[undertow-dev] WildFly 8.2.1 EJB Security and Custom Auth Mechanism.

Darran Lofthouse darran.lofthouse at jboss.com
Wed Nov 1 04:28:45 EDT 2017 

FYI I am just in the process of planning the WildFly Elytron / JASPIC
implementation, this doc is far from complete but I am currently assembling
my thoughts and plans here: -

https://developer.jboss.org/wiki/AnalysisDesign-JASPICIntegrationWithWildFlyElytron

Most importantly this will also be a move to support true config provider
matching without requiring a deployment to be artificially associated to a
security domain just to switch on JASPIC support.

Regards,
Darran Lofthouse.


On Tue, 31 Oct 2017 at 23:12 arjan tijms <arjan.tijms at gmail.com> wrote:

> Hi,
>
> On Tue, Oct 31, 2017 at 3:04 PM, Nick Stuart <nick at portlandwebworks.com>
> wrote:
>
>> Hello all, having an issue with a
>> custom io.undertow.security.api.AuthenticationMechanism implementation and
>> EJB security on WildFly 8.2 and hoping someone can think of a work around.
>>
>> Basic problem, user is authenticated via the AuthenticationMechanism, and
>> the web context sees the user just fine and their roles, but when we get to
>> the EJB calls the user is seen as 'anonymous'. The mechanism calls:
>>
>> sc.authenticationComplete(ac, mechanismName, true);
>> and returns:
>> AuthenticationMechanismOutcome.AUTHENTICATED;
>>
>
> This looks quite similar to a number of different fixes that were being
> done for WildFly when the caller authenticates via JASPIC. See some of the
> links here:
> https://jaspic.zeef.com/arjan.tijms#block_63051_implementations-issue-tracking
>
> You could try authenticating via JASPIC instead of AuthenticationMechanism
> to see if that makes a difference. JASPIC should really work, as I have
> been specifically testing WildFly for that. See
> http://arjan-tijms.omnifaces.org/2016/12/the-state-of-portable-authentication-in.html
>
>
> Any ideas would be greatly appreciated. Upgrading is going to be
>> considered a worst case scenario right now, and would like avoid it right
>> now if at all possible.
>>
>
> Just curious, but why would you want to avoid that? WildFly 8 corresponds
> to a very early version of JBoss EAP 7, while WildFly 10 is very close to
> the final release.
>
> Kind regards,
> Arjan Tijms
>
>
>
>>
>>
>> Thanks for the help!
>> -Nick
>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20171101/d6ef2ea7/attachment-0001.html

More information about the undertow-dev mailing list