Thanks for the info Arjan, this is something I'll also look into. I have a
working solution at the moment (see other reply to Stuart), but as noted
still not 100% comfortable with it.
Luckily(?) we were already using a SecurityDomain configuration, so
modifying that to use JASPIC is not a huge difference from what we have
now. And as stated, the upgrade to wildfly 10/11 would be nice, but not in
my control at the moment.
-Nick
On Tue, Oct 31, 2017 at 5:55 PM, arjan tijms <arjan.tijms(a)gmail.com> wrote:
Hi,
On Tue, Oct 31, 2017 at 3:04 PM, Nick Stuart <nick(a)portlandwebworks.com>
wrote:
> Hello all, having an issue with a custom
io.undertow.security.api.AuthenticationMechanism
> implementation and EJB security on WildFly 8.2 and hoping someone can think
> of a work around.
>
> Basic problem, user is authenticated via the AuthenticationMechanism, and
> the web context sees the user just fine and their roles, but when we get to
> the EJB calls the user is seen as 'anonymous'. The mechanism calls:
>
> sc.authenticationComplete(ac, mechanismName, true);
> and returns:
> AuthenticationMechanismOutcome.AUTHENTICATED;
>
This looks quite similar to a number of different fixes that were being
done for WildFly when the caller authenticates via JASPIC. See some of the
links here:
https://jaspic.zeef.com/arjan.tijms#block_63051_
implementations-issue-tracking
You could try authenticating via JASPIC instead of AuthenticationMechanism
to see if that makes a difference. JASPIC should really work, as I have
been specifically testing WildFly for that. See
http://arjan-tijms.
omnifaces.org/2016/12/the-state-of-portable-authentication-in.html
Any ideas would be greatly appreciated. Upgrading is going to be
> considered a worst case scenario right now, and would like avoid it right
> now if at all possible.
>
Just curious, but why would you want to avoid that? WildFly 8 corresponds
to a very early version of JBoss EAP 7, while WildFly 10 is very close to
the final release.
Kind regards,
Arjan Tijms
>
>
> Thanks for the help!
> -Nick
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/undertow-dev
>