Uploaded image for project: 'Elytron Web'
  1. Elytron Web
  2. ELYWEB-8

constraint drive authentication method in undertow doesn't work with elytron

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 1.0.2.Final, 1.2.1.Final
    • 1.1.0.Final, 1.2.0.Final
    • None
    • None
    • Hide

      1) Enable Elytron in EAP with "bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli"
      2) Setup constraint drive authentication:
      bin/jboss-cli.sh --connect "/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)"
      3) Deploy any test application without any authentication constraints. I used "helloworld" quickstart, but any unsecured resource will work
      4) Try to access the URL with basic auth:
      curl -u foo:bar http://localhost:8080/jboss-helloworld/ -v
      Note the user here is invalid.

      This will give a 401 HTTP response. However, with constraint driven authentication this should give the page.

      Show
      1) Enable Elytron in EAP with "bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli" 2) Setup constraint drive authentication: bin/jboss-cli.sh --connect "/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)" 3) Deploy any test application without any authentication constraints. I used "helloworld" quickstart, but any unsecured resource will work 4) Try to access the URL with basic auth: curl -u foo:bar http://localhost:8080/jboss-helloworld/ -v Note the user here is invalid. This will give a 401 HTTP response. However, with constraint driven authentication this should give the page.
    • Hide

      Don't use Elytron.

      Show
      Don't use Elytron.

    Description

      When elytron is enabled constraint driven authentication method (i.e. proactive-authentication=false) has no effect.

      If you try to request an unsecured page sending in an invalid user with basic authentication, you should get the page returned with constraint drive authentication and a 401 with proactive authentication. This is what happens without Elytron enabled. But if you enable Elytron it gives a 401 in both cases.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-15054 [GSS](7.1.z) [ELY] constraint drive authentication method in undertow doesn't work with elytron

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-16384 (7.2.z) [ELYWEB-8] Adding Undertow Constant-Driven authentication mode

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              spyrkob Bartosz Spyrko-Smietanko
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: