[JBoss JIRA] (ISPN-4288) JGroups kerberos auth is not able to obtain credentials
by Vojtech Juranek (JIRA)
Vojtech Juranek created ISPN-4288:
-------------------------------------
Summary: JGroups kerberos auth is not able to obtain credentials
Key: ISPN-4288
URL: https://issues.jboss.org/browse/ISPN-4288
Project: Infinispan
Issue Type: Bug
Components: Test Suite - Server
Reporter: Vojtech Juranek
Assignee: Mircea Markus
When trying to use kerberos for authentication between ISPN nodes (which uses JGroups authentication) I get following exception:
{noformat}
Caused by: java.lang.Exception: connecting to channel "clustered" failed
at org.jgroups.JChannel._connect(JChannel.java:564)
at org.jgroups.JChannel.connect(JChannel.java:288)
at org.jgroups.JChannel.connect(JChannel.java:273)
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGroupsChannelIfNeeded(JGroupsTransport.java:198)
... 27 more
Caused by: java.lang.SecurityException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at org.jgroups.protocols.SASL.down(SASL.java:294)
at org.jgroups.protocols.pbcast.STABLE.down(STABLE.java:347)
at org.jgroups.protocols.pbcast.ClientGmsImpl.sendJoinMessage(ClientGmsImpl.java:243)
at org.jgroups.protocols.pbcast.ClientGmsImpl.joinInternal(ClientGmsImpl.java:124)
at org.jgroups.protocols.pbcast.ClientGmsImpl.join(ClientGmsImpl.java:40)
at org.jgroups.protocols.pbcast.GMS.down(GMS.java:1082)
at org.jgroups.protocols.FlowControl.down(FlowControl.java:340)
at org.jgroups.protocols.FlowControl.down(FlowControl.java:340)
at org.jgroups.protocols.FRAG2.down(FRAG2.java:136)
at org.jgroups.protocols.RSVP.down(RSVP.java:142)
at org.jgroups.stack.ProtocolStack.down(ProtocolStack.java:1039)
at org.jgroups.JChannel.down(JChannel.java:785)
at org.jgroups.JChannel._connect(JChannel.java:558)
... 30 more
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212) [rt.jar:1.7.0_45]
at org.jgroups.auth.sasl.SaslClientContext.addHeader(SaslClientContext.java:84)
at org.jgroups.protocols.SASL.down(SASL.java:289)
... 42 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) [rt.jar:1.7.0_45]
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121) [rt.jar:1.7.0_45]
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) [rt.jar:1.7.0_45]
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223) [rt.jar:1.7.0_45]
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) [rt.jar:1.7.0_45]
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) [rt.jar:1.7.0_45]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193) [rt.jar:1.7.0_45]
... 44 more
{noformat}
The test and setup can be downloaded [here|https://github.com/vjuranek/infinispan/tree/ISPN-4273]. Not completely sure, if it's a bug or some kerberos setup issue, but it failed also in case when I tried to use already running kerberos (not ApacheDS run in within the test).
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
10 years, 5 months
[JBoss JIRA] (ISPN-4285) HotRod digest-md5 auth fails with NPE
by Tristan Tarrant (JIRA)
[ https://issues.jboss.org/browse/ISPN-4285?page=com.atlassian.jira.plugin.... ]
Tristan Tarrant updated ISPN-4285:
----------------------------------
Status: Pull Request Sent (was: Open)
Git Pull Request: https://github.com/infinispan/infinispan/pull/2557
> HotRod digest-md5 auth fails with NPE
> -------------------------------------
>
> Key: ISPN-4285
> URL: https://issues.jboss.org/browse/ISPN-4285
> Project: Infinispan
> Issue Type: Bug
> Components: Server
> Reporter: Vojtech Juranek
> Assignee: Mircea Markus
>
> HotRod DIGEST-MD5 auth fails with NPE when password on the server is stored as a plain text. Example realm configuration snip:
> {noformat}
> <authentication>
> <local default-user="$local" allowed-users="*"/>
> <properties path="application-users.properties" relative-to="jboss.server.config.dir" plain-text="true"/>
> </authentication>
> {noformat}
> Full stack trace:
> {noformat}
> org.infinispan.client.hotrod.exceptions.TransportException:: Could not fetch transport
> at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:310)
> at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.getTransport(TcpTransportFactory.java:185)
> at org.infinispan.client.hotrod.impl.operations.FaultTolerantPingOperation.getTransport(FaultTolerantPingOperation.java:27)
> at org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:48)
> at org.infinispan.client.hotrod.impl.RemoteCacheImpl.ping(RemoteCacheImpl.java:535)
> at org.infinispan.client.hotrod.RemoteCacheManager.ping(RemoteCacheManager.java:633)
> at org.infinispan.client.hotrod.RemoteCacheManager.createRemoteCache(RemoteCacheManager.java:614)
> at org.infinispan.client.hotrod.RemoteCacheManager.getCache(RemoteCacheManager.java:525)
> at org.infinispan.client.hotrod.RemoteCacheManager.getCache(RemoteCacheManager.java:521)
> at org.infinispan.server.test.client.hotrod.security.HotRodSaslAuthTestBase.initialize(HotRodSaslAuthTestBase.java:55)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
> at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
> at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
> at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:24)
> at org.jboss.arquillian.junit.Arquillian$StatementLifecycleExecutor.invoke(Arquillian.java:351)
