<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Hi everyone,</div><div class=""><br class=""></div><div class="">I encountered some problems when trying to use the Servlet 3.0 login method in Wildfly 10. After logging in using `HttpServletRequest.login(String, String)`, using the code below, on successive requests I still get a Basic Authentication prompt.</div><div class=""><br class=""></div><div class="">I have also found the same issue on the JBoss developer forum in a post that goes back to september 2015: <a href="http://developer.jboss.org/thread/262640?start=0&tstart=0" class="">developer.jboss.org/thread/262640?start=0&tstart=0</a> . </div><div class=""><br class=""></div><div class="">Why is the `login` function not working in my configuration?</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">My endpoint:</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><font face="Courier New" class=""> @POST</font></div><div class=""><font face="Courier New" class=""> @Path("login")</font></div><div class=""><font face="Courier New" class=""> @Consumes(MediaType.APPLICATION_JSON)</font></div><div class=""><font face="Courier New" class=""> public void login(@Valid LoginRequest loginRequest) {</font></div><div class=""><font face="Courier New" class=""> try {</font></div><div class=""><font face="Courier New" class=""> User user = userController.findUserByUsername(loginRequest.getUsername()).orElseThrow(NotFoundException::new);</font></div><div class=""><font face="Courier New" class=""> httpServletRequest.login(loginRequest.getUsername(), loginRequest.getPassword());</font></div><div class=""><font face="Courier New" class=""> log.info(securityContext); // not null now!</font></div><div class=""><font face="Courier New" class=""> }</font></div><div class=""><font face="Courier New" class=""> catch (ServletException e) {</font></div><div class=""><font face="Courier New" class=""> throw new NotAuthorizedException(e.getMessage(), e, AuthenticationHeaderFilter.CHALLENGE);</font></div><div class=""><font face="Courier New" class=""> }</font></div><div class=""><font face="Courier New" class=""> }</font></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">And my `jboss-web.xml`</div><div class=""><br class=""></div><div class=""><font face="Courier New" class=""> <?xml version="1.0" encoding="UTF-8"?></font></div><div class=""><font face="Courier New" class=""> <jboss-web xmlns="<a href="http://www.jboss.com/xml/ns/javaee" class="">http://www.jboss.com/xml/ns/javaee</a>"</font></div><div class=""><font face="Courier New" class=""> xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" class="">http://www.w3.org/2001/XMLSchema-instance</a>"</font></div><div class=""><font face="Courier New" class=""> xsi:schemaLocation="</font></div><div class=""><font face="Courier New" class=""> <a href="http://www.jboss.com/xml/ns/javaee" class="">http://www.jboss.com/xml/ns/javaee</a></font></div><div class=""><font face="Courier New" class=""> <a href="http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd" class="">http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd</a>"></font></div><div class=""><font face="Courier New" class=""> <security-domain>MyRealm</security-domain></font></div><div class=""><font face="Courier New" class=""> </jboss-web></font></div><div class=""><br class=""></div><div class="">And my `web.xml`:</div><div class=""><br class=""></div><div class=""><font face="Courier New" class=""> <login-config></font></div><div class=""><font face="Courier New" class=""> <auth-method>BASIC</auth-method></font></div><div class=""><font face="Courier New" class=""> <realm-name>MyRealm</realm-name></font></div><div class=""><font face="Courier New" class=""> </login-config></font></div><div class=""><font face="Courier New" class=""><br class=""></font></div><div class=""><font face="Courier New" class=""> <security-role></font></div><div class=""><font face="Courier New" class=""> <role-name>admin</role-name></font></div><div class=""><font face="Courier New" class=""> </security-role></font></div><div class=""><font face="Courier New" class=""><br class=""></font></div><div class=""><font face="Courier New" class=""> <security-role></font></div><div class=""><font face="Courier New" class=""> <role-name>user</role-name></font></div><div class=""><font face="Courier New" class=""> </security-role></font></div><div class=""><font face="Courier New" class=""><br class=""></font></div><div class=""><font face="Courier New" class=""> <security-constraint></font></div><div class=""><font face="Courier New" class=""> <display-name>Authenticated content</display-name></font></div><div class=""><font face="Courier New" class=""> <web-resource-collection></font></div><div class=""><font face="Courier New" class=""> <web-resource-name>Authentication required</web-resource-name></font></div><div class=""><font face="Courier New" class=""> <url-pattern>/api/*</url-pattern></font></div><div class=""><font face="Courier New" class=""> </web-resource-collection></font></div><div class=""><font face="Courier New" class=""> <auth-constraint></font></div><div class=""><font face="Courier New" class=""> <role-name>user</role-name></font></div><div class=""><font face="Courier New" class=""> </auth-constraint></font></div><div class=""><font face="Courier New" class=""> </security-constraint></font></div><div class=""><font face="Courier New" class=""><br class=""></font></div><div class=""><font face="Courier New" class=""> <security-constraint></font></div><div class=""><font face="Courier New" class=""> <display-name>Anonymous content</display-name></font></div><div class=""><font face="Courier New" class=""> <web-resource-collection></font></div><div class=""><font face="Courier New" class=""> <web-resource-name>Exclude from Security</web-resource-name></font></div><div class=""><font face="Courier New" class=""> <url-pattern>/api/me/login</url-pattern></font></div><div class=""><font face="Courier New" class=""> </web-resource-collection></font></div><div class=""><font face="Courier New" class=""> </security-constraint></font></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Furthermore, I declared my security domain as follows in standalone.xml</div><div class=""><br class=""></div><div class=""><div class=""><font face="Courier New" class=""> <security-domain name="MyRealm" cache-type="default"></font></div><div class=""><font face="Courier New" class=""> <authentication></font></div><div class=""><font face="Courier New" class=""> <login-module code="Database" flag="required"></font></div><div class=""><font face="Courier New" class=""> <module-option name="dsJndiName" value="java:jboss/MysqlXADS"/></font></div><div class=""><font face="Courier New" class=""> <module-option name="principalsQuery" value="SELECT password AS Password FROM user WHERE username = ?"/></font></div><div class=""><font face="Courier New" class=""> <module-option name="rolesQuery" value="select 'user' as Role, 'Roles' as RoleGroup union select 'admin' as Role, 'Roles' AS RoleGroup from user where admin is true and username = ?"/></font></div><div class=""><font face="Courier New" class=""> </login-module></font></div><div class=""><font face="Courier New" class=""> </authentication></font></div><div class=""><font face="Courier New" class=""> </security-domain></font></div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">I have also posted the question on Stackoverflow, so any answer posted there will receive the bounty points: <a href="http://stackoverflow.com/questions/38896538/httpservletrequest-login-does-not-keep-logged-in-for-subsequent-requests" class="">http://stackoverflow.com/questions/38896538/httpservletrequest-login-does-not-keep-logged-in-for-subsequent-requests</a></div><div class=""><br class=""></div><div class="">Thanks in advance!</div><div class=""><br class=""></div><div class="">Jan-Willem Gmelig Meyling</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div></body></html>