Programmatic Login - JAAS - WildFly 36
51 views
Skip to first unread message
Maycon Fábio de Oliveira
Jun 14, 2025, 9:38:32 AM6/14/25
to WildFly
Hi there,
I'm migrating my application from WildFly 20 to 36, and I'm currently stuck with programmatic login.
I'm using JAAS, and I rely on the user principal concept solely to store the actual database schema that the user will use. When the user opens the application, I extract the URL and create a user principal in a @WebFilter:
However, on WildFly 36, I get the following exception during the second login():
java.lang.NullPointerException: Cannot invoke "io.undertow.server.session.Session.changeSessionId(io.undertow.server.HttpServerExchange, io.undertow.server.session.SessionConfig)" because "session" is null
at org.wildfly.elytron.web.undertow.server.servlet.ElytronHttpServletExchange$3.changeID(ElytronHttpServletExchange.java:294)
I was able to work around this by modifying the method as follows:
request.logout();
HttpSession oldSession = request.getSession(false);
if (oldSession != null) {
oldSession.invalidate();
}
request.login(desSchema, "authenticated");
// This didn't seem to make any difference
request.getSession(true);
// At this point, the session seems fine
This seems to work, and the application logs in successfully. However, when I click on something afterward, I notice the session is empty, and the filter redirects the user to the login page again.
What am I missing?
Does Elytron require any additional configuration or steps for this to work properly?
I'm migrating my application from WildFly 20 to 36, and I'm currently stuck with programmatic login.
I'm using JAAS, and I rely on the user principal concept solely to store the actual database schema that the user will use. When the user opens the application, I extract the URL and create a user principal in a @WebFilter:
String desSchema = SchemaUtil.identifySchema(host);
hrequest.getSession();
hrequest.login(desSchema, "not-authenticated");
Then, once the user enters their credentials, I attempt to change the role like this:
request.logout();
request.login(desSchema, "authenticated");
hrequest.getSession();
hrequest.login(desSchema, "not-authenticated");
Then, once the user enters their credentials, I attempt to change the role like this:
request.logout();
request.login(desSchema, "authenticated");
However, on WildFly 36, I get the following exception during the second login():
java.lang.NullPointerException: Cannot invoke "io.undertow.server.session.Session.changeSessionId(io.undertow.server.HttpServerExchange, io.undertow.server.session.SessionConfig)" because "session" is null
at org.wildfly.elytron.web.undertow.server.servlet.ElytronHttpServletExchange$3.changeID(ElytronHttpServletExchange.java:294)
I was able to work around this by modifying the method as follows:
request.logout();
HttpSession oldSession = request.getSession(false);
if (oldSession != null) {
oldSession.invalidate();
}
request.login(desSchema, "authenticated");
// This didn't seem to make any difference
request.getSession(true);
// At this point, the session seems fine
This seems to work, and the application logs in successfully. However, when I click on something afterward, I notice the session is empty, and the filter redirects the user to the login page again.
What am I missing?
Does Elytron require any additional configuration or steps for this to work properly?
Thanks
Reply all
Reply to author
Forward
0 new messages