quarkusio · sberyozkin · Nov 10, 2021 · Nov 10, 2021
diff --git a/...security-ldap/deployment/src/test/java/io/quarkus/elytron/security/ldap/FormAuthTest.java b/...security-ldap/deployment/src/test/java/io/quarkus/elytron/security/ldap/FormAuthTest.java
@@ -0,0 +1,30 @@
+package io.quarkus.elytron.security.ldap;
+
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.restassured.RestAssured;
+import io.restassured.authentication.FormAuthConfig;
+import io.restassured.specification.RequestSpecification;
+
+public class FormAuthTest extends LdapSecurityRealmTest {
+
+    @RegisterExtension
+    static final QuarkusUnitTest config = new QuarkusUnitTest()
+            .withApplicationRoot((jar) -> jar
+                    .addClasses(testClasses)
+                    .addAsResource("form-auth/application.properties", "application.properties"));
+
+    @Override
+    protected RequestSpecification setupAuth(String username, String password) {
+        return RestAssured.given()
+                .auth()
+                .form(username, password,
+                        new FormAuthConfig("j_security_check", "j_username", "j_password")
+                                .withLoggingEnabled());
+    }
+
+    protected int getAuthFailureStatusCode() {
+        return 302;
+    }
+}
diff --git a/...ldap/deployment/src/test/java/io/quarkus/elytron/security/ldap/LdapSecurityRealmTest.java b/...ldap/deployment/src/test/java/io/quarkus/elytron/security/ldap/LdapSecurityRealmTest.java
@@ -12,6 +12,7 @@
 import io.quarkus.test.common.QuarkusTestResource;
 import io.quarkus.test.ldap.LdapServerTestResource;
 import io.restassured.RestAssured;
+import io.restassured.specification.RequestSpecification;
 
 /**
  * Tests of BASIC authentication mechanism with the minimal config required
@@ -28,46 +29,56 @@ public abstract class LdapSecurityRealmTest {
     // Basic @ServletSecurity tests
     @Test()
     public void testSecureAccessFailure() {
-        RestAssured.when().get("/servlet-secured").then()
-                .statusCode(401);
+        RestAssured.given().redirects().follow(false).get("/servlet-secured").then()
+                .statusCode(getAuthFailureStatusCode());
+    }
+
+    protected int getAuthFailureStatusCode() {
+        return 401;
     }
 
     @Test()
     public void testNotSearchingRecursiveFailure() {
-        RestAssured.given().auth().preemptive().basic("subUser", "subUserPassword")
-                .when().get("/servlet-secured").then()
-                .statusCode(401);
+        setupAuth("subUser", "subUserPassword")
+                .when().redirects().follow(false).get("/servlet-secured").then()
+                .statusCode(getAuthFailureStatusCode());
     }
 
     @Test()
     public void testSecureRoleFailure() {
-        RestAssured.given().auth().preemptive().basic("noRoleUser", "noRoleUserPassword")
+        setupAuth("noRoleUser", "noRoleUserPassword")
                 .when().get("/servlet-secured").then()
                 .statusCode(403);
     }
 
     @Test()
     public void testSecureAccessSuccess() {
-        RestAssured.given().auth().preemptive().basic("standardUser", "standardUserPassword")
-                .when().get("/servlet-secured").then()
+        String username = "standardUser";
+        String password = "standardUserPassword";
+        RequestSpecification requestSpec = setupAuth(username, password);
+        requestSpec.when().get("/servlet-secured").then()
                 .statusCode(200);
     }
 
+    protected RequestSpecification setupAuth(String username, String password) {
+        return RestAssured.given().auth().preemptive().basic(username, password);
+    }
+
     /**
      * Test access a secured jaxrs resource without any authentication. should see 401 error code.
      */
     @Test
     public void testJaxrsGetFailure() {
-        RestAssured.when().get("/jaxrs-secured/roles-class").then()
-                .statusCode(401);
+        RestAssured.given().redirects().follow(false).get("/jaxrs-secured/roles-class").then()
+                .statusCode(getAuthFailureStatusCode());
     }
 
     /**
      * Test access a secured jaxrs resource with authentication, but no authorization. should see 403 error code.
      */
     @Test
     public void testJaxrsGetRoleFailure() {
-        RestAssured.given().auth().preemptive().basic("noRoleUser", "noRoleUserPassword")
+        setupAuth("noRoleUser", "noRoleUserPassword")
                 .when().get("/jaxrs-secured/roles-class").then()
                 .statusCode(403);
     }
@@ -77,7 +88,7 @@ public void testJaxrsGetRoleFailure() {
      */
     @Test
     public void testJaxrsGetRoleSuccess() {
-        RestAssured.given().auth().preemptive().basic("standardUser", "standardUserPassword")
+        setupAuth("standardUser", "standardUserPassword")
                 .when().get("/jaxrs-secured/roles-class").then()
                 .statusCode(200);
     }
@@ -87,14 +98,14 @@ public void testJaxrsGetRoleSuccess() {
      */
     @Test
     public void testJaxrsPathAdminRoleSuccess() {
-        RestAssured.given().auth().preemptive().basic("adminUser", "adminUserPassword")
+        setupAuth("adminUser", "adminUserPassword")
                 .when().get("/jaxrs-secured/parameterized-paths/my/banking/admin").then()
                 .statusCode(200);
     }
 
