Re: [undertow-dev] WildFly 8.2.1 EJB Security and Custom Auth Mechanism.
Hi,
On Tue, Oct 31, 2017 at 3:04 PM, Nick Stuart <nick(a)portlandwebworks.com>
wrote:
Hello all, having an issue with a custom
io.undertow.security.api.AuthenticationMechanism
implementation and EJB security on WildFly 8.2 and hoping someone can think
of a work around.
Basic problem, user is authenticated via the AuthenticationMechanism, and
the web context sees the user just fine and their roles, but when we get to
the EJB calls the user is seen as 'anonymous'. The mechanism calls:
sc.authenticationComplete(ac, mechanismName, true);
and returns:
AuthenticationMechanismOutcome.AUTHENTICATED;
This looks quite similar to a number of different fixes that were being
done for WildFly when the caller authenticates via JASPIC. See some of the
links here:
https://jaspic.zeef.com/arjan.tijms#block_63051_implementations-issue-tra...
You could try authenticating via JASPIC instead of AuthenticationMechanism
to see if that makes a difference. JASPIC should really work, as I have
been specifically testing WildFly for that. See
http://arjan-tijms.omnifaces.org/2016/12/the-state-of-portable-authentica...
Any ideas would be greatly appreciated. Upgrading is going to be considered
a worst case scenario right now, and would like avoid it right now if
at
all possible.
Just curious, but why would you want to avoid that? WildFly 8 corresponds
to a very early version of JBoss EAP 7, while WildFly 10 is very close to
the final release.
Kind regards,
Arjan Tijms
Thanks for the help!
-Nick
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev
Attachments:
- attachment.html (text/html — 3.4 KB)