]
Darran Lofthouse commented on ELY-1203:
---------------------------------------
This is as a result of reworking the Provider discovery and defaults in the
AuthenticationConfiguration. It will be better to swap the default order so anything
discovered has higher priority.
Elytron AuthenticationConfiguration uses SASL mechanism from
incorrect security Provider in some cases
------------------------------------------------------------------------------------------------------
Key: ELY-1203
URL:
https://issues.jboss.org/browse/ELY-1203
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Client
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Priority: Blocker
In our tests for PLAIN SASL mechanism in the AS testsuite we realized a wrong SaslClient
implementation is used. Instead of the Elytron one, the JDK provided one is used
({{com.sun.security.sasl.PlainClient}}).
The Elytron client builds the AuthenticationContext and runs executed code in this way:
{code:java}
AuthenticationConfiguration authnCfg =
AuthenticationConfiguration.EMPTY.allowSaslMechanisms(MECHANISM_PLAIN)
.useName(USERNAME).usePassword("wrongPassword")
.useProviders(() -> new Provider[] { new WildFlyElytronProvider() });
AuthenticationContext.empty().with(MatchRule.ALL, authnCfg).run(...)
{code}
It seems to be related to what's included on classpath. When we use the same code in
[
elytron-client-demo|https://github.com/jboss-security-qe/elytron-client-demo] the correct
mechanism is used.