-
Enhancement
-
Resolution: Won't Do
-
Critical
-
None
-
None
One of the scenarios which are expected to work in Elytron is a Security context propagation from a protected EJB to a protected Servlet using HttpUrlConnection (details in RFE EAP7-284).
The scenario doesn't work for me. My configuration:
EJB client -> protected EJB on server-1 -> protected Servlet on server-2 (BASIC authn)
The EJB contains following code:
final Callable<String> callable = () -> { URLConnection conn = url.openConnection(); conn.connect(); try (InputStream is = conn.getInputStream()) { return IOUtils.toString(is, StandardCharsets.UTF_8); } }; AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty() .useForwardedIdentity(SecurityDomain.getCurrent()) .setSaslMechanismSelector(SaslMechanismSelector.ALL)) .runCallable(callable);
The server-2 returns 401:
java.io.IOException: Server returned HTTP response code: 401 for URL: http://127.0.0.1:8180/seccontext-server2/whoAmI at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1876) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474) at org.wildfly.test.manual.elytron.seccontext.EntryBean.lambda$readUrl$1(EntryBean.java:69)
There is still a chance, the problem is in the scenario configuration, but the documentation is silent about this topic.
The problem could be in a missing integration of ElytronAuthenticator within the AuthenticationContext. I don't see it used when I debug the scenario. When I register the authenticator manually, I see another problem which will be reported in a separate JIRA.
- causes
-
JBWS-4109 Failures of response headers checking tests with latest wildfly
-
- Closed
-
- clones
-
-
- Closed
-
- is blocked by
-
-
- Resolved
-
- is related to
-
-
- Closed
-
-
WFLY-10004 Removing modules moved into wildfly-core for wildfly-url-http integration
-
- Closed
-
