIRA, it should already be in Wildfly. Can you test it out?

Stuart

----- Original Message -----
> From: "arjan tijms" <arjan.tijms at gmail.com>
> To: "undertow-dev" <undertow-dev at lists.jboss.org>
> Sent: Wednesday, 23 December, 2015 11:24:57 PM
> Subject: [undertow-dev] UNDERTOW-577 - response code from SAM
> 
> Hi,
> 
> I wonder if it would make sense to port the (small) fix for UNDERTOW-577 back
> to Undertow 1.3.x, and hopefully still include this with WF 10 final.
> 
> This concerns one of the last (known) larger bugs with JASPIC in WildFly.
> Without this being fixed, something like the 403 or 404 from a SAM is not
> possible, Returning a 403 is specifically needed for the BASIC scheme.
> 
> For instance, the following JSR 375 authentication mechanism now works on
> GlassFish, but throws a "UT010019: Response already commited" on WildFly
> 10rc4/Undertow 1.3.11:
> 
> public AuthStatus validateRequest(HttpServletRequest request,
> HttpServletResponse response, HttpMsgContext httpMsgContext) throws
> AuthException {
> String[] credentials = getCredentials(request);
> if (!isEmpty(credentials)) {
> IdentityStore identityStore =
> CDI.current().select(IdentityStore.class).get();
> CredentialValidationResult result = identityStore.validate(
> new UsernamePasswordCredential(credentials[0], new
> Password(credentials[1])));
> 
> if (result.getStatus() == VALID) {
> return httpMsgContext.notifyContainerAboutLogin(
> result.getCallerName(), result.getCallerGroups());
> }
> }
> if (httpMsgContext.isProtected()) {
> response.setHeader("WWW-Authenticate", basicHeaderValue);
> return httpMsgContext.responseUnAuthorized();
> }
> return httpMsgContext.doNothing();
> }
> 
> The problem is the "httpMsgContext.responseUnAuthorized();" which does:
> 
> try {
> getResponse().sendError(SC_UNAUTHORIZED);
> } catch (IOException e) {
> throw new IllegalStateException(e);
> }
> return SEND_FAILURE;
> 
> I'm not really sure what the schedule is for Undertow 1.4 vs a potential WF
> 11 and/or EAP 7. If WF 11 is still far away and EAP 7 will be based on WF
> 10, then it would really be great if this small but rather important fix
> could still be included in WF 10.
> 
> Kind regards,
> Arjan Tijms
> 
> 
> 
> 
> 
> 
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev

More information about the undertow-dev mailing list