Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-9561

HttpServletRequest.login(username, password) not creating HttpSession if it doesn't already exist. (Elytron)

    Details

    • Workaround Description:
      Hide

      Before calling login call getSession(true) to ensure a session is created and available.

      Show
      Before calling login call getSession(true) to ensure a session is created and available.

      Description

      If Elytron security domain (in WildFly 11, default "standalone.xml") is used for programmatic login, cookie "JSESSIONID" is not set in response. So following requests are sent without "JSESSIONID".

      @Path("login")

      public class LoginService {

      @Context
      private HttpServletRequest request;

      @POST
      public void login(LoginForm form) throws ServletException

      { request.login(form.getLogin(), form.getPassword()); }

      }

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
      <security-domain>application-security-domain</security-domain>
      </jboss-web>

      If I add manual interaction with Session in login method, "JSESSIONID" is set.
      OR
      If I delete "jboss-web.xml" and default old "ApplicationRealm" is used, "JSESSIONID" is set.

      "JSESSIONID" is set in WildFly 10.0.0.Final and in 10.1.0.Final, because there is no Elytron there and "ApplicationRealm" is used.

      Test project is attached, create application user (add-user.sh) with username "wildfly" and password "wildfly".
      Run "mvn wildfly:deploy".
      Go to http://localhost:8080/test/test.html and press "Login" button and then "Check Auth".

      In this project you can uncomment code below (// uncomment the row below to get it working with elytron) to add session interaction or comment code below (<!-- comment the row below to use default ApplicationRealm from old security system, not elytron -->) to use old "ApplicationRealm".

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                dlofthouse Darran Lofthouse
                Reporter:
                stanislav1125 Stanislav Grushevskiy
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: