[jboss-jira] [JBoss JIRA] (WFLY-13141) JASPIC module's initialize() is called multiple times

Hisanobu Okuda (Jira) issues at jboss.org
Thu Feb 20 07:08:00 EST 2020 

    [ https://issues.redhat.com/browse/WFLY-13141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977487#comment-13977487 ] 

Hisanobu Okuda commented on WFLY-13141:
---------------------------------------

In org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.handleJASPIMechanism(),  JASPICAuthenticationMechanism and JASPICSecureResponseHandler are registered. But either is enough and the other should not be needed. Perhaps,  JASPICSecureResponseHandler is not needed.

{code}
    private void handleJASPIMechanism(final DeploymentInfo deploymentInfo) {
        ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain);

        if (applicationPolicy != null && JASPIAuthenticationInfo.class.isInstance(applicationPolicy.getAuthenticationInfo())) {
            String authMethod = null;
            LoginConfig loginConfig = deploymentInfo.getLoginConfig();
            if (loginConfig != null && loginConfig.getAuthMethods().size() > 0) {
                authMethod = loginConfig.getAuthMethods().get(0).getName();
            }
            deploymentInfo.setJaspiAuthenticationMechanism(new JASPICAuthenticationMechanism(securityDomain, authMethod));
            deploymentInfo.setSecurityContextFactory(new JASPICSecurityContextFactory(this.securityDomain));
            deploymentInfo.addOuterHandlerChainWrapper(next -> new JASPICSecureResponseHandler(next)); <== should be removed?
        }
    }
{code}


> JASPIC module's initialize() is called multiple times
> -----------------------------------------------------
>
>                 Key: WFLY-13141
>                 URL: https://issues.redhat.com/browse/WFLY-13141
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 20.0.0.Beta1
>            Reporter: Hisanobu Okuda
>            Priority: Major
>         Attachments: reproducer.tar.gz
>
>
> JASPIC module's initialize() is called multiple times.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list