Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-10894

[WFLY] Tests for enabling constraint drive authentication mode for elytron

    XMLWordPrintable

Details

    • Hide

      1) Enable Elytron in EAP with "bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli"
      2) Setup constraint drive authentication:
      bin/jboss-cli.sh --connect "/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)"
      3) Deploy any test application without any authentication constraints. I used "helloworld" quickstart, but any unsecured resource will work
      4) Try to access the URL with basic auth:
      curl -u foo:bar http://localhost:8080/jboss-helloworld/ -v
      Note the user here is invalid.

      This will give a 401 HTTP response. However, with constraint driven authentication this should give the page.

      Show
      1) Enable Elytron in EAP with "bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli" 2) Setup constraint drive authentication: bin/jboss-cli.sh --connect "/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)" 3) Deploy any test application without any authentication constraints. I used "helloworld" quickstart, but any unsecured resource will work 4) Try to access the URL with basic auth: curl -u foo:bar http://localhost:8080/jboss-helloworld/ -v Note the user here is invalid. This will give a 401 HTTP response. However, with constraint driven authentication this should give the page.
    • Hide

      Don't use Elytron.

      Show
      Don't use Elytron.

    Description

      Integration code for JBEAP-15054

      When elytron is enabled constraint driven authentication method (i.e. proactive-authentication=false) has no effect.

      If you try to request an unsecured page sending in an invalid user with basic authentication, you should get the page returned with constraint drive authentication and a 401 with proactive authentication. This is what happens without Elytron enabled. But if you enable Elytron it gives a 401 in both cases.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-15168 [GSS](7.1.z) [EAP] constraint drive authentication method in undertow doesn't work with elytron

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              spyrkob Bartosz Spyrko-Smietanko
              spyrkob Bartosz Spyrko-Smietanko
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: