[undertow-dev] UNDERTOW-577 - response code from SAM
arjan tijms
arjan.tijms at gmail.com
Thu Dec 24 09:28:23 EST 2015
Hi,
On Thu, Dec 24, 2015 at 2:00 AM, Stuart Douglas <sdouglas at redhat.com> wrote:
> Looks like I made a mistake in the JIRA, it should already be in Wildfly.
> Can you test it out?
>
I just did the check again and lo and behold, the fix is indeed already
there. I'm not really sure what went wrong with my quick test the other day
but it clearly works now. Double checked the source of
undertow-servlet-1.3.11.Final and the fix is really there, so this is
absolutely great. Thanks again!
One question about the commit though, when it was committed here:
https://github.com/undertow-io/undertow/commit/6e9663576fcaaa14f5a9cedf4ae1a144b20fd09e
It was committed in the master, but master was already 1.4.x at Nov 6, or
did I miss something here? Doesn't matter much for the end result but just
curious.
Kind regards,
Arjan Tijms
>
> Stuart
>
> ----- Original Message -----
> > From: "arjan tijms" <arjan.tijms at gmail.com>
> > To: "undertow-dev" <undertow-dev at lists.jboss.org>
> > Sent: Wednesday, 23 December, 2015 11:24:57 PM
> > Subject: [undertow-dev] UNDERTOW-577 - response code from SAM
> >
> > Hi,
> >
> > I wonder if it would make sense to port the (small) fix for UNDERTOW-577
> back
> > to Undertow 1.3.x, and hopefully still include this with WF 10 final.
> >
> > This concerns one of the last (known) larger bugs with JASPIC in WildFly.
> > Without this being fixed, something like the 403 or 404 from a SAM is not
> > possible, Returning a 403 is specifically needed for the BASIC scheme.
> >
> > For instance, the following JSR 375 authentication mechanism now works on
> > GlassFish, but throws a "UT010019: Response already commited" on WildFly
> > 10rc4/Undertow 1.3.11:
> >
> > public AuthStatus validateRequest(HttpServletRequest request,
> > HttpServletResponse response, HttpMsgContext httpMsgContext) throws
> > AuthException {
> > String[] credentials = getCredentials(request);
> > if (!isEmpty(credentials)) {
> > IdentityStore identityStore =
> > CDI.current().select(IdentityStore.class).get();
> > CredentialValidationResult result = identityStore.validate(
> > new UsernamePasswordCredential(credentials[0], new
> > Password(credentials[1])));
> >
> > if (result.getStatus() == VALID) {
> > return httpMsgContext.notifyContainerAboutLogin(
> > result.getCallerName(), result.getCallerGroups());
> > }
> > }
> > if (httpMsgContext.isProtected()) {
> > response.setHeader("WWW-Authenticate", basicHeaderValue);
> > return httpMsgContext.responseUnAuthorized();
> > }
> > return httpMsgContext.doNothing();
> > }
> >
> > The problem is the "httpMsgContext.responseUnAuthorized();" which does:
> >
> > try {
> > getResponse().sendError(SC_UNAUTHORIZED);
> > } catch (IOException e) {
> > throw new IllegalStateException(e);
> > }
> > return SEND_FAILURE;
> >
> > I'm not really sure what the schedule is for Undertow 1.4 vs a potential
> WF
> > 11 and/or EAP 7. If WF 11 is still far away and EAP 7 will be based on WF
> > 10, then it would really be great if this small but rather important fix
> > could still be included in WF 10.
> >
> > Kind regards,
> > Arjan Tijms
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > undertow-dev mailing list
> > undertow-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20151224/d3c43d84/attachment.html
More information about the undertow-dev
mailing list