SecurityIdentityAssociation's identity not set by event fired from Undertow

[blxbrgld]

Hello,

our application performs authentication with the servlet spec (HttpSerlvletRequest.login) and we faced the following issue when we tried to upgrade from 1.10.3.Final to 1.11.2.Final:

by fixing issue/13835 SecurityIdentityAssociation does not observe SecurityIdentity events anymore (here), so the event fired by the UndertowDeploymentRecorder here never ends up setting the security identity.

I believe that the UndertowDeploymentRecorder does not need to fire the event anymore and instead it just has to set the SecurityIdentityAssociation's identity via CDI.

The proposed fix can be found here.

[ghost]

/cc @sberyozkin

[CurtisBaldwinson]

I'm not sure if it was a bug or not but I had a similar problem.

In my Filters class I injected the following SecurityIdentityAssociation:

    @Inject @RequestScoped
    SecurityIdentityAssociation delegateSecurityIdentityAssociation;

Then after grabbing the user information, I set the identity like so inside the @ServerRequestFilter:

                delegateSecurityIdentityAssociation.setIdentity(
                        new SecurityIdentity() {
                            @Override
                            public Principal getPrincipal() {
                                return response::toString;
                            }
... etc. etc. more methods to override

SecurityIdentity has a bunch of methods you'll need to override, which your IDE should help you generate.

[gsmet]

Has been fixed by #15005 .