> at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.execute(ClientBeforeAfterLifecycleEventExecuter.java:99)
> at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.on(ClientBeforeAfterLifecycleEventExecuter.java:72)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
> at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
> at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createBeforeContext(ContainerEventController.java:124)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
> at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:89)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
> at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:75)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
> at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:60)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:135)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:115)
> at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.before(EventTestRunnerAdaptor.java:95)
> at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:222)
> at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:314)
> at org.jboss.arquillian.junit.Arquillian.access$100(Arquillian.java:46)
> at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:240)
> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
> at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
> at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
> at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:185)
> at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:314)
> at org.jboss.arquillian.junit.Arquillian.access$100(Arquillian.java:46)
> at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:199)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
> at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:147)
> at org.junit.runners.Suite.runChild(Suite.java:127)
> at org.junit.runners.Suite.runChild(Suite.java:26)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
> at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
> at org.junit.runner.JUnitCore.run(JUnitCore.java:138)
> at org.apache.maven.surefire.junitcore.JUnitCoreWrapper.execute(JUnitCoreWrapper.java:62)
> at org.apache.maven.surefire.junitcore.JUnitCoreProvider.invoke(JUnitCoreProvider.java:139)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
> at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
> at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
> at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
> at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)
> Caused by: java.lang.NullPointerException
> at org.infinispan.client.hotrod.impl.transport.AbstractTransport.writeArray(AbstractTransport.java:97)
> at org.infinispan.client.hotrod.impl.operations.AuthOperation.execute(AuthOperation.java:35)
> at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.auth(SaslTransportObjectFactory.java:99)
> at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:72)
> at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:25)
> at org.apache.commons.pool.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:1220)
> at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:306)
> ... 98 more
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
10 years, 5 months
[JBoss JIRA] (ISPN-4287) Allow to pass digest hash passwords in HR digest-md5 auth
by Vojtech Juranek (JIRA)
Vojtech Juranek created ISPN-4287:
-------------------------------------
Summary: Allow to pass digest hash passwords in HR digest-md5 auth
Key: ISPN-4287
URL: https://issues.jboss.org/browse/ISPN-4287
Project: Infinispan
Issue Type: Feature Request
Components: Server
Reporter: Vojtech Juranek
Assignee: Mircea Markus
WildFly by default doesn't store plain text passwords but stores them as hashes. In SASL DIGEST-MD5 auth parameter {{org.jboss.sasl.digest.pre_digested}} configures, which kind of password is requested ({{true}} for plain, {{false}} for hash). Given that WildFly use hash by default, this option should be enabled and HR client should be able to authenticate also with hashed password.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
10 years, 5 months
[JBoss JIRA] (ISPN-4284) HotRod digest-md5 auth provides wrong callback
by Vojtech Juranek (JIRA)
[ https://issues.jboss.org/browse/ISPN-4284?page=com.atlassian.jira.plugin.... ]
Vojtech Juranek commented on ISPN-4284:
---------------------------------------
For the record, it seems this issue can be workaround by setting SASL property {{org.jboss.sasl.digest.pre_digested}}
{noformat}
<property name="org.jboss.sasl.digest.pre_digested">true</property>
{noformat}
(unable to verify whole scenario as I'm hitting [ISPN-4285|https://issues.jboss.org/browse/ISPN-4285] also in this case)
> HotRod digest-md5 auth provides wrong callback
> ----------------------------------------------
>
> Key: ISPN-4284
> URL: https://issues.jboss.org/browse/ISPN-4284
> Project: Infinispan
> Issue Type: Bug
> Components: Server
> Reporter: Vojtech Juranek
> Assignee: Tristan Tarrant
>
> HotRod DIGEST-MD5 auth fails with
> {noformat}
> ERROR [org.infinispan.server.hotrod.HotRodDecoder] (HotRodServerWorker-12) ISPN005009: Unexpected error before any request parameters read: io.netty.handler.codec.DecoderException: or
> g.infinispan.server.hotrod.HotRodException: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform callback to acquire password [Caused by javax.security.auth.callback.UnsupportedCallbackException]
> at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:417) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:141) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at org.infinispan.server.core.AbstractProtocolDecoder.channelRead(AbstractProtocolDecoder.scala:470) [infinispan.jar:7.0.0-SNAPSHOT]
> at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:341) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:327) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:116) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:494) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:461) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
> Caused by: org.infinispan.server.hotrod.HotRodException: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform call16:23:08,225 WARN [Codec20] (main) ISPN004005: Error received from the server: io.net
> ty.handler.codec.DecoderException: org.infinispan.server.hotrod.HotRodException: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform callback to acquire password [Caused by javax.security.auth.callba
> ck.UnsupportedCallbackException]
> back to acquire password [Caused by javax.security.auth.callback.UnsupportedCallbackException]
> at org.infinispan.server.hotrod.HotRodDecoder.createServerException(HotRodDecoder.scala:193) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:117) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.decode(AbstractProtocolDecoder.scala:58) [infinispan.jar:7.0.0-SNAPSHOT]
> at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:362) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> ... 12 more
> Caused by: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform callback to acquire password [Caused by javax.security.auth.callback.UnsupportedCallbackException]
> at org.jboss.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:600) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
> at org.jboss.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.java:253) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
> at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:214) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:139) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:147) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:95) [infinispan.jar:7.0.0-SNAPSHOT]
> ... 14 more
> Caused by: javax.security.auth.callback.UnsupportedCallbackException
> at org.jboss.as.domain.management.security.PropertiesCallbackHandler.handle(PropertiesCallbackHandler.java:164) [jboss-as-domain-management-7.2.0.Final.jar:7.2.0.Final]
> at org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:168) [jboss-as-domain-management-7.2.0.Final.jar:7.2.0.Final]
> at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider$RealmAuthorizingCallbackHandler.handle(EndpointServerAuthenticationProvider.java:74) [infinispan-server-endpoints-7.0.0-
> SNAPSHOT.jar:7.0.0-SNAPSHOT]
> at org.jboss.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:594) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
> ... 19 more
> {noformat}
> Instead of {{DigestHashCallback}} is provided {{PasswordCallback}} whichi results into above {{UnsupportedCallbackException}} if password is not stored in plain on server.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
10 years, 5 months
[JBoss JIRA] (ISPN-4286) Two concurrent putIfAbsent operations can both return null during rebalance
by Dan Berindei (JIRA)
Dan Berindei created ISPN-4286:
----------------------------------
Summary: Two concurrent putIfAbsent operations can both return null during rebalance
Key: ISPN-4286
URL: https://issues.jboss.org/browse/ISPN-4286
Project: Infinispan
Issue Type: Bug
Components: Core, State Transfer
Affects Versions: 6.0.2.Final
Reporter: Dan Berindei
Assignee: Dan Berindei
Fix For: 7.0.0.Final
If the cache topology changes while executing a putIfAbsent operation, the old primary owner will throw an OutdatedTopologyException, and the originator will retry on the new owner.
When retrying the PutKeyValueCommand on the new primary owner, we compare the current value with the command's new value. If they are equal, we assume that the initial command wrote the old value, and we return {{null}}.
However, the value might have been written by another putIfAbsent operation. So we could have two {{putIfAbsent(k, v)}} operations, both returning {{null}}.
{code}
A is the originator, B is the primary owner, k = null
A -> B: putIfAbsent(k, v1)
B dies before writing v, C is now primary owner
D -> C: putIfAbsent(k, v1) // another put operation from D, with the same value
C -> D: null // correct
A -> C: retry_putIfAbsent(k, v1)
C -> A: null // C assumes A is overwriting its own value, so it's also returning null
{code}
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
10 years, 5 months
[JBoss JIRA] (ISPN-4285) HotRod digest-md5 auth fails with NPE
by Vojtech Juranek (JIRA)
[ https://issues.jboss.org/browse/ISPN-4285?page=com.atlassian.jira.plugin.... ]
Vojtech Juranek commented on ISPN-4285:
---------------------------------------
It seems it's present always, no matter if {{plain-text="true"}} is set or not.
> HotRod digest-md5 auth fails with NPE
> -------------------------------------
>
> Key: ISPN-4285
> URL: https://issues.jboss.org/browse/ISPN-4285
> Project: Infinispan
> Issue Type: Bug
> Components: Server
> Reporter: Vojtech Juranek
> Assignee: Mircea Markus
>
> HotRod DIGEST-MD5 auth fails with NPE when password on the server is stored as a plain text. Example realm configuration snip:
> {noformat}
> <authentication>
> <local default-user="$local" allowed-users="*"/>
> <properties path="application-users.properties" relative-to="jboss.server.config.dir" plain-text="true"/>
> </authentication>
> {noformat}
> Full stack trace:
> {noformat}
> org.infinispan.client.hotrod.exceptions.TransportException:: Could not fetch transport
> at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:310)
> at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.getTransport(TcpTransportFactory.java:185)
> at org.infinispan.client.hotrod.impl.operations.FaultTolerantPingOperation.getTransport(FaultTolerantPingOperation.java:27)
> at org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:48)
> at org.infinispan.client.hotrod.impl.RemoteCacheImpl.ping(RemoteCacheImpl.java:535)
> at org.infinispan.client.hotrod.RemoteCacheManager.ping(RemoteCacheManager.java:633)
> at org.infinispan.client.hotrod.RemoteCacheManager.createRemoteCache(RemoteCacheManager.java:614)
> at org.infinispan.client.hotrod.RemoteCacheManager.getCache(RemoteCacheManager.java:525)
> at org.infinispan.client.hotrod.RemoteCacheManager.getCache(RemoteCacheManager.java:521)
> at org.infinispan.server.test.client.hotrod.security.HotRodSaslAuthTestBase.initialize(HotRodSaslAuthTestBase.java:55)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
> at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
> at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
> at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:24)
> at org.jboss.arquillian.junit.Arquillian$StatementLifecycleExecutor.invoke(Arquillian.java:351)
> at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.execute(ClientBeforeAfterLifecycleEventExecuter.java:99)
> at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.on(ClientBeforeAfterLifecycleEventExecuter.java:72)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
> at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
> at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createBeforeContext(ContainerEventController.java:124)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
> at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:89)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
> at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:75)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
> at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:60)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)
> at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:135)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:115)
> at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.before(EventTestRunnerAdaptor.java:95)
> at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:222)
> at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:314)
> at org.jboss.arquillian.junit.Arquillian.access$100(Arquillian.java:46)
> at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:240)
> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
> at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
> at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
> at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:185)
> at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:314)
> at org.jboss.arquillian.junit.Arquillian.access$100(Arquillian.java:46)
> at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:199)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
> at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:147)
> at org.junit.runners.Suite.runChild(Suite.java:127)
> at org.junit.runners.Suite.runChild(Suite.java:26)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
> at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
> at org.junit.runner.JUnitCore.run(JUnitCore.java:138)
> at org.apache.maven.surefire.junitcore.JUnitCoreWrapper.execute(JUnitCoreWrapper.java:62)
> at org.apache.maven.surefire.junitcore.JUnitCoreProvider.invoke(JUnitCoreProvider.java:139)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
> at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
> at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
> at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
> at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)
> Caused by: java.lang.NullPointerException
> at org.infinispan.client.hotrod.impl.transport.AbstractTransport.writeArray(AbstractTransport.java:97)
> at org.infinispan.client.hotrod.impl.operations.AuthOperation.execute(AuthOperation.java:35)
> at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.auth(SaslTransportObjectFactory.java:99)
> at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:72)
> at org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.makeObject(SaslTransportObjectFactory.java:25)
> at org.apache.commons.pool.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:1220)
> at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:306)
> ... 98 more
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
10 years, 5 months
[JBoss JIRA] (ISPN-4284) HotRod digest-md5 auth provides wrong callback
by Tristan Tarrant (JIRA)
[ https://issues.jboss.org/browse/ISPN-4284?page=com.atlassian.jira.plugin.... ]
Tristan Tarrant updated ISPN-4284:
----------------------------------
Status: Pull Request Sent (was: Open)
Git Pull Request: https://github.com/infinispan/infinispan/pull/2557
> HotRod digest-md5 auth provides wrong callback
> ----------------------------------------------
>
> Key: ISPN-4284
> URL: https://issues.jboss.org/browse/ISPN-4284
> Project: Infinispan
> Issue Type: Bug
> Components: Server
> Reporter: Vojtech Juranek
> Assignee: Tristan Tarrant
>
> HotRod DIGEST-MD5 auth fails with
> {noformat}
> ERROR [org.infinispan.server.hotrod.HotRodDecoder] (HotRodServerWorker-12) ISPN005009: Unexpected error before any request parameters read: io.netty.handler.codec.DecoderException: or
> g.infinispan.server.hotrod.HotRodException: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform callback to acquire password [Caused by javax.security.auth.callback.UnsupportedCallbackException]
> at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:417) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:141) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at org.infinispan.server.core.AbstractProtocolDecoder.channelRead(AbstractProtocolDecoder.scala:470) [infinispan.jar:7.0.0-SNAPSHOT]
> at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:341) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:327) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:116) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:494) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:461) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
> Caused by: org.infinispan.server.hotrod.HotRodException: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform call16:23:08,225 WARN [Codec20] (main) ISPN004005: Error received from the server: io.net
> ty.handler.codec.DecoderException: org.infinispan.server.hotrod.HotRodException: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform callback to acquire password [Caused by javax.security.auth.callba
> ck.UnsupportedCallbackException]
> back to acquire password [Caused by javax.security.auth.callback.UnsupportedCallbackException]
> at org.infinispan.server.hotrod.HotRodDecoder.createServerException(HotRodDecoder.scala:193) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:117) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.decode(AbstractProtocolDecoder.scala:58) [infinispan.jar:7.0.0-SNAPSHOT]
> at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:362) [netty-all-4.0.18.Final.jar:4.0.18.Final]
> ... 12 more
> Caused by: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform callback to acquire password [Caused by javax.security.auth.callback.UnsupportedCallbackException]
> at org.jboss.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:600) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
> at org.jboss.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.java:253) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
> at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:214) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:139) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:147) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:95) [infinispan.jar:7.0.0-SNAPSHOT]
> ... 14 more
> Caused by: javax.security.auth.callback.UnsupportedCallbackException
> at org.jboss.as.domain.management.security.PropertiesCallbackHandler.handle(PropertiesCallbackHandler.java:164) [jboss-as-domain-management-7.2.0.Final.jar:7.2.0.Final]
> at org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:168) [jboss-as-domain-management-7.2.0.Final.jar:7.2.0.Final]
> at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider$RealmAuthorizingCallbackHandler.handle(EndpointServerAuthenticationProvider.java:74) [infinispan-server-endpoints-7.0.0-
> SNAPSHOT.jar:7.0.0-SNAPSHOT]
> at org.jboss.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:594) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
> ... 19 more
> {noformat}
> Instead of {{DigestHashCallback}} is provided {{PasswordCallback}} whichi results into above {{UnsupportedCallbackException}} if password is not stored in plain on server.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
10 years, 5 months
[JBoss JIRA] (ISPN-2394) Use DataRehashedEvent to signal end of state transfer
by Dan Berindei (JIRA)
[ https://issues.jboss.org/browse/ISPN-2394?page=com.atlassian.jira.plugin.... ]
Dan Berindei reassigned ISPN-2394:
----------------------------------
Assignee: Dan Berindei (was: Adrian Nistor)
> Use DataRehashedEvent to signal end of state transfer
> -----------------------------------------------------
>
> Key: ISPN-2394
> URL: https://issues.jboss.org/browse/ISPN-2394
> Project: Infinispan
> Issue Type: Task
> Components: State Transfer
> Affects Versions: 5.2.0.ALPHA1
> Reporter: Adrian Nistor
> Assignee: Dan Berindei
>
> Since NBST was introduced the actual completion of state transfer happens later than the TopologyChangedEvent. In unit tests there is currently no simple way to find out when this actually happens so we resorted to some ugly polling (see TestingUtil.waitForRehashToComplete()). Also some other core components could benefit from such an event (eg. StaleTransactionCleanupService, see ISPN-2383).
> The event should contain the CacheTopology that is being confirmed as stable.
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
10 years, 5 months