Custom Authenticator valve not working in EAP 6.0 - the authenticate() method is not called

Solution Verified - Updated -

Issue

  • A simple Authenticator valve that always returns true was deployed with our application to test custom authenticator valves with EAP 6
  • In the logs we see:
15:53:07,470 INFO  [org.apache.tomcat.util.http.Cookies] (http-localhost/127.0.0.1:8180-1) Cookies: Invalid cookie. Value not a token or quoted value
15:53:07,492 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8180-1) Security checking request GET /restrict
15:53:07,493 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8180-1)  Calling hasUserDataPermission()
15:53:07,493 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8180-1)  Calling authenticate()
15:53:07,499 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-localhost/127.0.0.1:8180-1) Save request in session 'm8hJWMy2KsQSpNQiebFFoLyh'
15:53:11,146 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8180-1)  Failed authenticate() test
15:53:11,149 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost/127.0.0.1:8180-1) Setting threadlocal:null

1) the test's authenticate() always returns true
2) org.apache.catalina.authenticator.FormAuthenticator is seen in the logs. My class extends this class, but does not call
out to super(). So the conclusion is that our authenticate() is not called.

Environment

  • JBoss Enterprise Application Platform (EAP) 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content