Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 25.0.0.Beta1, 25.0.0.Final
Affects Version/s: None
Component/s: Security, Test Suite
Labels:
None

Steps to Reproduce:
Hide

Run wildfly with standalone-full configuration

Change configuration via cli ( example-web-app-elytron-config.cli)

then after deploying the target/simple-webapp.war, the verification can be done as following:

access to protected page directly:

Unable to find source-code formatter for language: java. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
curl -i "http://localhost:8080/simple-webapp/main/"

the login page should be back, this acts the same with and without the fix

access the protected page but the custom http handler will login:

curl -i "http://localhost:8080/simple-webapp/main/?login=true"

before the fix, you will get 500, and server will have UT010031: Login failed
after the fix, you can see the protected page content.
Show
Run wildfly with standalone-full configuration Change configuration via cli ( example-web-app-elytron-config.cli) then after deploying the target/simple-webapp.war, the verification can be done as following: access to protected page directly: Unable to find source-code formatter for language: java. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml curl -i "http: //localhost:8080/simple-webapp/main/" the login page should be back, this acts the same with and without the fix access the protected page but the custom http handler will login: curl -i "http: //localhost:8080/simple-webapp/main/?login= true " before the fix, you will get 500, and server will have UT010031: Login failed after the fix, you can see the protected page content.
Release Note Text:
Undefined
Git Pull Request:
https://github.com/wildfly/wildfly/pull/14473, https://github.com/wildfly-security/elytron-web/pull/190, https://github.com/wildfly-security/elytron-web/pull/189, https://github.com/wildfly-security/elytron-web/pull/188

The login method assumes the httpAuthenticator will have already been set:

    @Override
    public boolean login(String username, String password) {
        if (httpAuthenticator == null) {
            log.trace("No HttpAuthenticator available for authentication.");
            return false;
        }

Instead we should adjust the code so the HttpAuthenticator will be created on demand for whichever method needs it first.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

simple-webapp.zip
63 kB
2021/07/14 12:17 PM

is cloned by

ELYWEB-133 SecurityContextImpl.login incorrectly assumes authenticate would be called first.

Resolved

JBEAP-22560 (7.4.z) WFLY-15009 - Test Case for ELYWEB-133 - SecurityContextImpl.login incorrectly assumes authenticate would be called first.

Closed

Assignee:: Petr Adamec

Reporter:: Petr Adamec

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2021/07/14 12:08 PM

Updated:: 2021/11/02 9:13 PM

Resolved:: 2021/08/06 7:49 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates