Hi,

On Tue, Oct 31, 2017 at 3:04 PM, Nick Stuart <nick@portlandwebworks.com> wrote:

Hello all, having an issue with a custom io.undertow.security.api.AuthenticationMechanism implementation and EJB security on WildFly 8.2 and hoping someone can think of a work around.

Basic problem, user is authenticated via the AuthenticationMechanism, and the web context sees the user just fine and their roles, but when we get to the EJB calls the user is seen as 'anonymous'. The mechanism calls:

sc.authenticationComplete(ac, mechanismName, true);

and returns:

AuthenticationMechanismOutcome.AUTHENTICATED;

This looks quite similar to a number of different fixes that were being done for WildFly when the caller authenticates via JASPIC. See some of the links here: https://jaspic.zeef.com/arjan.tijms#block_63051_implementations-issue-tracking

You could try authenticating via JASPIC instead of AuthenticationMechanism to see if that makes a difference. JASPIC should really work, as I have been specifically testing WildFly for that. See http://arjan-tijms.omnifaces.org/2016/12/the-state-of-portable-authentication-in.html

Any ideas would be greatly appreciated. Upgrading is going to be considered a worst case scenario right now, and would like avoid it right now if at all possible.

Just curious, but why would you want to avoid that? WildFly 8 corresponds to a very early version of JBoss EAP 7, while WildFly 10 is very close to the final release. 

Kind regards,

Arjan Tijms

 

Thanks for the help!

-Nick

_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev

_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev