[jboss-jira] [JBoss JIRA] (WFCORE-2373) Elytron DIGEST misconfiguration not handled

Tue Mar 7 13:16:17 EST 2017

     [ https://issues.jboss.org/browse/WFCORE-2373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse moved WFLY-7700 to WFCORE-2373:
------------------------------------------------

        Project: WildFly Core  (was: WildFly)
            Key: WFCORE-2373  (was: WFLY-7700)
    Component/s: Security
                     (was: Security)


> Elytron DIGEST misconfiguration not handled
> -------------------------------------------
>
>                 Key: WFCORE-2373
>                 URL: https://issues.jboss.org/browse/WFCORE-2373
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Priority: Critical
>              Labels: user_experience
>
> When realm name from web.xml and server configuration differs, user is not informed about that fact. 
> Could misconfiguration be handled by failing during application deployment as application requirement could not be satisfied?
> {code:title=web.xml}
>   <login-config>
>       <auth-method>DIGEST</auth-method>
>       <realm-name>Secured kingdom</realm-name>
>   </login-config>
> {code}
> {code:title=standalone-elytron.xml}
> <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain">
>     <mechanism-configuration>
>         <mechanism mechanism-name="DIGEST">
>             <mechanism-realm realm-name="ApplicationRealm"/>
>         </mechanism>
>     </mechanism-configuration>
> </http-authentication-factory>
> {code}
> {code:title=server.log}
> 17:06:18,278 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback
> 17:06:18,282 TRACE [org.wildfly.security] (default task-1) New nonce generated AAAAAQAAGoxim7G7FMLLnVddA7s69JDh5sRsiZ5aEDhg7qf+dB2Rjs7xwrg=, using seed Secured kingdom
> 17:06:22,308 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback
> 17:06:22,311 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm]
> 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm]
> 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling RealmCallback: selected = [Secured kingdom]
> 17:06:22,314 TRACE [org.wildfly.security] (default task-2) New nonce generated AAAAAgAAGo1TCzTJDpmA8HsI2fS4ZfJ60KbECZU6edCP9UepmGnyV93iP6c=, using seed Secured kingdom
> {code}


--
This message was sent by Atlassian JIRA
(v7.2.3#72005)