I assume you are not using the IdentityManager in your custom impl?
This is what causes the Wildfly issues, as the Wildfly SecurityContext
setup is done there. You will probably need to duplicate some of the
code in org.wildfly.extension.undertow.security.JAASIdentityManagerImpl
into your custom auth mechanism (the bit in
org.wildfly.extension.undertow.security.JAASIdentityManagerImpl#verifyCredential
that sets up the context).
I would recomment upgrading to Wildfly 11, there have been a *lot* of
fixes since 8.1.
Stuart
On Wed, Nov 1, 2017 at 1:04 AM, Nick Stuart <nick(a)portlandwebworks.com> wrote:
Hello all, having an issue with a custom
io.undertow.security.api.AuthenticationMechanism implementation and EJB
security on WildFly 8.2 and hoping someone can think of a work around.
Basic problem, user is authenticated via the AuthenticationMechanism, and
the web context sees the user just fine and their roles, but when we get to
the EJB calls the user is seen as 'anonymous'. The mechanism calls:
sc.authenticationComplete(ac, mechanismName, true);
and returns:
AuthenticationMechanismOutcome.AUTHENTICATED;
The resources I'm calling are configured as being protected through the
web.xml and all of that is working as expected.
Another note, I am able to get this to work in WildFly 10.1, but only with
(what I think is) a bit of hack. The following code is required for EJB
Security to work:
sc.authenticationComplete(ac, mechanismName, true);
sc.login(ac.getUsername(), "");
sc.authenticate();
This same code in 8.2 causes an infinite recursion issue. Even working
around that (with another hack) this still doesn't work.
Any ideas would be greatly appreciated. Upgrading is going to be considered
a worst case scenario right now, and would like avoid it right now if at all
possible.
Thanks for the help!
-Nick
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev