app-mem-basic-decorate is unwrapping a message in the validateRequest stage which is absolutely prohibited in this stage.

Question

app-mem-basic-decorate is unwrapping a message in the validateRequest stage which is absolutely prohibited in this stage.

Closed this issue 2 years ago · 2 comments

Thu purpose of this test is verifying that a CDI decorator can be applied to an existing authentication mechanism, the wrapping of the response message was to delay setting the error status as this committed the response - the same behaviour can be achieved using a HttpMessageContextWrapper instead.

Answer 1 · 2022-08-18T14:11:03.000Z

Yes, I agree. The purpose is about verification that the CDI decorator is applied, as discussed during the Jakarta Security 3 cycle. As such, anything else is an implementation detail of the test and can be replaced by any other mechanism.

Answer 2 · 2022-08-18T14:11:42.000Z

cc @keilw @ggam