[jboss-jira] [JBoss JIRA] (WFLY-8742) Elytron programmatic AuthenticationContext configuration doesn't work for naming client

Darran Lofthouse (JIRA) issues at jboss.org
Thu Jun 8 06:09:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFLY-8742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13418151#comment-13418151 ] 

Darran Lofthouse commented on WFLY-8742:
----------------------------------------

After debugging the issue is not as broad a problem as suggested by the description: -

Calling AuthenticationConfiguration.empty() results in an AuthenticationConfiguration with a Provider[] Supplier that combines the service loader discovered providers with the globally installed providers.

Calling useDefaultProviders is resetting this and reverting to just using the globally installed providers so the Elytron providers are dropped.  This is fixed by ELY-1234.

However calling AuthenticationConfiguration.empty().useDefaultProviders() with all fixes in place is a redundant operation, the call to useDefaultProviders should be omitted anyway.


> Elytron programmatic AuthenticationContext configuration doesn't work for naming client
> ---------------------------------------------------------------------------------------
>
>                 Key: WFLY-8742
>                 URL: https://issues.jboss.org/browse/WFLY-8742
>             Project: WildFly
>          Issue Type: Bug
>          Components: Naming, Security
>            Reporter: Josef Cacek
>            Assignee: David Lloyd
>            Priority: Blocker
>
> Naming client doesn't handle correctly the Elytron AuthenticationContext API.
> * if the API is used then authentication fails (SASL mech is not configured as expected) - it fails in both cases: wildfly-config.xml present or not.
> {code:java}
>         AuthenticationContext.empty()
>                 .with(MatchRule.ALL, AuthenticationConfiguration.EMPTY.useDefaultProviders().allowSaslMechanisms("ANONYMOUS"))
>                 .run(() -> {
>                     doLookup("http-remoting://127.0.0.1:8080");
>                 });
> {code}
> * if the API is not used and wildfly-config.xml is present, then the client works correctly
> {code:java}
> doLookup("http-remoting://127.0.0.1:8080");
> {code}
> {code:xml}
> <configuration>
> 	<authentication-client xmlns="urn:elytron:1.0">
> 		<authentication-rules>
> 			<rule use-configuration="authn" />
> 		</authentication-rules>
> 		<authentication-configurations>
> 			<configuration name="authn">
> 				<allow-sasl-mechanisms  names="ANONYMOUS"/>
> 				<use-service-loader-providers />
> 			</configuration>
> 		</authentication-configurations>
> 	</authentication-client>
> </configuration>
> {code}
> This blocks RFEs EAP7-567 and EAP7-284.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list