[undertow-dev] WildFly 8.2.1 EJB Security and Custom Auth Mechanism.
Nick Stuart
nick at portlandwebworks.com
Tue Oct 31 10:04:34 EDT 2017
Hello all, having an issue with a
custom io.undertow.security.api.AuthenticationMechanism implementation and
EJB security on WildFly 8.2 and hoping someone can think of a work around.
Basic problem, user is authenticated via the AuthenticationMechanism, and
the web context sees the user just fine and their roles, but when we get to
the EJB calls the user is seen as 'anonymous'. The mechanism calls:
sc.authenticationComplete(ac, mechanismName, true);
and returns:
AuthenticationMechanismOutcome.AUTHENTICATED;
The resources I'm calling are configured as being protected through the
web.xml and all of that is working as expected.
Another note, I am able to get this to work in WildFly 10.1, but only with
(what I think is) a bit of hack. The following code is required for EJB
Security to work:
sc.authenticationComplete(ac, mechanismName, true);
sc.login(ac.getUsername(), "");
sc.authenticate();
This same code in 8.2 causes an infinite recursion issue. Even working
around that (with another hack) this still doesn't work.
Any ideas would be greatly appreciated. Upgrading is going to be considered
a worst case scenario right now, and would like avoid it right now if at
all possible.
Thanks for the help!
-Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20171031/b8a3dcd3/attachment.html
More information about the undertow-dev
mailing list