Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8742

Elytron programmatic AuthenticationContext configuration doesn't work for naming client

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 11.0.0.Beta1
    • None
    • Naming, Security
    • None

      Naming client doesn't handle correctly the Elytron AuthenticationContext API.

      • if the API is used then authentication fails (SASL mech is not configured as expected) - it fails in both cases: wildfly-config.xml present or not. 
                AuthenticationContext.empty()
                .with(MatchRule.ALL, AuthenticationConfiguration.EMPTY.useDefaultProviders().allowSaslMechanisms("ANONYMOUS"))
                .run(() -> {
                    doLookup("http-remoting://127.0.0.1:8080");
                });
      • if the API is not used and wildfly-config.xml is present, then the client works correctly 
        doLookup("http-remoting://127.0.0.1:8080");

        <configuration>
	<authentication-client xmlns="urn:elytron:1.0">
		<authentication-rules>
			<rule use-configuration="authn" />
		</authentication-rules>
		<authentication-configurations>
			<configuration name="authn">
				<allow-sasl-mechanisms  names="ANONYMOUS"/>
				<use-service-loader-providers />
			</configuration>
		</authentication-configurations>
	</authentication-client>
</configuration>

      This blocks RFEs EAP7-567 and EAP7-284.

            dlloyd@redhat.com David Lloyd
            josef.cacek@gmail.com Josef Cacek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: