Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-11892

With Elytron the legacy RunAsLoginModule no longer works

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • None
    • Security
    • None
    • Hide

      Follow the ejb-security-jaas quickstart.
      Modify the standalone.xml file and add the following before the "UsersRoles" login-module:

      <login-module code="RunAs" flag="required">
    <module-option name="roleName" value="runAsTestUser"/>
</login-module>

      Restart the server in debug mode, and connect with the debugger.
      Set a breakpoint in SecurityContextAssociation.pushRunAsIdentity.
      Make a request to the secured servlet as instructed in the quickstart instructions.
      Step through, and you will see that the returned SecurityContext is null, so the setOutgoingRunAs method is never executed on the context.

      Show
      Follow the ejb-security-jaas quickstart . Modify the standalone.xml file and add the following before the "UsersRoles" login-module: <login-module code= "RunAs" flag= "required" > <module-option name= "roleName" value= "runAsTestUser" /> </login-module> Restart the server in debug mode, and connect with the debugger. Set a breakpoint in SecurityContextAssociation.pushRunAsIdentity. Make a request to the secured servlet as instructed in the quickstart instructions. Step through, and you will see that the returned SecurityContext is null, so the setOutgoingRunAs method is never executed on the context.
    • Migration

    Description

      When using the legacy jaas configuration, the RunAsLoginModule no longer works. While the module is invoked, there is no SecurityContext, so the login module cannot do any work and the temporary identity is never pushed on to the stack.

      It seems that previously, this line was responsible for setting up the security context. However, that action is no longer executed.

      Attachments

        Activity

          People

            istudens@redhat.com Ivo Studensky
            brianloss@gmail.com Brian Loss (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: