3 Replies Latest reply on Mar 15, 2018 7:52 AM by Stanislav Grushevskiy

    WildFly - Elytron - Programmatic login

    Stanislav Grushevskiy Newbie

      If Elytron security domain (in WildFly 11, default "standalone.xml") is used for programmatic login, cookie "JSESSIONID" is not set in response. So following requests are sent without "JSESSIONID".

       

      @Path("login")

      public class LoginService {

       

          @Context

          private HttpServletRequest request;

       

          @POST

          public void login(LoginForm form) throws ServletException {

              request.login(form.getLogin(), form.getPassword());

          }

      }

       

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-web>

          <security-domain>application-security-domain</security-domain>

      </jboss-web>

       

      If I add manual interaction with Session in login method, "JSESSIONID" is set.

      OR

      If I delete "jboss-web.xml" and default old "ApplicationRealm" is used, "JSESSIONID" is set.

       

      "JSESSIONID" is set in WildFly 10.0.0.Final and in 10.1.0.Final, because there is no Elytron there and "ApplicationRealm" is used.

       

      Test project is attached, create application user (add-user.sh) with username "wildfly" and password "wildfly".

      Run "mvn wildfly:deploy".

      Go to http://localhost:8080/test/test.html and press "Login" button and then "Check Auth".

       

      In this project you can uncomment code below (//   uncomment the row below to get it working with elytron) to add session interaction or comment code below (<!-- comment the row below to use default ApplicationRealm from old security system, not elytron -->) to use old "ApplicationRealm".