Stanislav Grushevskiy created WFLY-9561:
-------------------------------------------
Summary: WildFly - Elytron - Programmatic login
Key: WFLY-9561
URL:
https://issues.jboss.org/browse/WFLY-9561
Project: WildFly
Issue Type: Feature Request
Components: REST, Security, Web (Undertow)
Affects Versions: 11.0.0.Final
Reporter: Stanislav Grushevskiy
Assignee: Alessio Soldano
Fix For: 10.x.x TBD
Attachments: test.zip
If Elytron security domain (in WildFly 11, default "standalone.xml") is used for
programmatic login, cookie "JSESSIONID" is not set in response. So following
requests are sent without "JSESSIONID".
@Path("login")
public class LoginService {
@Context
private HttpServletRequest request;
@POST
public void login(LoginForm form) throws ServletException {
request.login(form.getLogin(), form.getPassword());
}
}
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>application-security-domain</security-domain>
</jboss-web>
If I add manual interaction with Session in login method, "JSESSIONID" is set.
OR
If I delete "jboss-web.xml" and default old "ApplicationRealm" is
used, "JSESSIONID" is set.
"JSESSIONID" is set in WildFly 10.0.0.Final and in 10.1.0.Final, because there
is no Elytron there and "ApplicationRealm" is used.
Test project is attached, create application user (add-user.sh) with username
"wildfly" and password "wildfly".
Run "mvn wildfly:deploy".
Go to
http://localhost:8080/test/test.html and press "Login" button and then
"Check Auth".
In this project you can uncomment code below (// uncomment the row below to get it
working with elytron) to add session interaction or comment code below (<!-- comment
the row below to use default ApplicationRealm from old security system, not elytron
-->) to use old "ApplicationRealm".
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)