Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.5.CR1, 7.1.5.GA
Affects Version/s: 7.1.3.GA, 7.1.4.CR1
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.z.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1180

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

If you try to access unprotected resource with no Authorization header, BearerTokenAuthenticationMechanism sees it as a failed authentication so 401 is sent.

https://github.com/wildfly/quickstart/tree/master/jaxrs-jwt fails with "401 Unauthorized":

 client]$ mvn compile exec:java
...(snip)...
[INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ jaxrs-jwt-client ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-checkstyle-plugin:3.0.0:checkstyle (check-style) @ jaxrs-jwt-client ---
[INFO] Starting audit...
Audit done.
[INFO] 
[INFO] --- exec-maven-plugin:1.6.0:java (default-cli) @ jaxrs-jwt-client ---
------------------------------
Testing admin 
------------------------------
Obtaining JWT...
[WARNING] 
javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus (ClientInvocation.java:219)
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult (ClientInvocation.java:193)
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke (ClientInvocation.java:457)
    at org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder.post (ClientInvocationBuilder.java:211)
    at org.jboss.quickstarts.jaxrsjwt.client.JwtRestClient.test (JwtRestClient.java:70)
    at org.jboss.quickstarts.jaxrsjwt.client.JwtRestClient.main (JwtRestClient.java:50)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.mojo.exec.ExecJavaMojo$1.run (ExecJavaMojo.java:282)
    at java.lang.Thread.run (Thread.java:748)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

~~ELY-1510~~ is already fixed in the upstream (Elytrong 1.2.1.Final or later). I confirmed this issue does not happen with WildFly 13 and JBoss EAP 7.2.0.Beta.

Also, I backported the upstream patch to EAP 7.1.4 Elytron 1.1.10.Final with slight modification (need to change httpBearer.debugf(...) to log.debugf(...)), then I confirmed this issue is resolved with the patch. Please backport the patch to EAP 7.1.

is incorporated by

JBEAP-14939 (7.1.z) Upgrade Elytron from 1.1.10.Final to 1.1.11.Final

Closed

is related to

ELY-1510 Bearer authentication sends 401 to unprotected resources when no auth in progress

Resolved

relates to

WFLY-10884 Quickstart jaxrs-jwt should use the "jboss.server.config.dir" system property for the file path to jwt.keystore

Closed

Assignee:: Ilia Vassilev

Reporter:: Masafumi Miura

Tester:: Peter Mackay

QA Contact:: Peter Mackay

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2018/08/17 6:44 AM

Updated:: 2024/09/02 3:12 PM

Resolved:: 2018/09/11 2:21 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates