[jboss-jira] [JBoss JIRA] (ELY-1192) HTTP status 500 when no principal is returned by aggregate-principal-transformer
Farah Juma (JIRA)
issues at jboss.org
Tue Sep 12 16:14:01 EDT 2017
[ https://issues.jboss.org/browse/ELY-1192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farah Juma resolved ELY-1192.
-----------------------------
Resolution: Out of Date
Resolving this one since the corresponding JBEAP issue was resolved.
> HTTP status 500 when no principal is returned by aggregate-principal-transformer
> --------------------------------------------------------------------------------
>
> Key: ELY-1192
> URL: https://issues.jboss.org/browse/ELY-1192
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta42
> Reporter: Ondrej Lukas
>
> In case security domain used by deployed application uses {{aggregate-principal-transformer}} which includes some {{principal-transformers}} and none of them returns non-null principal then HTTP status 500 with 'ELY01003: No authentication is in progress' is returned by application. It causes that authentication cannot be repeated (e.g. when user provides some typo in username). It should rather throw HTTP status 401 to allow repeating authentication process.
> This situation can happen if {{aggregate-principal-transformer}} is used as decision tree (see [1] for details) and uses only transformers which can return null principal (e.g. only chained-principal-transformers).
> This happens when {{aggregate-principal-transformer}} is used in {{pre-realm-principal-transformer}} for security domain. It does not happen when {{aggregate-principal-transformer}} is used in {{principal-transformer}} for realm in security domain.
> [1] https://issues.jboss.org/browse/JBEAP-9628?focusedCommentId=13399462&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13399462
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list