Uploaded image for project: 'Seam 2'
  1. Seam 2
  2. JBSEAM-2558

HTTP BASIC authentication support is broken

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Duplicate Issue
    • Affects Version/s: 2.0.0.GA, 2.0.1.CR1, 2.0.1.CR2, 2.0.1.GA
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Environment:

      JBoss AS 4.2.2GA, Seam 2.0.0GA

      Description

      The class org.jboss.seam.web.AuthenticationFilter, which provides HTTP BASIC authentication support, throws exception and never performs the authentication.

      If the user access the site the first time and the page accessed is protected by HTTP BASIC authentication, a NPE will occur from the AuthenticationFilter.processBasicAuth() method.

      In addition, the AuthenticationFilter.processBasicAuth() method does not invoke the identity.authenticate() method to actually perform the authentication, although it parses the BASIC authentication headers properly.

      Please see the related forum post for detailed description of the problem and the proposed fixes.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  shane.bryzak Shane Bryzak
                  Reporter:
                  alllle Alan Feng
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: