javaresteasywildfly-8jaspic

Wildfly 8.1.0 Final / JASPIC: ServerAuthModule.validateRequest() not being called when invoking HttpServletRequest.authenticate()


I am migrating a Glassfish app to Wildfly 8. In Glassfish I was using Jersey, and in Wildfly I am using RESTeasy. I have run into a bit of a problem with the JASPIC implementation in WildFly.

In both containers, the SAM (ServerAuthModule) is being invoked at the start of the request to allow prior auth to be verified.

In Wildfly, my SAM is not being invoked after a call to HttpServletRequest.authenticate(). In Glassfish this worked as expected and re-invoked the SAM. Is there anything special I have to do to make Wildfly invoke the SAM a second time during a request or is this functionality just broken in Wildfly?


Solution

  • It's a bug in WildFly. See https://issues.jboss.org/browse/UNDERTOW-263

    There's a workaround available here: http://jdevelopment.nl/experiences-migrating-jboss-7-wildfly-81

    It comes down to having to install your own Undertow handler that resets some state.