Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-15009

Test Case for ELYWEB-133 - SecurityContextImpl.login incorrectly assumes authenticate would be called first.

    XMLWordPrintable

Details

    • Hide
      1. Run wildfly with standalone-full configuration
      2. Change configuration via cli ( example-web-app-elytron-config.cli)
      3. then after deploying the target/simple-webapp.war, the verification can be done as following:
      • access to protected page directly:
        Unable to find source-code formatter for language: java. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
        curl -i "http://localhost:8080/simple-webapp/main/"
        

      the login page should be back, this acts the same with and without the fix

      • access the protected page but the custom http handler will login:
        curl -i "http://localhost:8080/simple-webapp/main/?login=true"
        

      before the fix, you will get 500, and server will have UT010031: Login failed
      after the fix, you can see the protected page content.

      Show
      Run wildfly with standalone-full configuration Change configuration via cli ( example-web-app-elytron-config.cli) then after deploying the target/simple-webapp.war, the verification can be done as following: access to protected page directly: Unable to find source-code formatter for language: java. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml curl -i "http: //localhost:8080/simple-webapp/main/" the login page should be back, this acts the same with and without the fix access the protected page but the custom http handler will login: curl -i "http: //localhost:8080/simple-webapp/main/?login= true " before the fix, you will get 500, and server will have UT010031: Login failed after the fix, you can see the protected page content.

    Description

      The login method assumes the httpAuthenticator will have already been set:

          @Override
          public boolean login(String username, String password) {
              if (httpAuthenticator == null) {
                  log.trace("No HttpAuthenticator available for authentication.");
                  return false;
              }
      

      Instead we should adjust the code so the HttpAuthenticator will be created on demand for whichever method needs it first.

      Attachments

        Issue Links

          Activity

            People

              padamec@redhat.com Petr Adamec
              padamec@redhat.com Petr Adamec
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: