[jboss-jira] [JBoss JIRA] (WFLY-9561) WildFly - Elytron - Programmatic login

Darran Lofthouse (JIRA) issues at jboss.org
Tue Nov 21 09:18:02 EST 2017 

     [ https://issues.jboss.org/browse/WFLY-9561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated WFLY-9561:
-----------------------------------
    Issue Type: Bug  (was: Feature Request)


> WildFly - Elytron - Programmatic login
> --------------------------------------
>
>                 Key: WFLY-9561
>                 URL: https://issues.jboss.org/browse/WFLY-9561
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security, Web (Undertow)
>    Affects Versions: 11.0.0.Final
>            Reporter: Stanislav Grushevskiy
>            Assignee: Darran Lofthouse
>         Attachments: test.zip
>
>
> If Elytron security domain (in WildFly 11, default "standalone.xml") is used for programmatic login, cookie "JSESSIONID" is not set in response. So following requests are sent without "JSESSIONID".
> @Path("login")
> public class LoginService {
>     @Context
>     private HttpServletRequest request;
>     @POST
>     public void login(LoginForm form) throws ServletException {
>         request.login(form.getLogin(), form.getPassword());
>     }
> }
> <?xml version="1.0" encoding="UTF-8"?>
> <jboss-web>
>     <security-domain>application-security-domain</security-domain>
> </jboss-web>
> If I add manual interaction with Session in login method, "JSESSIONID" is set.
> OR
> If I delete "jboss-web.xml" and default old "ApplicationRealm" is used, "JSESSIONID" is set.
> "JSESSIONID" is set in WildFly 10.0.0.Final and in 10.1.0.Final, because there is no Elytron there and "ApplicationRealm" is used.
> Test project is attached, create application user (add-user.sh) with username "wildfly" and password "wildfly".
> Run "mvn wildfly:deploy".
> Go to http://localhost:8080/test/test.html and press "Login" button and then "Check Auth".
> In this project you can uncomment code below (//   uncomment the row below to get it working with elytron) to add session interaction or comment code below (<!-- comment the row below to use default ApplicationRealm from old security system, not elytron -->) to use old "ApplicationRealm".



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list