Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-15859

Re-authentication after reboot, even though HttpSession are persisted

    XMLWordPrintable

Details

    • Hide

      Run add-user command inside bin folder to add an application user.
      Run wildfly with the provided standalone-full-text.xml.
      Deploy the provided ee-security.war.
      Make a get request to http://localhost:8080/ee-security/secured (via browser or curl) and specify X-Username and X-Password headers with the previously chosen values.
      A JSESSIONID is returned and can be used instead of X-Username and X-Password to stay logged in.
      If you reboot the application server the JSESSIONID is no more valid and you need to login again.

      The war is built from this official example :
      https://github.com/wildfly/quickstart/tree/main/ee-security
      But it has been modified to have @AutoApplySession annotation on the TestAuthenticationMechanism.
      Anyway I also attached the source.

      This issue affects both HA and non HA profiles.

      In the provided standalone.xml HttpSessions are persisted via jdbc-store using an h2 file datasource.
      I also reproduced the issue with mysql datasources.

      I don't know what broke this, but for sure this worked previously on Wildfly 21 using old pickebox/legacy security subsystem.

      Show
      Run add-user command inside bin folder to add an application user. Run wildfly with the provided standalone-full-text.xml. Deploy the provided ee-security.war. Make a get request to http://localhost:8080/ee-security/secured (via browser or curl) and specify X-Username and X-Password headers with the previously chosen values. A JSESSIONID is returned and can be used instead of X-Username and X-Password to stay logged in. If you reboot the application server the JSESSIONID is no more valid and you need to login again. The war is built from this official example : https://github.com/wildfly/quickstart/tree/main/ee-security But it has been modified to have @AutoApplySession annotation on the TestAuthenticationMechanism. Anyway I also attached the source. This issue affects both HA and non HA profiles. In the provided standalone.xml HttpSessions are persisted via jdbc-store using an h2 file datasource. I also reproduced the issue with mysql datasources. I don't know what broke this, but for sure this worked previously on Wildfly 21 using old pickebox/legacy security subsystem.

    Description

      Persisted sessions via jdbc-store are lost after reboot.

      Session is not lost, but user is forced to reauthenticate, even though @AutoApplySession was used.

      Attachments

        1. standalone-full-test-1.xml
          32 kB
        2. standalone-full-test.xml
          32 kB
        3. standalone-full-ha-test.xml
          37 kB
        4. ee-security-distributable.zip
          48 kB
        5. ee-security-1.war
          10 kB
        6. ee-security.zip
          47 kB
        7. ee-security.war
          9 kB

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. ELY-2413 Re-authentication after reboot, even though HttpSession are persisted

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. ELYEE-27 Re-authentication after reboot, even though HttpSession are persisted

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is blocked by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFLY-16761 Upgrade elytron-web to 3.0.0.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Release - A container task to coordinate the tasks for a given release. ELYWEB-189 Re-authentication after reboot, even though HttpSession are persisted

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          relates to

          Bug - A problem that impairs or prevents the functions of the product. ELY-1627 Clustered SSO does not work in simple test case

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-15206 [GSS] (7.4.z) Clustered SSO does not work in simple test case

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              pferraro@redhat.com Paul Ferraro
              alessandro.moscatelli@live.com Alessandro Moscatelli (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: