[undertow-dev] WildFly 8.2.1 EJB Security and Custom Auth Mechanism.
Stuart Douglas
sdouglas at redhat.com
Tue Oct 31 17:51:54 EDT 2017
I assume you are not using the IdentityManager in your custom impl?
This is what causes the Wildfly issues, as the Wildfly SecurityContext
setup is done there. You will probably need to duplicate some of the
code in org.wildfly.extension.undertow.security.JAASIdentityManagerImpl
into your custom auth mechanism (the bit in
org.wildfly.extension.undertow.security.JAASIdentityManagerImpl#verifyCredential
that sets up the context).
I would recomment upgrading to Wildfly 11, there have been a *lot* of
fixes since 8.1.
Stuart
On Wed, Nov 1, 2017 at 1:04 AM, Nick Stuart <nick at portlandwebworks.com> wrote:
> Hello all, having an issue with a custom
> io.undertow.security.api.AuthenticationMechanism implementation and EJB
> security on WildFly 8.2 and hoping someone can think of a work around.
>
> Basic problem, user is authenticated via the AuthenticationMechanism, and
> the web context sees the user just fine and their roles, but when we get to
> the EJB calls the user is seen as 'anonymous'. The mechanism calls:
>
> sc.authenticationComplete(ac, mechanismName, true);
> and returns:
> AuthenticationMechanismOutcome.AUTHENTICATED;
>
> The resources I'm calling are configured as being protected through the
> web.xml and all of that is working as expected.
>
> Another note, I am able to get this to work in WildFly 10.1, but only with
> (what I think is) a bit of hack. The following code is required for EJB
> Security to work:
>
> sc.authenticationComplete(ac, mechanismName, true);
> sc.login(ac.getUsername(), "");
> sc.authenticate();
>
> This same code in 8.2 causes an infinite recursion issue. Even working
> around that (with another hack) this still doesn't work.
>
> Any ideas would be greatly appreciated. Upgrading is going to be considered
> a worst case scenario right now, and would like avoid it right now if at all
> possible.
>
> Thanks for the help!
> -Nick
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
More information about the undertow-dev
mailing list