-
Bug
-
Resolution: Done
-
Critical
-
25.0.0.Final
-
None
-
User Experience
We noticed the error while upgrading to Wildfly 25. Wildfly 24.0.1 works fine.
Basically all request with basic auth that are sent to our deployed WARs are answered by Wildfly with "<html><head><title>Error</title></head><body>Unauthorized</body></html>; status code 401". The request don't even reach our code as we have seen in our logging.
This also breaks some of our WARs - which manage (Basic) Authentifcation in the application themselfs - completely.
I also read the release notes of Wildfly 25 and couldn't find anything that hints this behavior in the first place (note that some notes in https://www.wildfly.org/news/2021/10/05/WildFly25-Final-Released/ point to the old doc of Wildfly 24).
Steps to reproduce
Deploy any WAR that exposes some kind of web-endpoint and send a request with Basic auth.
Example how to reproduce it with docker:
- Execute docker run --rm -it -p 8080:8080 -p 9990:9990 jboss/wildfly:25.0.0.Final sh
- Create an user (admin; password=admin) using wildfly/bin/add-user.sh admin admin
- Start the server wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0
- Open the browser at http://localhost:9990
- Login using admin admin
- Download/Deploy a war file with a web-endpoint, e.g. this [sample war from Tomcat](https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/)
- Try to access the page with Basic auth, e.g. with curl -u admin:admin http://localhost:8080/sample/
→ Returns <html><head><title>Error</title></head><body>Unauthorized</body></html> and status code 401
Expected:
As no authentication was configured the page it should return the same when called with or without basic auth. (like it was in Wildfly 24.0.1)
- is caused by
-
ELYWEB-155 Don't override the deployment's authentication mechanisms when overrideDeploymentConfig is false and the loginConfig is null
- Resolved
- is incorporated by
-
WFCORE-5677 Upgrade Elytron Web to 1.10.0.Final
- Closed