[undertow-dev] WildFly 8.2.1 EJB Security and Custom Auth Mechanism.
Nick Stuart
nick at portlandwebworks.com
Wed Nov 1 08:48:41 EDT 2017
Thanks for the info Arjan, this is something I'll also look into. I have a
working solution at the moment (see other reply to Stuart), but as noted
still not 100% comfortable with it.
Luckily(?) we were already using a SecurityDomain configuration, so
modifying that to use JASPIC is not a huge difference from what we have
now. And as stated, the upgrade to wildfly 10/11 would be nice, but not in
my control at the moment.
-Nick
On Tue, Oct 31, 2017 at 5:55 PM, arjan tijms <arjan.tijms at gmail.com> wrote:
> Hi,
>
> On Tue, Oct 31, 2017 at 3:04 PM, Nick Stuart <nick at portlandwebworks.com>
> wrote:
>
>> Hello all, having an issue with a custom io.undertow.security.api.AuthenticationMechanism
>> implementation and EJB security on WildFly 8.2 and hoping someone can think
>> of a work around.
>>
>> Basic problem, user is authenticated via the AuthenticationMechanism, and
>> the web context sees the user just fine and their roles, but when we get to
>> the EJB calls the user is seen as 'anonymous'. The mechanism calls:
>>
>> sc.authenticationComplete(ac, mechanismName, true);
>> and returns:
>> AuthenticationMechanismOutcome.AUTHENTICATED;
>>
>
> This looks quite similar to a number of different fixes that were being
> done for WildFly when the caller authenticates via JASPIC. See some of the
> links here: https://jaspic.zeef.com/arjan.tijms#block_63051_
> implementations-issue-tracking
>
> You could try authenticating via JASPIC instead of AuthenticationMechanism
> to see if that makes a difference. JASPIC should really work, as I have
> been specifically testing WildFly for that. See http://arjan-tijms.
> omnifaces.org/2016/12/the-state-of-portable-authentication-in.html
>
>
> Any ideas would be greatly appreciated. Upgrading is going to be
>> considered a worst case scenario right now, and would like avoid it right
>> now if at all possible.
>>
>
> Just curious, but why would you want to avoid that? WildFly 8 corresponds
> to a very early version of JBoss EAP 7, while WildFly 10 is very close to
> the final release.
>
> Kind regards,
> Arjan Tijms
>
>
>
>>
>>
>> Thanks for the help!
>> -Nick
>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20171101/f0bac3b5/attachment.html
More information about the undertow-dev
mailing list