Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.6.CR1, 7.1.6.GA
Affects Version/s: 7.1.3.GA
Component/s: Security, Undertow
Labels:
- test_included

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Target Release:

7.1.z.GA
Workaround Description:

Hide

Don't use Elytron.

Show
Don't use Elytron.
Git Pull Request:
https://github.com/jbossas/jboss-eap7/pull/2729
Steps to Reproduce:

Hide

1) Enable Elytron in EAP with "bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli"
2) Setup constraint drive authentication:
bin/jboss-cli.sh --connect "/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)"
3) Deploy any test application without any authentication constraints. I used "helloworld" quickstart, but any unsecured resource will work
4) Try to access the URL with basic auth:
curl -u foo:bar http://localhost:8080/jboss-helloworld/ -v
Note the user here is invalid.

This will give a 401 HTTP response. However, with constraint driven authentication this should give the page.

Show
1) Enable Elytron in EAP with "bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli" 2) Setup constraint drive authentication: bin/jboss-cli.sh --connect "/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)" 3) Deploy any test application without any authentication constraints. I used "helloworld" quickstart, but any unsecured resource will work 4) Try to access the URL with basic auth: curl -u foo:bar http://localhost:8080/jboss-helloworld/ -v Note the user here is invalid. This will give a 401 HTTP response. However, with constraint driven authentication this should give the page.

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When elytron is enabled constraint driven authentication method (i.e. proactive-authentication=false) has no effect.

If you try to request an unsecured page sending in an invalid user with basic authentication, you should get the page returned with constraint drive authentication and a 401 with proactive authentication. This is what happens without Elytron enabled. But if you enable Elytron it gives a 401 in both cases.

clones

WFLY-10894 [WFLY] Tests for enabling constraint drive authentication mode for elytron

Closed

is blocked by

JBEAP-15054 [GSS](7.1.z) [ELY] constraint drive authentication method in undertow doesn't work with elytron

Closed

JBEAP-15217 (7.1.z) Upgrade Elytron Web from 1.0.1.Final to 1.0.2.Final

Closed

is related to

ELYWEB-13 Enable constrain driven auth mode during deployment

Resolved

Assignee:: Bartosz Spyrko-Smietanko

Reporter:: Bartosz Spyrko-Smietanko

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2018/08/02 9:29 AM

Updated:: 2021/10/07 5:56 PM

Resolved:: 2018/12/11 3:12 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates