Uploaded image for project: 'Elytron Web'
  1. Elytron Web
  2. ELYWEB-189

Re-authentication after reboot, even though HttpSession are persisted

XMLWordPrintable

    • Icon: Release Release
    • Resolution: Done
    • Icon: Major Major
    • 1.10.2.Final, 3.0.0.Final
    • None
    • None
    • None

      Run add-user command inside bin folder to add an application user.
      Run wildfly with the provided standalone-full-text.xml.
      Deploy the provided ee-security.war.
      Make a get request to http://localhost:8080/ee-security/secured (via browser or curl) and specify X-Username and X-Password headers with the previously chosen values.
      A JSESSIONID is returned and can be used instead of X-Username and X-Password to stay logged in.
      If you reboot the application server the JSESSIONID is no more valid and you need to login again.

      The war is built from this official example :
      https://github.com/wildfly/quickstart/tree/main/ee-security
      But it has been modified to have @AutoApplySession annotation on the TestAuthenticationMechanism.
      Anyway I also attached the source.

      This issue affects both HA and non HA profiles.

      In the provided standalone.xml HttpSessions are persisted via jdbc-store using an h2 file datasource.
      I also reproduced the issue with mysql datasources.

      I don't know what broke this, but for sure this worked previously on Wildfly 21 using old pickebox/legacy security subsystem.

              dvilkola@redhat.com Diana Krepinska (Inactive)
              dvilkola@redhat.com Diana Krepinska (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: