[undertow-dev] WildFly 8.2.1 EJB Security and Custom Auth Mechanism.

Tue Oct 31 17:55:26 EDT 2017

Hi,

On Tue, Oct 31, 2017 at 3:04 PM, Nick Stuart <nick at portlandwebworks.com>
wrote:

> Hello all, having an issue with a custom io.undertow.security.api.AuthenticationMechanism
> implementation and EJB security on WildFly 8.2 and hoping someone can think
> of a work around.
>
> Basic problem, user is authenticated via the AuthenticationMechanism, and
> the web context sees the user just fine and their roles, but when we get to
> the EJB calls the user is seen as 'anonymous'. The mechanism calls:
>
> sc.authenticationComplete(ac, mechanismName, true);
> and returns:
> AuthenticationMechanismOutcome.AUTHENTICATED;
>

This looks quite similar to a number of different fixes that were being
done for WildFly when the caller authenticates via JASPIC. See some of the
links here:
https://jaspic.zeef.com/arjan.tijms#block_63051_implementations-issue-tracking

You could try authenticating via JASPIC instead of AuthenticationMechanism
to see if that makes a difference. JASPIC should really work, as I have
been specifically testing WildFly for that. See
http://arjan-tijms.omnifaces.org/2016/12/the-state-of-portable-authentication-in.html

Any ideas would be greatly appreciated. Upgrading is going to be considered
> a worst case scenario right now, and would like avoid it right now if at
> all possible.
>

Just curious, but why would you want to avoid that? WildFly 8 corresponds
to a very early version of JBoss EAP 7, while WildFly 10 is very close to
the final release.

Kind regards,
Arjan Tijms

>
>
> Thanks for the help!
> -Nick
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20171031/2d501917/attachment.html 