search

rieckpil / blog-tutorials

:star: Codebase for various tutorials about Java, Spring Boot, AWS, Kotlin, and Testing
https://rieckpil.de/
MIT License
772 stars 757 forks source link

inconsistent login behavior with jsf-simple-login-with-java-ee-security-api #1

Closed phillipross closed 5 years ago

phillipross commented 5 years ago

For some reason it seems the authentication status that is returned sometimes is SEND_CONTINUE and other times is SUCCESS. When SUCCESS is returned then the result is the welcome page... but when the status is SEND_CONTINUE then nothing happens and the result is the login page with no error message.

rieckpil commented 5 years ago

thanks for reporting the issue. Are you using the attached Dockerfile with Payara 5.183 or another application server?

phillipross commented 5 years ago

I'm using payara and attempting all kind of permutations. The Dockerfile doesn't work at this point because of changes they've made to the Dockerfile in recent months. I was able to adapt to use the new Dockerfile but the same problem occurs. I also tried deploying into a standalone payara-full instance and it behaves the same way. tried with v5.184 and 5.182. I'm working today to try with payara 5.181 and 4.181 (the later needs some changes to the code or pom.xml file)... but at this point I'm thinking this may be a bug in payara or soteria.

phillipross commented 5 years ago

OK, I tested payara 5.181 and it behaves the same as 5.182 and 5.184. I didn't try 4.181 yet since it requires some code changes to downgrade to JEE7 (there are some CDI and Validation differences).

Oddly, I get some slightly different behaviors depending on whether I'm using Chrome or Firefox (both on MacOS)

With Chrome... the first login attempt fails with securityContext.authenticate returning a SEND_CONTINUE code, and then returns SUCCESS immediately attempting to login again. After logging out... attempting to login has the same results... first attempt SEND_CONTINUE and second gets SUCCESS

With Firefox, it's slightly different. The first login attempt fails with SEND_CONTINUE and then returns SUCCESS when trying to login again. After logging in... a logout with Firefox successfully logs out, but then subsequent login attempts always return SUCCEED.

Unless you have something else I can try, I think it might be best to see if you can duplicate the behavior I'm seeing and then we can log an issue with payara and see if they can figure out if it's a bug or something.

rieckpil commented 5 years ago

Do you have any updates on this?

phillipross commented 5 years ago

Apologies, I forgot to close this out when I resolved the problem on my side.

I actually tracked down the problem to a combination of things that I can't remember precisely at this point. It had to do with the fact that chrome was caching something and since I was testing many things using the localhost name... chrome's cached cookies or something were interfering. I spent hours tracking down the problem, realized what it was, and by the time i was able to create a reproducer, there was a google update and the problem went away 🤣

rieckpil commented 5 years ago

oh okay 😆 But thanks for the update and the hint with the possible caching issue. I'll close this one now 👍