-
Enhancement
-
Resolution: Won't Do
-
Critical
-
None
-
7.1.0.ER2
-
None
One of the scenarios which are expected to work in Elytron is a Security context propagation from a protected EJB to a protected Servlet using HttpUrlConnection (details in RFE EAP7-284).
The scenario doesn't work for me. My configuration:
EJB client -> protected EJB on server-1 -> protected Servlet on server-2 (BASIC authn)
The EJB contains following code:
final Callable<String> callable = () -> { URLConnection conn = url.openConnection(); conn.connect(); try (InputStream is = conn.getInputStream()) { return IOUtils.toString(is, StandardCharsets.UTF_8); } }; AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty() .useForwardedIdentity(SecurityDomain.getCurrent()) .setSaslMechanismSelector(SaslMechanismSelector.ALL)) .runCallable(callable);
The server-2 returns 401:
java.io.IOException: Server returned HTTP response code: 401 for URL: http://127.0.0.1:8180/seccontext-server2/whoAmI at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474) at org.wildfly.test.manual.elytron.seccontext.EntryBean.lambda$readUrl$1(EntryBean.java:69)
There is still a chance, the problem is in the scenario configuration, but the documentation is silent about this topic.
The problem could be in a missing integration of ElytronAuthenticator within the AuthenticationContext. I don't see it used when I debug the scenario. When I register the authenticator manually, I see another problem which will be reported in a separate JIRA.
- is blocked by
-
WFCORE-3713 HttpClientURLConnection breaks the TCK
-
- Closed
-
-
WFLY-10004 Removing modules moved into wildfly-core for wildfly-url-http integration
-
- Closed
-
- is cloned by
-
-
- Closed
-
- is incorporated by
-
JBEAP-12390 Upgrade WildFly Elytron to 1.1.0.CR5
-
- Closed
-
- is related to
-
-
- Closed
-
