Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.2.1.CR1, 7.2.1.GA
Affects Version/s: 7.1.5.GA, 7.2.0.GA
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.2.z.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1224, https://github.com/wildfly-security/wildfly-elytron/pull/1233
Steps to Reproduce:

Hide

Configure Elyton Identity Propagation using PLAIN as per: https://access.redhat.com/solutions/3166981

Deploy Spring Security app, that uses httpRequest.login to authenticate and then make a remote EJB call.

Show
Configure Elyton Identity Propagation using PLAIN as per: https://access.redhat.com/solutions/3166981 Deploy Spring Security app, that uses httpRequest.login to authenticate and then make a remote EJB call.

SFDC Cases Counter:
SFDC Cases Links:

Spring Security uses HttpServletRequest.login() to set the Principal.

In general, programmatic web authentication via HttpServletRequest.login() works fine, but when Elytron Identity Propagation is configured, the Identity that gets set by HttpServletRequest.login() does not get propagated.

It results in:

org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available
         at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:592)
         at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:528)
         at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56)
...
         Suppressed: org.jboss.ejb.client.RequestSendFailedException
                 at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:101)
...
         Caused by: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (PLAIN) are supported
                 at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:444)
...

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

reproducer.zip
17 kB
2019/01/11 6:21 PM
server.log.gz
17 kB
2019/01/24 3:44 PM
spring-security-overlay.zip
7.72 MB
2019/01/24 3:48 PM
spring-security-overlay.zip
5.86 MB
2019/01/23 1:41 PM

incorporates

ELY-1464 Programatic authentication should be caching the SecurityIdentity not the name of the identity

Resolved

ELY-1747 Programmatic web authentication does not save the password as a credential

Resolved

is incorporated by

JBEAP-16146 (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final

Closed

is related to

WFLY-11787 Add test case for JBEAP-16152: identity propagation does not work when programmatic web authentication via HttpServletRequest.login() is used

Reopened

relates to

WFLY-11787 Add test case for JBEAP-16152: identity propagation does not work when programmatic web authentication via HttpServletRequest.login() is used

Reopened

links to

KCS

(1 links to)

Assignee:: Ilia Vassilev

Reporter:: Brad Maxwell

Tester:: Daniel Cihak

QA Contact:: Daniel Cihak

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2019/01/11 4:47 PM

Updated:: 2022/06/10 11:43 AM

Resolved:: 2019/02/14 4:32 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates