]
Darran Lofthouse commented on ELY-1455:
---------------------------------------
+1 If you update the login page so it's submission is compatible with the Servlet
specification defined FORM authentication mechanism then this mechanism will take over the
authentication including the storage of the resulting SecurityIdentity for use on
subsequent requests, here is an example of a simple FORM: -
{code}
<html>
<head>
<title>Login Page</title>
</head>
<body>
<font size='5' color='blue'>Please Login</font><hr>
<form action='j_security_check' method='post'>
<table>
<tr><td>Name:</td>
<td><input type='text'
name='j_username'></td></tr>
<tr><td>Password:</td>
<td><input type='password' name='j_password'
size='8'></td>
</tr>
</table>
<br>
<input type='submit' value='login'>
</form>
</body>
</html>
{code}
Note: The action AND the two input fields are required to use 'j_security_check',
'j_username', 'j_password' need to use respectively.
DB query seen for each request using FORM mechanism.
-----------------------------------------------------
Key: ELY-1455
URL:
https://issues.jboss.org/browse/ELY-1455
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Mechanisms
Affects Versions: 1.2.0.Beta10
Reporter: Martin Choma
Assignee: Darran Lofthouse
Fix For: 1.2.0.Beta11
Attachments: elytron-bug.zip, server.log, standalone-full-ha.xml
User is complaining, that DB is accessed on each request.
Jdbc-realm + FORM authentication
{noformat}
<jdbc-realm name="myappRealm">
<principal-query sql="SELECT r.role, u.password FROM user u
join user_role_auth r on r.email = u.email where u.email=?"
data-source="myds">
<attribute-mapping>
<attribute to="Roles" index="1"/>
</attribute-mapping>
<simple-digest-mapper password-index="2"/>
</principal-query>
</jdbc-realm>
{noformat}
{noformat}
2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal
assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name:
[wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten:
[alberto(a)myapp.com]
2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing
principalQuery select password from user where email = ? with value alberto(a)myapp.com
2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing
principalQuery select role, 'Roles' from user_role_auth where email = ? with value
alberto(a)myapp.com
2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing
principalQuery select password from user where email = ? with value alberto(a)myapp.com
2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing
principal alberto(a)myapp.com.
2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing
against the following attributes: [roles] => [Administrator]
2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission
mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies
("org.wildfly.security.auth.permission.LoginPermission" "") = true
2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization
succeed
2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal
assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name:
[wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten:
[alberto(a)myapp.com]
2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing
principalQuery select password from user where email = ? with value alberto(a)myapp.com
2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing
principalQuery select role, 'Roles' from user_role_auth where email = ? with value
alberto(a)myapp.com
2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing
principalQuery select password from user where email = ? with value alberto(a)myapp.com
2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing
principal alberto(a)myapp.com.
2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing
against the following attributes: [roles] => [Administrator]
2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission
mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies
("org.wildfly.security.auth.permission.LoginPermission" "") = true
2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization
succeed
2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping:
principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles
[Administrator] -> domain mapped roles [Administrator]
{noformat}