Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8742

Elytron programmatic AuthenticationContext configuration doesn't work for naming client

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 11.0.0.Beta1
    • None
    • Naming, Security
    • None

      Naming client doesn't handle correctly the Elytron AuthenticationContext API.

      • if the API is used then authentication fails (SASL mech is not configured as expected) - it fails in both cases: wildfly-config.xml present or not.
                AuthenticationContext.empty()
                        .with(MatchRule.ALL, AuthenticationConfiguration.EMPTY.useDefaultProviders().allowSaslMechanisms("ANONYMOUS"))
                        .run(() -> {
                            doLookup("http-remoting://127.0.0.1:8080");
                        });
        
      • if the API is not used and wildfly-config.xml is present, then the client works correctly
        doLookup("http-remoting://127.0.0.1:8080");
        
        <configuration>
        	<authentication-client xmlns="urn:elytron:1.0">
        		<authentication-rules>
        			<rule use-configuration="authn" />
        		</authentication-rules>
        		<authentication-configurations>
        			<configuration name="authn">
        				<allow-sasl-mechanisms  names="ANONYMOUS"/>
        				<use-service-loader-providers />
        			</configuration>
        		</authentication-configurations>
        	</authentication-client>
        </configuration>
        

      This blocks RFEs EAP7-567 and EAP7-284.

              dlloyd@redhat.com David Lloyd
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: