[jboss-jira] [JBoss JIRA] (WFLY-2596) JASPI Web layer problems
Tomaz Cerar (JIRA)
issues at jboss.org
Mon May 19 16:30:57 EDT 2014
[ https://issues.jboss.org/browse/WFLY-2596?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tomaz Cerar resolved WFLY-2596.
-------------------------------
Fix Version/s: 8.0.0.Final
Resolution: Done
PR was merged long ago.
> JASPI Web layer problems
> ------------------------
>
> Key: WFLY-2596
> URL: https://issues.jboss.org/browse/WFLY-2596
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Undertow)
> Affects Versions: 8.0.0.CR1
> Environment: Fedora 19, x86_64
> Reporter: István Tóth
> Assignee: Stefan Guilhen
> Fix For: 8.0.0.Final
>
>
> I have found several problems in the current (master, trunk) Wildfly JASPI Web layer implementation
> Undertow related:
> ----------------------
> * It does not support pre-emptive authentication:
> When the ServerAuthenticationModule returns AUTH_SUCCESS and null userPrincipal, it should let the request fall through unathenticated, instead it is rejected.
> * It does not call secureResponse when the authentication was unsuccessful
> * It does not populate the org.jboss.security.SecurityContext, only the undertow Account structure.
> * It does not support the wrapper feature (Spec 3.8.3.5 and B.9)
> The attached pull request aims to fix the first three issues.
> Credits: This patch is based on Arjan Tijms' analysis, and suggested patches for the Jboss 7.X valve based authentitactor.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the jboss-jira
mailing list