Uploaded image for project: 'Elytron Web'
  1. Elytron Web
  2. ELYWEB-8

constraint drive authentication method in undertow doesn't work with elytron

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.0.2.Final, 1.2.1.Final
    • 1.1.0.Final, 1.2.0.Final
    • None
    • None
    • Hide

      1) Enable Elytron in EAP with "bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli"
      2) Setup constraint drive authentication:
      bin/jboss-cli.sh --connect "/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)"
      3) Deploy any test application without any authentication constraints. I used "helloworld" quickstart, but any unsecured resource will work
      4) Try to access the URL with basic auth:
      curl -u foo:bar http://localhost:8080/jboss-helloworld/ -v
      Note the user here is invalid.

      This will give a 401 HTTP response. However, with constraint driven authentication this should give the page.

      Show
      1) Enable Elytron in EAP with "bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli" 2) Setup constraint drive authentication: bin/jboss-cli.sh --connect "/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)" 3) Deploy any test application without any authentication constraints. I used "helloworld" quickstart, but any unsecured resource will work 4) Try to access the URL with basic auth: curl -u foo:bar http://localhost:8080/jboss-helloworld/ -v Note the user here is invalid. This will give a 401 HTTP response. However, with constraint driven authentication this should give the page.
    • Hide

      Don't use Elytron.

      Show
      Don't use Elytron.

      When elytron is enabled constraint driven authentication method (i.e. proactive-authentication=false) has no effect.

      If you try to request an unsecured page sending in an invalid user with basic authentication, you should get the page returned with constraint drive authentication and a 401 with proactive authentication. This is what happens without Elytron enabled. But if you enable Elytron it gives a 401 in both cases.

              spyrkob Bartosz Spyrko-Smietanko
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: