[jboss-jira] [JBoss JIRA] (WFLY-4618) JASPIC authentication processed on unsecured ressources
Gernot Müller (JIRA)
issues at jboss.org
Mon May 11 05:08:19 EDT 2015
Gernot Müller created WFLY-4618:
-----------------------------------
Summary: JASPIC authentication processed on unsecured ressources
Key: WFLY-4618
URL: https://issues.jboss.org/browse/WFLY-4618
Project: WildFly
Issue Type: Bug
Components: Security, Web (JBoss Web), Web (Undertow)
Affects Versions: 9.0.0.CR1, 8.2.0.Final
Reporter: Gernot Müller
Assignee: Darran Lofthouse
When using JASPIC authentication then in web-projects, then serving unsecured resources (like unsecured pages, css/js-resources) ends in calling configured JASPI auth-modules.
The problem is located in class JASPIAuthenticationMechanism (Undertow extension) where SecurityContext is never asked if the request has to be authenticated.
So JASPIC can't be used wor web-applications which consist of secured AND unsecured parts.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list