[Bug 59823] New: HttpServletRequest#authenticate does not invoke JASPIC SAM

bugzilla Thu, 07 Jul 2016 10:13:00 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=59823


            Bug ID: 59823
           Summary: HttpServletRequest#authenticate does not invoke JASPIC
                    SAM
           Product: Tomcat 9
           Version: 9.0.0.M8
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: [email protected]
          Reporter: [email protected]

When a JASPIC SAM is (programmatically) installed and subsequently
HttpServletRequest#authenticate() is called the SAM is not actually being
invoked.

According to 3.9.3 of the JASPIC 1.1 spec the SAM should be invoked.

I added a new test to the Java EE 7 samples project for this:
https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/programmatic-authentication

To reproduce:

* Deploy .war in submodule to Tomcat 9.0.0.M8
* Request
http://localhost:8080/jaspic-programmatic-authentication/public/authenticate

The result is:

This is a public servlet 
before web username: null
before web user has role "architect": false
request.authenticate outcome: false
after web username: null
after web user has role "architect": false

But should be:

This is a public servlet 
before web username: null
before web user has role "architect": false
request.authenticate outcome: true
after web username: test
after web user has role "architect": true

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 59823] New: HttpServletRequest#authenticate does not invoke JASPIC SAM

Reply via email to