Task #478
closed
Ignore disabled IdmAuthenticationFilter
Added by Alena Peterová over 7 years ago.
Updated over 7 years ago.
Category:
Authentication / Authorization
Description
If a module contains IdmAuthenticationFilter and we disable the module, the filter should not be checked during authentication flow.
- Related to Feature #360: OpenAM - authentication endpoint added
- Subject changed from Remove disabled IdmAuthenticationFilter from chain to Ignore disabled IdmAuthenticationFilter
- Description updated (diff)
- Category set to Authentication / Authorization
- Assignee set to Jan Helbich
- Target version set to Diamond (7.4.0)
- Status changed from New to Needs feedback
- Assignee changed from Jan Helbich to Radek Tomiška
- % Done changed from 0 to 90
Implemented in branch jhelbich/478, supporting test case is included, all tests are green.
Radek, can you make a code review, pls? I've done some changes to WebSecurityConfig I'm not really sure about. Thanks!
- Status changed from Needs feedback to In Progress
- Assignee changed from Radek Tomiška to Jan Helbich
- % Done changed from 90 to 70
I did quick review. Checking disabled filters in bean constructor is not good solution - it will be not possible to enable / disable filters with enable / disable module on FE. See other places, where EnabledEvaluator is used (e.g. AbstractEntityEventProcessor#onApplicationEvent) and move check to other method (maybe AuthenticationFilter#doFilter).
- Status changed from In Progress to Needs feedback
- Assignee changed from Jan Helbich to Radek Tomiška
Fixed, Radek can you do code review again please?
- Status changed from Needs feedback to Closed
- Assignee changed from Radek Tomiška to Jan Helbich
- % Done changed from 70 to 100
Its ok now, thx! I merged it into develop.
Also available in: Atom
PDF
