Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-15009

Test Case for ELYWEB-133 - SecurityContextImpl.login incorrectly assumes authenticate would be called first.

    XMLWordPrintable

Details

    • Hide
      1. Run wildfly with standalone-full configuration
      2. Change configuration via cli ( example-web-app-elytron-config.cli)
      3. then after deploying the target/simple-webapp.war, the verification can be done as following:
      • access to protected page directly:
        Unable to find source-code formatter for language: java. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
        curl -i "http://localhost:8080/simple-webapp/main/"

      the login page should be back, this acts the same with and without the fix

      • access the protected page but the custom http handler will login: 
        curl -i "http://localhost:8080/simple-webapp/main/?login=true"

      before the fix, you will get 500, and server will have UT010031: Login failed
      after the fix, you can see the protected page content.

      Show
      Run wildfly with standalone-full configuration Change configuration via cli ( example-web-app-elytron-config.cli) then after deploying the target/simple-webapp.war, the verification can be done as following: access to protected page directly: Unable to find source-code formatter for language: java. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml curl -i "http: //localhost:8080/simple-webapp/main/" the login page should be back, this acts the same with and without the fix access the protected page but the custom http handler will login: curl -i "http: //localhost:8080/simple-webapp/main/?login= true " before the fix, you will get 500, and server will have UT010031: Login failed after the fix, you can see the protected page content.
    • Undefined

    Description

      The login method assumes the httpAuthenticator will have already been set:

          @Override
    public boolean login(String username, String password) {
        if (httpAuthenticator == null) {
            log.trace("No HttpAuthenticator available for authentication.");
            return false;
        }

      Instead we should adjust the code so the HttpAuthenticator will be created on demand for whichever method needs it first.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-22560 (7.4.z) WFLY-15009 - Test Case for ELYWEB-133 - SecurityContextImpl.login incorrectly assumes authenticate would be called first.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. ELYWEB-133 SecurityContextImpl.login incorrectly assumes authenticate would be called first.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              padamec@redhat.com Petr Adamec
              padamec@redhat.com Petr Adamec
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: