[jboss-jira] [JBoss JIRA] (WFCORE-5028) CallbackHandler from CLI overriding discovered wildfly-config for authentication.
Jeff Mesnil (Jira)
issues at jboss.org
Mon Jul 6 03:09:18 EDT 2020
[ https://issues.redhat.com/browse/WFCORE-5028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Mesnil updated WFCORE-5028:
--------------------------------
Fix Version/s: 12.0.3.Final
(was: 12.0.2.Final)
> CallbackHandler from CLI overriding discovered wildfly-config for authentication.
> ---------------------------------------------------------------------------------
>
> Key: WFCORE-5028
> URL: https://issues.redhat.com/browse/WFCORE-5028
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 12.0.3.Final, 13.0.0.Beta2
>
>
> WFCORE-4976 made an update to ProtocolConnectionUtils so that a supplied CallbackHandler takes priority - this works where a client is using ModelControllerClient.create() and passing in a CallbackHandler as we should take that as an indication that the caller wants control of authentication.
> However by fixing in ProtocolConnectionUtils it has also picked up the case where the CLI passes in the CallbackHandler - that case however should only use the CBH if the information can not be obtained from the AuthenticationConfiguration. This call does not come via ModelControllerClient but both paths meet at ProtocolConnectionUtils.
> Either the adjustment of the AuthenticationContext to give the CallbackHandler should happen in ModelControllerClient - or an additional boolean should be passed into ProtocolConnectionUtils to indicate if the CallbackHandler should be given priority. The latter may be a less invasive evolution of the fix prepared so far.
>
>
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list