javaee7-samples icon indicating copy to clipboard operation
javaee7-samples copied to clipboard

Published 20 hours ago verified publisher icon javaee-samples

JASPIC ServerAuthModule and ServerAuthContext spec compliance fixes

Open stoty opened this issue 8 years ago • 1 comments

This contains two sets of fixes:

  • The SAMs no longer return SUCCESS with emtpy principals for mandatory authentication
  • The ServerAuthContext sets up two SAM module instances to satisfy the spec requirement that the mandatory flag can be accessed from the requestPolicy

The first fix is important, as currently the tests fail to return proper http status codes for unathenticated protected resources on multiple app servers.

The second fix is just for complying with the letter of the spec, as the requestPolicy is not actually used in any of the current tests.

stoty avatar Jan 05 '17 22:01 stoty

I've glanced over the PR and it looks good at first sight, but I'm very busy now with JSF 2.3 (final day before it closes). But haven't forgotten about this PR ;) Will look at it soon in more detail.

Thanks for now!

arjantijms avatar Jan 11 '17 18:01 arjantijms