[wildfly-dev] Regression after WFLY-5298; request#authenticate does nothing now

arjan tijms arjan.tijms at gmail.com
Wed Sep 23 11:58:56 EDT 2015 

p.s. if I just revert JASPIAuthenticationMechanism to the previous
version, but leaving in the new JASPICInitialHandler, then everything
seems to work again. This is a bit of hacky workaround perhaps, but in
some quick testing it does do the trick.

On Wed, Sep 23, 2015 at 3:31 PM, arjan tijms <arjan.tijms at gmail.com> wrote:
> Hi,
>
> It looks like that after WFLY-5298 (this commit specifically
> https://github.com/wildfly/wildfly/commit/121a305c59c3619bb747681c62d099dfddd82709#diff-540388fb45365d1d79353d8b4552bcf6)
> HttpServletRequest#authenticate does not longer do anything.
>
> HttpServletRequest#authenticate calls though to
> JASPIAuthenticationMechanism#authenticate.
>
> There it now obtains the attachment that was set by the new
> JASPICInitialHandler, which calls the SAM at the beginning of the
> request. And then uses the stored "isValid" outcome directly, without
> calling the SAM again.
>
> See the code below:
>
>   public AuthenticationMechanismOutcome authenticate(final
> HttpServerExchange exchange, final SecurityContext sc) {
>         JASPICAttachment attachment =
> exchange.getAttachment(JASPICAttachment.ATTACHMENT_KEY);
>
>         AuthenticationMechanismOutcome outcome;
>         Account authenticatedAccount = null;
>
>         boolean isValid = attachment.isValid();
>         final ServletRequestContext requestContext =
> attachment.getRequestContext();
>         final JASPIServerAuthenticationManager sam = attachment.getSam();
>         final JASPICallbackHandler cbh = attachment.getCbh();
>
>         GenericMessageInfo messageInfo = attachment.getMessageInfo();
>         if (isValid) {
>             // The CBH filled in the JBOSS SecurityContext, we need to
> create an Undertow account based on that
>             org.jboss.security.SecurityContext jbossSct =
> SecurityActions.getSecurityContext();
>             authenticatedAccount =
> createAccount(attachment.getCachedAccount(), jbossSct);
>         }
>
> This is not correct I think. The code should call the SAM once again
> and use the outcome from that call.
>
> Am I missing something, or was the new call to the SAM simply
> forgotten at this point?
>
> Kind regards,
> Arjan Tijms

More information about the wildfly-dev mailing list