Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.0.1.CR1, 7.0.1.GA
Affects Version/s: None
Component/s: Undertow
Labels:
None

Affects:

Release Notes
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Release Note Status:
Documented as Known Issue
Target Release:

7.0.z.GA

Sprint:
EAP 7.0.1

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Add trace logging to the security constraint processing in wildfly/undertow.

Tomcat/JBossWeb logs the following:

11:32:09,709 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Security checking request GET /SimpleWar/Hello
11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[Secure Content]' against GET /Hello --> true
11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[Secure Content]' against GET /Hello --> true
11:32:09,709 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling hasUserDataPermission()
11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) User data constraint has no restrictions
11:32:09,710 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling authenticate()

...
...

11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Authenticated 'admin' with type 'BASIC'
11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling accessControl()
11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking roles GenericPrincipal[admin(JBossAdmin,manager,)]
11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) JBWEB000017: User [admin] has role [JBossAdmin]
11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Role found: JBossAdmin
11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Successfully passed all security constraints

This helps us (support) determine if the user is authenticated, what role is required for a specific resource.

This is going to be very difficult to support if we do not have this type of information.

causes

JBEAP-4453 Document JBEAP-3998 for RN

Closed

is cloned by

UNDERTOW-692 add trace logging to the security constraint processing in wildfly/undertow

Resolved

is incorporated by

JBEAP-4586 Upgrade Undertow to 1.3.22.Final

Closed

is related to

JBEAP-4927 (7.0.z) Provide username in trace logging for sec constraint during logout

Verified

Assignee:: Ingo Weiss

Reporter:: Derek Horton

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2016/04/19 2:50 PM

Updated:: 2021/10/24 6:29 AM

Resolved:: 2016/05/13 4:42 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates