[jboss-jira] [JBoss JIRA] (WFLY-7700) Elytron DIGEST misconfiguration not handled

Martin Choma (JIRA) issues at jboss.org
Tue Nov 29 11:12:03 EST 2016 

     [ https://issues.jboss.org/browse/WFLY-7700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma moved JBEAP-7570 to WFLY-7700:
-------------------------------------------

        Project: WildFly  (was: JBoss Enterprise Application Platform)
            Key: WFLY-7700  (was: JBEAP-7570)
       Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
    Component/s: Security
                     (was: Security)
                     (was: User Experience)


> Elytron DIGEST misconfiguration not handled
> -------------------------------------------
>
>                 Key: WFLY-7700
>                 URL: https://issues.jboss.org/browse/WFLY-7700
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Priority: Critical
>              Labels: user_experience
>
> When realm name from web.xml and server configuration differs, user is not informed about that fact. 
> Could misconfiguration be handled by failing during application deployment as application requirement could not be satisfied?
> {code:title=web.xml}
>   <login-config>
>       <auth-method>DIGEST</auth-method>
>       <realm-name>Secured kingdom</realm-name>
>   </login-config>
> {code}
> {code:title=standalone-elytron.xml}
> <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain">
>     <mechanism-configuration>
>         <mechanism mechanism-name="DIGEST">
>             <mechanism-realm realm-name="ApplicationRealm"/>
>         </mechanism>
>     </mechanism-configuration>
> </http-authentication-factory>
> {code}
> {code:title=server.log}
> 17:06:18,278 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback
> 17:06:18,282 TRACE [org.wildfly.security] (default task-1) New nonce generated AAAAAQAAGoxim7G7FMLLnVddA7s69JDh5sRsiZ5aEDhg7qf+dB2Rjs7xwrg=, using seed Secured kingdom
> 17:06:22,308 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback
> 17:06:22,311 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm]
> 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm]
> 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling RealmCallback: selected = [Secured kingdom]
> 17:06:22,314 TRACE [org.wildfly.security] (default task-2) New nonce generated AAAAAgAAGo1TCzTJDpmA8HsI2fS4ZfJ60KbECZU6edCP9UepmGnyV93iP6c=, using seed Secured kingdom
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list