[jboss-jira] [JBoss JIRA] (WFLY-2596) JASPI Web layer problems
István Tóth (JIRA)
jira-events at lists.jboss.org
Mon Dec 2 16:11:06 EST 2013
István Tóth created WFLY-2596:
---------------------------------
Summary: JASPI Web layer problems
Key: WFLY-2596
URL: https://issues.jboss.org/browse/WFLY-2596
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Web (Undertow)
Affects Versions: 8.0.0.CR1
Environment: Fedora 19, x86_64
Reporter: István Tóth
Assignee: Stuart Douglas
I have found several problems in the current (master, trunk) Wildfly JASPI Web layer implementation
Undertow related:
----------------------
* It does not support pre-emptive authentication:
When the ServerAuthenticationModule returns AUTH_SUCCESS and null userPrincipal, it should let the request fall through unathenticated, instead it is rejected.
* It does not call secureResponse when the authentication was unsuccessful
* It does not populate the org.jboss.security.SecurityContext, only the undertow Account structure.
* It does not support the wrapper feature (Spec 3.8.3.5 and B.9)
The attached pull request aims to fix the first three issues.
Credits: This patch is based on Arjan Tijms' analysis, and suggested patches for the Jboss 7.X valve based authentitactor.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list