[jboss-jira] [JBoss JIRA] (WFLY-9561) WildFly - Elytron - Programmatic login

Tue Nov 21 09:06:00 EST 2017

Stanislav Grushevskiy created WFLY-9561:
-------------------------------------------

             Summary: WildFly - Elytron - Programmatic login
                 Key: WFLY-9561
                 URL: https://issues.jboss.org/browse/WFLY-9561
             Project: WildFly
          Issue Type: Feature Request
          Components: REST, Security, Web (Undertow)
    Affects Versions: 11.0.0.Final
            Reporter: Stanislav Grushevskiy
            Assignee: Alessio Soldano
             Fix For: 10.x.x TBD
         Attachments: test.zip

If Elytron security domain (in WildFly 11, default "standalone.xml") is used for programmatic login, cookie "JSESSIONID" is not set in response. So following requests are sent without "JSESSIONID".

@Path("login")

public class LoginService {

    @Context
    private HttpServletRequest request;

    @POST
    public void login(LoginForm form) throws ServletException {
        request.login(form.getLogin(), form.getPassword());
    }
}

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>application-security-domain</security-domain>
</jboss-web>

If I add manual interaction with Session in login method, "JSESSIONID" is set.
OR
If I delete "jboss-web.xml" and default old "ApplicationRealm" is used, "JSESSIONID" is set.

"JSESSIONID" is set in WildFly 10.0.0.Final and in 10.1.0.Final, because there is no Elytron there and "ApplicationRealm" is used.

Test project is attached, create application user (add-user.sh) with username "wildfly" and password "wildfly".
Run "mvn wildfly:deploy".
Go to http://localhost:8080/test/test.html and press "Login" button and then "Check Auth".

In this project you can uncomment code below (//   uncomment the row below to get it working with elytron) to add session interaction or comment code below () to use old "ApplicationRealm".

--
This message was sent by Atlassian JIRA
(v7.5.0#75005)