Task #478
closed
Ignore disabled IdmAuthenticationFilter
100%
Description
If a module contains IdmAuthenticationFilter and we disable the module, the filter should not be checked during authentication flow.
Related issues
Updated by Alena Peterová over 7 years ago
- Related to Feature #360: OpenAM - authentication endpoint added
Updated by Alena Peterová over 7 years ago
- Subject changed from Remove disabled IdmAuthenticationFilter from chain to Ignore disabled IdmAuthenticationFilter
- Description updated (diff)
Updated by Radek Tomiška over 7 years ago
- Category set to Authentication / Authorization
- Assignee set to Jan Helbich
- Target version set to Diamond (7.4.0)
Updated by Jan Helbich over 7 years ago
- Status changed from New to Needs feedback
- Assignee changed from Jan Helbich to Radek Tomiška
- % Done changed from 0 to 90
Implemented in branch jhelbich/478, supporting test case is included, all tests are green.
Radek, can you make a code review, pls? I've done some changes to WebSecurityConfig I'm not really sure about. Thanks!
Updated by Radek Tomiška over 7 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Radek Tomiška to Jan Helbich
- % Done changed from 90 to 70
I did quick review. Checking disabled filters in bean constructor is not good solution - it will be not possible to enable / disable filters with enable / disable module on FE. See other places, where EnabledEvaluator is used (e.g. AbstractEntityEventProcessor#onApplicationEvent) and move check to other method (maybe AuthenticationFilter#doFilter).
Updated by Jan Helbich over 7 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Jan Helbich to Radek Tomiška
Fixed, Radek can you do code review again please?
Updated by Radek Tomiška over 7 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Radek Tomiška to Jan Helbich
- % Done changed from 70 to 100
Its ok now, thx! I merged it into develop.