[jboss-jira] [JBoss JIRA] (WFLY-2596) JASPI Web layer problems
Stuart Douglas (JIRA)
issues at jboss.org
Fri Jan 10 03:24:33 EST 2014
[ https://issues.jboss.org/browse/WFLY-2596?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas reassigned WFLY-2596:
------------------------------------
Assignee: Stefan Guilhen (was: Stuart Douglas)
Stefan is looking at the remaining failures
> JASPI Web layer problems
> ------------------------
>
> Key: WFLY-2596
> URL: https://issues.jboss.org/browse/WFLY-2596
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Undertow)
> Affects Versions: 8.0.0.CR1
> Environment: Fedora 19, x86_64
> Reporter: István Tóth
> Assignee: Stefan Guilhen
>
> I have found several problems in the current (master, trunk) Wildfly JASPI Web layer implementation
> Undertow related:
> ----------------------
> * It does not support pre-emptive authentication:
> When the ServerAuthenticationModule returns AUTH_SUCCESS and null userPrincipal, it should let the request fall through unathenticated, instead it is rejected.
> * It does not call secureResponse when the authentication was unsuccessful
> * It does not populate the org.jboss.security.SecurityContext, only the undertow Account structure.
> * It does not support the wrapper feature (Spec 3.8.3.5 and B.9)
> The attached pull request aims to fix the first three issues.
> Credits: This patch is based on Arjan Tijms' analysis, and suggested patches for the Jboss 7.X valve based authentitactor.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list