]
Darran Lofthouse resolved WFLY-6237.
------------------------------------
Assignee: Darran Lofthouse
Resolution: Won't Fix
Marking as 'Won't Fix' as this is in relation to PicketBox which is
deprecated.
JASPI: Principal does not get registered with the session when
request is forwarded/dispatched
----------------------------------------------------------------------------------------------
Key: WFLY-6237
URL:
https://issues.jboss.org/browse/WFLY-6237
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 10.0.0.Final
Environment: Java 8u74, OS X 10.11
Reporter: Alexander Sparkowsky
Assignee: Darran Lofthouse
Priority: Major
Up to WildFly 9 I had a working JASPI SAM that would register a successful authentication
by using {{messageInfo.getMap().put("javax.servlet.http.registerSession",
TRUE.toString());}} and then forward the request using
{{request.getRequestDispatcher(target).forward(request, response);}}.
The Module stopped working in WildFly 10. The request is forwarded but the authenticated
principal is not registered with the session or to be more precise a new session seems to
be generated during the dispatch. As a matter of facts the dispatched request will be
rejected as unauthorized.
I'm providing a sample project to reproduce the problem (see below)