How to configure form based authentication with WildFly 26

[Madhava Alampally]

Hi Team, 

Earlier WildFly 19 version, we configured "io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism" for form based authentication and it's used to work as expected.

Now we are upgrading to latest version WildFly 26.1.1

As part of this activity, we started using "org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism"

Our Application deployed as expected and we are getting the login page as expected. 

Once the username and password is provided, call is coming to "UsernamePasswordAuthenticationMechanism::authenticate" as expected.

However, we are not landing to the application home page after login. we are getting error "This page isn’t working

Any help in this regard is greatly appreciated as we are heading towards the release and it's blocking us to move forward. 

Our configuration is:

Web.xml

Step 1:

<login-config>
        <auth-method>custom-mechanism</auth-method>
        <realm-name>itpam</realm-name>
        <form-login-config>
            <form-login-page>/LoginForm.jsp</form-login-page>
            <form-error-page>/LoginError.jsp</form-error-page>
          </form-login-config>
    </login-config>

Step 2:

public class CustomMechanismFactory implements HttpServerAuthenticationMechanismFactory {

...

@Override
    public HttpServerAuthenticationMechanism createAuthenticationMechanism(String name, Map<String, ?> properties,
            CallbackHandler handler) throws HttpAuthenticationException {
        if (CUSTOM_NAME.equals(name)) {
            return new C2OFormAuthenticationMechanism(handler, properties);
        }

        return null;
    }

}

"

Step 3: 

C2OFormAuthenticationMechanism implements the UsernamePasswordAuthenticationMechanism

Step 4:

standalone-full-ha.xml changes

<http>

.....

<http-authentication-factory name="custom-mechanism" security-domain="EEM" http-server-mechanism-factory="custom-factory">
                    <mechanism-configuration>
                        <mechanism mechanism-name="custom-mechanism"/>
                    </mechanism-configuration>
                </http-authentication-factory>

</http>

For elytron subsystem

<http-authentication-factory name="custom-mechanism" security-domain="EEM" http-server-mechanism-factory="custom-factory">
                    <mechanism-configuration>
                        <mechanism mechanism-name="custom-mechanism"/>
                    </mechanism-configuration>
                </http-authentication-factory>

Thanks & Regards,

Madhava

[Farah Juma]

This blog post might help:

http://darranl.blogspot.com/2018/02/wildfly-elytron-implementing-custom.html

There's also a similar example here:

https://github.com/wildfly/quickstart/tree/main/http-custom-mechanism

[Madhava Alampally]

Thank you so much. I'll give it a try and update you.

--
You received this message because you are subscribed to a topic in the Google Groups "WildFly" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wildfly/2_3P4suWwBg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/fbde72f4-a8b7-4ac1-98e8-9f35147ef112n%40googlegroups.com.

This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.

[Madhava Alampally]

Hi Farah,

Thank you so much for your response  on this. I resumed working on WildFly tasks and tried with this sample. 

When I the root context URL, I'm getting the HTTP 200 OK response which is good. 

curl -v http://localhost:8080/http-custom-mechanism-webapp/ -H "X-USERNAME:wildpamadmin" -H "X-PASSWORD:wildpamadmin"

When I tried to access the secured servlet using the following URL, I getting the "HTTP/1.1 404 Not Found"

curl -v http://localhost:8080/http-custom-mechanism-webapp/secured/ -H "X-USERNAME:wildpamadmin" -H "X-PASSWORD:wildpamadmin"

After debug, i see it's completed authentication and authorisation but after that it's not making call to secured servlet. 

Full Responce is:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /http-custom-mechanism-webapp/secured/ HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.83.1
> Accept: */*
> X-USERNAME:wildpamadmin
> X-PASSWORD:wildpamadmin
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Connection: keep-alive
< Content-Type: text/html;charset=UTF-8
< Content-Length: 68
< Date: Wed, 21 Jun 2023 05:12:23 GMT
<
<html><head><title>Error</title></head><body>Not Found</body></html>* Connection #0 to host localhost left intact

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Also, Can you please let me know the sample working example git url for "
      org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism"

Thanks & Regards

Madhava

[Madhava Alampally]

It worked when I tried with WildFly 28 + Java 11. So please ignore the above post.