     @Test
     public void testJaxrsPathAdminRoleFailure() {
-        RestAssured.given().auth().preemptive().basic("standardUser", "standardUserPassword")
+        setupAuth("standardUser", "standardUserPassword")
                 .when().get("/jaxrs-secured/parameterized-paths/my/banking/admin").then()
                 .statusCode(403);
     }
@@ -104,7 +115,7 @@ public void testJaxrsPathAdminRoleFailure() {
      */
     @Test
     public void testJaxrsPathUserRoleSuccess() {
-        RestAssured.given().auth().preemptive().basic("standardUser", "standardUserPassword")
+        setupAuth("standardUser", "standardUserPassword")
                 .when().get("/jaxrs-secured/parameterized-paths/my/banking/view").then()
                 .statusCode(200);
     }
@@ -114,15 +125,15 @@ public void testJaxrsPathUserRoleSuccess() {
      */
     @Test
     public void testJaxrsUserRoleSuccess() {
-        RestAssured.given().auth().preemptive().basic("standardUser", "standardUserPassword")
+        setupAuth("standardUser", "standardUserPassword")
                 .when().get("/jaxrs-secured/subject/secured").then()
                 .statusCode(200)
                 .body(equalTo("standardUser"));
     }
 
     @Test
     public void testJaxrsInjectedPrincipalSuccess() {
-        RestAssured.given().auth().preemptive().basic("standardUser", "standardUserPassword")
+        setupAuth("standardUser", "standardUserPassword")
                 .when().get("/jaxrs-secured/subject/principal-secured").then()
                 .statusCode(200)
                 .body(equalTo("standardUser"));
@@ -143,16 +154,16 @@ public void testJaxrsGetPermitAll() {
      */
     @Test
     public void testJaxrsGetDenyAllWithoutAuth() {
-        RestAssured.when().get("/jaxrs-secured/subject/denied").then()
-                .statusCode(401);
+        RestAssured.given().redirects().follow(false).get("/jaxrs-secured/subject/denied").then()
+                .statusCode(getAuthFailureStatusCode());
     }
 
     /**
      * Test access a @DenyAll secured jaxrs resource with authentication. should see a 403 success code.
      */
     @Test
     public void testJaxrsGetDenyAllWithAuth() {
-        RestAssured.given().auth().preemptive().basic("standardUser", "standardUserPassword")
+        setupAuth("standardUser", "standardUserPassword")
                 .when().get("/jaxrs-secured/subject/denied").then()
                 .statusCode(403);
     }

diff --git a/...ions/elytron-security-ldap/deployment/src/test/resources/form-auth/application.properties b/...ions/elytron-security-ldap/deployment/src/test/resources/form-auth/application.properties
@@ -0,0 +1,19 @@
+quarkus.security.ldap.enabled=true
+
+quarkus.security.ldap.dir-context.principal=uid=admin,ou=system
+quarkus.security.ldap.dir-context.url=ldap://127.0.0.1:10389
+quarkus.security.ldap.dir-context.password=secret
+
+quarkus.security.ldap.identity-mapping.search-base-dn=ou=Users,dc=quarkus,dc=io
+
+quarkus.security.ldap.identity-mapping.attribute-mappings."0".from=cn
+quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter=(member=uid={0},ou=Users,dc=quarkus,dc=io)
+quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter-base-dn=ou=Roles,dc=quarkus,dc=io
+
+
+# Auth method
+quarkus.http.auth.form.enabled=true
+quarkus.http.auth.basic=false
+quarkus.http.auth.form.login-page=/
+quarkus.http.auth.form.error-page=/
+quarkus.http.auth.form.landing-page=/
diff --git a/...ime/src/main/java/io/quarkus/elytron/security/runtime/ElytronTrustedIdentityProvider.java b/...ime/src/main/java/io/quarkus/elytron/security/runtime/ElytronTrustedIdentityProvider.java
@@ -52,7 +52,9 @@ public SecurityIdentity get() {
                     PasswordCredential cred = id.getCredential(PasswordCredential.class);
                     try (ServerAuthenticationContext ac = domain.createNewAuthenticationContext()) {
                         ac.setAuthenticationName(request.getPrincipal());
-                        ac.addPrivateCredential(cred);
+                        if (cred != null) {
+                            ac.addPrivateCredential(cred);
+                        }
                         ac.authorize();
                         result = ac.getAuthorizedIdentity();