[undertow-dev] UNDERTOW-577 - response code from SAM

arjan tijms arjan.tijms at gmail.com
Thu Dec 24 02:58:11 EST 2015 

Hi,

On Thu, Dec 24, 2015 at 2:00 AM, Stuart Douglas <sdouglas at redhat.com> wrote:

> Looks like I made a mistake in the JIRA, it should already be in Wildfly.
> Can you test it out?
>

I did a quick test yesterday with WF10 CR5 (using the above code) and it
still failed. When I manually applied the exact patch to Undertow 1.3..x in
WildFly 10 CR4 a few weeks back it worked. But to be absolutely sure I'll
double check again today. Thanks!

Kind regards,
Arjan Tijms




>
> Stuart
>
> ----- Original Message -----
> > From: "arjan tijms" <arjan.tijms at gmail.com>
> > To: "undertow-dev" <undertow-dev at lists.jboss.org>
> > Sent: Wednesday, 23 December, 2015 11:24:57 PM
> > Subject: [undertow-dev] UNDERTOW-577 - response code from SAM
> >
> > Hi,
> >
> > I wonder if it would make sense to port the (small) fix for UNDERTOW-577
> back
> > to Undertow 1.3.x, and hopefully still include this with WF 10 final.
> >
> > This concerns one of the last (known) larger bugs with JASPIC in WildFly.
> > Without this being fixed, something like the 403 or 404 from a SAM is not
> > possible, Returning a 403 is specifically needed for the BASIC scheme.
> >
> > For instance, the following JSR 375 authentication mechanism now works on
> > GlassFish, but throws a "UT010019: Response already commited" on WildFly
> > 10rc4/Undertow 1.3.11:
> >
> > public AuthStatus validateRequest(HttpServletRequest request,
> > HttpServletResponse response, HttpMsgContext httpMsgContext) throws
> > AuthException {
> > String[] credentials = getCredentials(request);
> > if (!isEmpty(credentials)) {
> > IdentityStore identityStore =
> > CDI.current().select(IdentityStore.class).get();
> > CredentialValidationResult result = identityStore.validate(
> > new UsernamePasswordCredential(credentials[0], new
> > Password(credentials[1])));
> >
> > if (result.getStatus() == VALID) {
> > return httpMsgContext.notifyContainerAboutLogin(
> > result.getCallerName(), result.getCallerGroups());
> > }
> > }
> > if (httpMsgContext.isProtected()) {
> > response.setHeader("WWW-Authenticate", basicHeaderValue);
> > return httpMsgContext.responseUnAuthorized();
> > }
> > return httpMsgContext.doNothing();
> > }
> >
> > The problem is the "httpMsgContext.responseUnAuthorized();" which does:
> >
> > try {
> > getResponse().sendError(SC_UNAUTHORIZED);
> > } catch (IOException e) {
> > throw new IllegalStateException(e);
> > }
> > return SEND_FAILURE;
> >
> > I'm not really sure what the schedule is for Undertow 1.4 vs a potential
> WF
> > 11 and/or EAP 7. If WF 11 is still far away and EAP 7 will be based on WF
> > 10, then it would really be great if this small but rather important fix
> > could still be included in WF 10.
> >
> > Kind regards,
> > Arjan Tijms
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > undertow-dev mailing list
> > undertow-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20151224/7f22e4dc/attachment-0001.html

More information about the undertow-dev mailing list