[jboss-jira] [JBoss JIRA] (WFLY-2596) JASPI Web layer problems

István Tóth created WFLY-2596: --------------------------------- Summary: JASPI Web layer problems Key: WFLY-2596 URL: https://issues.jboss.org/browse/WFLY-2596 Project: WildFly Issue Type: Bug Security Level: Public (Everyone can see) Components: Web (Undertow) Affects Versions: 8.0.0.CR1 Environment: Fedora 19, x86_64 Reporter: István Tóth Assignee: Stuart Douglas I have found several problems in the current (master, trunk) Wildfly JASPI Web layer implementation Undertow related: ---------------------- * It does not support pre-emptive authentication: When the ServerAuthenticationModule returns AUTH_SUCCESS and null userPrincipal, it should let the request fall through unathenticated, instead it is rejected. * It does not call secureResponse when the authentication was unsuccessful * It does not populate the org.jboss.security.SecurityContext, only the undertow Account structure. * It does not support the wrapper feature (Spec 3.8.3.5 and B.9) The attached pull request aims to fix the first three issues. Credits: This patch is based on Arjan Tijms' analysis, and suggested patches for the Jboss 7.X valve based authentitactor. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira