Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.3.8.CR1, 7.3.8.GA
Affects Version/s: None
Component/s: Security
Labels:
None

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Release Note Text:
Undefined
Target Release:

7.3.z.GA
Git Pull Request:
https://github.com/wildfly-security/elytron-web/pull/188, https://github.com/wildfly/wildfly/pull/14473
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The login method assumes the httpAuthenticator will have already been set:

    @Override
    public boolean login(String username, String password) {
        if (httpAuthenticator == null) {
            log.trace("No HttpAuthenticator available for authentication.");
            return false;
        }

Instead we should adjust the code so the HttpAuthenticator will be created on demand for whichever method needs it first.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

simple-webapp.zip
63 kB
2021/04/28 9:36 AM

incorporates

ELYWEB-133 SecurityContextImpl.login incorrectly assumes authenticate would be called first.

Resolved

is cloned by

JBEAP-21738 [GSS](7.4.z) ELYWEB-113 - SecurityContextImpl.login incorrectly assumes authenticate would be called first.

Closed

is incorporated by

JBEAP-21739 (7.3.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.6.3.Final-redhat-00001

Closed

is related to

JBEAP-22618 (7.3.z) WFLY-15009 - Test Case for ELYWEB-133 - SecurityContextImpl.login incorrectly assumes authenticate would be called first.

Closed

Assignee:: Lin Gao

Reporter:: Brad Maxwell

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2021/04/23 8:21 PM

Updated:: 2024/10/01 8:18 PM

Resolved:: 2021/05/20 7:21 AM