[undertow-dev] UNDERTOW-577 - response code from SAM

Sun Jan 3 18:42:54 EST 2016

It was cherry-picked back to 1.3.x

Stuart

----- Original Message -----
> From: "arjan tijms" <arjan.tijms at gmail.com>
> To: "Stuart Douglas" <sdouglas at redhat.com>
> Cc: "undertow-dev" <undertow-dev at lists.jboss.org>
> Sent: Thursday, 24 December, 2015 11:28:23 PM
> Subject: Re: [undertow-dev] UNDERTOW-577 - response code from SAM
> 
> Hi,
> 
> On Thu, Dec 24, 2015 at 2:00 AM, Stuart Douglas <sdouglas at redhat.com> wrote:
> 
> > Looks like I made a mistake in the JIRA, it should already be in Wildfly.
> > Can you test it out?
> >
> 
> I just did the check again and lo and behold, the fix is indeed already
> there. I'm not really sure what went wrong with my quick test the other day
> but it clearly works now. Double checked the source of
> undertow-servlet-1.3.11.Final and the fix is really there, so this is
> absolutely great. Thanks again!
> 
> One question about the commit though, when it was committed here:
> https://github.com/undertow-io/undertow/commit/6e9663576fcaaa14f5a9cedf4ae1a144b20fd09e
> 
> It was committed in the master, but master was already 1.4.x at Nov 6, or
> did I miss something here? Doesn't matter much for the end result but just
> curious.
> 
> Kind regards,
> Arjan Tijms
> 
> 
> 
> 
> >
> > Stuart
> >
> > ----- Original Message -----
> > > From: "arjan tijms" <arjan.tijms at gmail.com>
> > > To: "undertow-dev" <undertow-dev at lists.jboss.org>
> > > Sent: Wednesday, 23 December, 2015 11:24:57 PM
> > > Subject: [undertow-dev] UNDERTOW-577 - response code from SAM
> > >
> > > Hi,
> > >
> > > I wonder if it would make sense to port the (small) fix for UNDERTOW-577
> > back
> > > to Undertow 1.3.x, and hopefully still include this with WF 10 final.
> > >
> > > This concerns one of the last (known) larger bugs with JASPIC in WildFly.
> > > Without this being fixed, something like the 403 or 404 from a SAM is not
> > > possible, Returning a 403 is specifically needed for the BASIC scheme.
> > >
> > > For instance, the following JSR 375 authentication mechanism now works on
> > > GlassFish, but throws a "UT010019: Response already commited" on WildFly
> > > 10rc4/Undertow 1.3.11:
> > >
> > > public AuthStatus validateRequest(HttpServletRequest request,
> > > HttpServletResponse response, HttpMsgContext httpMsgContext) throws
> > > AuthException {
> > > String[] credentials = getCredentials(request);
> > > if (!isEmpty(credentials)) {
> > > IdentityStore identityStore =
> > > CDI.current().select(IdentityStore.class).get();
> > > CredentialValidationResult result = identityStore.validate(
> > > new UsernamePasswordCredential(credentials[0], new
> > > Password(credentials[1])));
> > >
> > > if (result.getStatus() == VALID) {
> > > return httpMsgContext.notifyContainerAboutLogin(
> > > result.getCallerName(), result.getCallerGroups());
> > > }
> > > }
> > > if (httpMsgContext.isProtected()) {
> > > response.setHeader("WWW-Authenticate", basicHeaderValue);
> > > return httpMsgContext.responseUnAuthorized();
> > > }
> > > return httpMsgContext.doNothing();
> > > }
> > >
> > > The problem is the "httpMsgContext.responseUnAuthorized();" which does:
> > >
> > > try {
> > > getResponse().sendError(SC_UNAUTHORIZED);
> > > } catch (IOException e) {
> > > throw new IllegalStateException(e);
> > > }
> > > return SEND_FAILURE;
> > >
> > > I'm not really sure what the schedule is for Undertow 1.4 vs a potential
> > WF
> > > 11 and/or EAP 7. If WF 11 is still far away and EAP 7 will be based on WF
> > > 10, then it would really be great if this small but rather important fix
> > > could still be included in WF 10.
> > >
> > > Kind regards,
> > > Arjan Tijms
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > undertow-dev mailing list
> > > undertow-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/undertow-dev
> >
>