[
https://issues.jboss.org/browse/ELY-972?page=com.atlassian.jira.plugin.sy...
]
Jan Kalina updated ELY-972:
---------------------------
Steps to Reproduce:
* Follow steps _Configure Elytron (default profile)_ in [blog
post|http://javlog.cacek.cz/2017/01/enable-elytron-in-wildfly.html] in order to change
default configuration to Elytron
* Add user via add-user.sh (as Application User)
* Deploy attached war (containing servlet secured with BASIC HTTP auth)
* Access
http://127.0.0.1:8080/protected/printRoles in a browser
* Fill in username and *incorrect* password
* Check that _JBOSS_HOME/standalone/log/audit.log_ is empty
* Open browser in private mode
* Fill username and correct password
* Check that _JBOSS_HOME/standalone/log/audit.log_ has a few inputs
was:
* Follow steps _Configure Elytron (default profile)_ in [blog
post|http://javlog.cacek.cz/2017/01/enable-elytron-in-wildfly.html] in order to change
default configuration to Elytron
* Add user via add-user.sh (as Application User)
* Deploy attached war (containing servlet secured with BASIC HTTP auth)
* Access
http://127.0.0.1:8080/protected/printroles in a browser
* Fill in username and *incorrect* password
* Check that _JBOSS_HOME/standalone/log/audit.log_ is empty
* Open browser in private mode
* Fill username and correct password
* Check that _JBOSS_HOME/standalone/log/audit.log_ has a few inputs
Elytron Audit Logging does not log failed authentication
--------------------------------------------------------
Key: ELY-972
URL:
https://issues.jboss.org/browse/ELY-972
Project: WildFly Elytron
Issue Type: Bug
Reporter: Jan Tymel
Assignee: Jan Kalina
Priority: Blocker
Successful authentication is correctly handled by Elytron Audit Logging. However, if user
provides incorrect password (~ authentication fails) there is no such record in audit log
file.
Logging of failed authentication is one of the requirements for this Elytron Audit
Logging feature. Therefore setting blocker priority.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)