Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-11892

With Elytron the legacy RunAsLoginModule no longer works

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • Security
    • None
    • Hide

      Follow the ejb-security-jaas quickstart.
      Modify the standalone.xml file and add the following before the "UsersRoles" login-module:

      <login-module code="RunAs" flag="required">
    <module-option name="roleName" value="runAsTestUser"/>
</login-module>

      Restart the server in debug mode, and connect with the debugger.
      Set a breakpoint in SecurityContextAssociation.pushRunAsIdentity.
      Make a request to the secured servlet as instructed in the quickstart instructions.
      Step through, and you will see that the returned SecurityContext is null, so the setOutgoingRunAs method is never executed on the context.

      Show
      Follow the ejb-security-jaas quickstart . Modify the standalone.xml file and add the following before the "UsersRoles" login-module: <login-module code= "RunAs" flag= "required" > <module-option name= "roleName" value= "runAsTestUser" /> </login-module> Restart the server in debug mode, and connect with the debugger. Set a breakpoint in SecurityContextAssociation.pushRunAsIdentity. Make a request to the secured servlet as instructed in the quickstart instructions. Step through, and you will see that the returned SecurityContext is null, so the setOutgoingRunAs method is never executed on the context.
    • Migration

      When using the legacy jaas configuration, the RunAsLoginModule no longer works. While the module is invoked, there is no SecurityContext, so the login module cannot do any work and the temporary identity is never pushed on to the stack.

      It seems that previously, this line was responsible for setting up the security context. However, that action is no longer executed.

            istudens@redhat.com Ivo Studensky
            brianloss@gmail.com Brian Loss (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: