[jboss-jira] [JBoss JIRA] (WFLY-10861) MP Health - security enabled, no user yed added, user get info about adding user to access management interface, HTTP code is 200, should be 500

[Rostislav Svoboda (JIRA)]

    [ https://issues.jboss.org/browse/WFLY-10861?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13623626#comment-13623626 ] 

Rostislav Svoboda commented on WFLY-10861:
------------------------------------------

https://github.com/wildfly/wildfly/pull/11566 contains test coverage for secured endpoint scenarios.

WFCORE-4045 works fine for default configuration aka security impl by PicketBox

When switching to Elytron testcase MicroProfileHealthSecuredHTTPEndpointEmptyMgmtUsersTestCase fails
java.lang.AssertionError: expected:<500> but was:<401>
401 means Unauthorized

I tried following scenario:
 * https://github.com/wildfly/wildfly/blob/master/testsuite/shared/enable-elytron.cli 
 * /subsystem=microprofile-health-smallrye/:write-attribute(name=security-enabled, value=true)
 * start the server
 * curl -v http://localhost:9990/health

Response is 'HTTP/1.1 401 Unauthorized'.

So there is difference in behavior between PicketBox vs. Elytron.
Elytron goes to 401 Unauthorized and skips the "help" page with details that user must be added first.

[~jmesnil] [~dlofthouse] [~brian.stansberry] fyi

> MP Health - security enabled, no user yed added, user get info about adding user to access management interface, HTTP code is 200, should be 500
> ------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-10861
>                 URL: https://issues.jboss.org/browse/WFLY-10861
>             Project: WildFly
>          Issue Type: Bug
>          Components: Management, MP Health
>            Reporter: Rostislav Svoboda
>            Assignee: Kabir Khan
>            Priority: Blocker
>             Fix For: 14.0.0.CR1
>
>
> I do {{:write-attribute(name=security-enabled, value=true)}} ++ reload of the server
> Note: I didn't add user via {{bin/add-user.sh}}
> ----
> Kabir edit: the full command is: 
> /subsystem=microprofile-health-smallrye:write-attribute(name=security-enabled,value=true)
> ----
> When I'm trying to access http://127.0.0.1:9990/health I receive page which is there primarily for web console:
> {code}
> <h3>Your WildFly Application Server is running.</h3>
> <p>However you have <strong>not</strong> yet <strong>added any users</strong> to be able
>  to access the admin console.</p>
> <p>To add a new user execute the <code>add-user.sh</code> script within the bin folder of
>  your WildFly installation and enter the requested information.</p>
> {code}
> Can /health endpoint get customized response in case no mgmt user is defined on server side ?
> Current response can be little confusing if user is not yet so familiar with WildFly.
> -I marked this as minor bug.- ... see comments



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)