[jboss-jira] [JBoss JIRA] (WFLY-9561) HttpServletRequest.login(username, password) not creating HttpSession if it doesn't already exist. (Elytron)

Darran Lofthouse (Jira) issues at jboss.org
Tue Dec 18 08:10:02 EST 2018 

     [ https://issues.jboss.org/browse/WFLY-9561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFLY-9561.
------------------------------------
    Resolution: Done


> HttpServletRequest.login(username, password) not creating HttpSession if it doesn't already exist. (Elytron)
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-9561
>                 URL: https://issues.jboss.org/browse/WFLY-9561
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security, Web (Undertow)
>    Affects Versions: 11.0.0.Final
>            Reporter: Stanislav Grushevskiy
>            Assignee: Darran Lofthouse
>            Priority: Major
>             Fix For: 12.0.0.Final
>
>         Attachments: test.zip
>
>
> If Elytron security domain (in WildFly 11, default "standalone.xml") is used for programmatic login, cookie "JSESSIONID" is not set in response. So following requests are sent without "JSESSIONID".
> @Path("login")
> public class LoginService {
>     @Context
>     private HttpServletRequest request;
>     @POST
>     public void login(LoginForm form) throws ServletException {
>         request.login(form.getLogin(), form.getPassword());
>     }
> }
> <?xml version="1.0" encoding="UTF-8"?>
> <jboss-web>
>     <security-domain>application-security-domain</security-domain>
> </jboss-web>
> If I add manual interaction with Session in login method, "JSESSIONID" is set.
> OR
> If I delete "jboss-web.xml" and default old "ApplicationRealm" is used, "JSESSIONID" is set.
> "JSESSIONID" is set in WildFly 10.0.0.Final and in 10.1.0.Final, because there is no Elytron there and "ApplicationRealm" is used.
> Test project is attached, create application user (add-user.sh) with username "wildfly" and password "wildfly".
> Run "mvn wildfly:deploy".
> Go to http://localhost:8080/test/test.html and press "Login" button and then "Check Auth".
> In this project you can uncomment code below (//   uncomment the row below to get it working with elytron) to add session interaction or comment code below (<!-- comment the row below to use default ApplicationRealm from old security system, not elytron -->) to use old "ApplicationRealm".



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list