https://bz.apache.org/bugzilla/show_bug.cgi?id=59823
Bug ID: 59823
Summary: HttpServletRequest#authenticate does not invoke JASPIC
SAM
Product: Tomcat 9
Version: 9.0.0.M8
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: arjan.ti...@gmail.com
When a JASPIC SAM is (programmatically) installed and subsequently
HttpServletRequest#authenticate() is called the SAM is not actually being
invoked.
According to 3.9.3 of the JASPIC 1.1 spec the SAM should be invoked.
I added a new test to the Java EE 7 samples project for this:
https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/programmatic-authentication
To reproduce:
* Deploy .war in submodule to Tomcat 9.0.0.M8
* Request
http://localhost:8080/jaspic-programmatic-authentication/public/authenticate
The result is:
This is a public servlet
before web username: null
before web user has role "architect": false
request.authenticate outcome: false
after web username: null
after web user has role "architect": false
But should be:
This is a public servlet
before web username: null
before web user has role "architect": false
request.authenticate outcome: true
after web username: test
after web user has role "architect": true
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
