Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-18889

org.wildfly.security.http.oidc.OidcRequestAuthenticator#loginRedirect() does not check for ajax request

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Won't Do
    • Major
    • None
    • None
    • JSF, Security
    • None
    • ---
    • ---

    Description

      Would it be possible and make sense that <partial-response><redirect url=...  is returned insted of 302 on ajax calls?

      I used Intellij Profiler to capture what happens when session expire and ajax button is clicked on JSF page.

      Included file jar_2024_01_06_110618.jfr contains stacktrace where this happens.

      I created similar ticket (https://issues.redhat.com/browse/WFLY-17900) but no one provided any response. Except that it is hard 
      to reproduce. 

      Please provide me a simple Keycloak instance and I will send you minimal application to reproduce the issue. Keycloak does not
      need external database or https, it can be run in DEV mode.

       

      link to code

      Attachments

        Issue Links

          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. WFLY-17900 Ajax call is redirected to keycloak page instead of returning patrial-response redirect first

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              jaslee@redhat.com Jason Lee
              janez.puntar Janez Puntar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: