[
https://issues.jboss.org/browse/WFLY-8742?page=com.atlassian.jira.plugin....
]
Darran Lofthouse commented on WFLY-8742:
----------------------------------------
After debugging the issue is not as broad a problem as suggested by the description: -
Calling AuthenticationConfiguration.empty() results in an AuthenticationConfiguration with
a Provider[] Supplier that combines the service loader discovered providers with the
globally installed providers.
Calling useDefaultProviders is resetting this and reverting to just using the globally
installed providers so the Elytron providers are dropped. This is fixed by ELY-1234.
However calling AuthenticationConfiguration.empty().useDefaultProviders() with all fixes
in place is a redundant operation, the call to useDefaultProviders should be omitted
anyway.
Elytron programmatic AuthenticationContext configuration doesn't
work for naming client
---------------------------------------------------------------------------------------
Key: WFLY-8742
URL:
https://issues.jboss.org/browse/WFLY-8742
Project: WildFly
Issue Type: Bug
Components: Naming, Security
Reporter: Josef Cacek
Assignee: David Lloyd
Priority: Blocker
Naming client doesn't handle correctly the Elytron AuthenticationContext API.
* if the API is used then authentication fails (SASL mech is not configured as expected)
- it fails in both cases: wildfly-config.xml present or not.
{code:java}
AuthenticationContext.empty()
.with(MatchRule.ALL,
AuthenticationConfiguration.EMPTY.useDefaultProviders().allowSaslMechanisms("ANONYMOUS"))
.run(() -> {
doLookup("http-remoting://127.0.0.1:8080");
});
{code}
* if the API is not used and wildfly-config.xml is present, then the client works
correctly
{code:java}
doLookup("http-remoting://127.0.0.1:8080");
{code}
{code:xml}
<configuration>
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="authn" />
</authentication-rules>
<authentication-configurations>
<configuration name="authn">
<allow-sasl-mechanisms names="ANONYMOUS"/>
<use-service-loader-providers />
</configuration>
</authentication-configurations>
</authentication-client>
</configuration>
{code}
This blocks RFEs EAP7-567 and EAP7-284.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)