]
Tristan Tarrant commented on ISPN-4454:
---------------------------------------
Using LDAP with DIGEST-MD5 requires WFLY-1217 to be fixed.
HR client SASL MD5 against LDAP fails
-------------------------------------
Key: ISPN-4454
URL:
https://issues.jboss.org/browse/ISPN-4454
Project: Infinispan
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
When trying to authenticate HotRod client against LDAP using SASL DIGEST-MD5 auth, it
fails with:
{noformat}
31m18:21:40,265 ERROR [org.infinispan.server.hotrod.HotRodDecoder]
(HotRodServerWorker-7-1) ISPN005009: Unexpected error before any request parameters read:
io.netty.handler.codec.DecoderException: org.infinispan.server.hotrod.HotRodException:
java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism
DIGEST in realm ApplicationRealm
at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:417)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at
org.infinispan.server.core.AbstractProtocolDecoder.channelRead(AbstractProtocolDecoder.scala:471)
[infinispan.jar:7.0.0-SNAPSHOT]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:332)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:318)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:125)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:507)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:464)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
Caused by: org.infinispan.server.hotrod.HotRodException: java.lang.IllegalStateException:
JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
at
org.infinispan.server.hotrod.HotRodDecoder.createServerException(HotRodDecoder.scala:204)
[infinispan.jar:7.0.0-SNAPSHOT]
at
org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:118)
[infinispan.jar:7.0.0-SNAPSHOT]
at
org.infinispan.server.core.AbstractProtocolDecoder.decode(AbstractProtocolDecoder.scala:59)
[infinispan.jar:7.0.0-SNAPSHOT]
at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:362)
[netty-all-4.0.20.Final.jar:4.0.20.Final]
... 12 more
Caused by: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for
mechanism DIGEST in realm ApplicationRealm
at
org.jboss.as.domain.management.security.SecurityRealmService.getCallbackHandlerService(SecurityRealmService.java:231)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at
org.jboss.as.domain.management.security.SecurityRealmService.getMechanismConfig(SecurityRealmService.java:128)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at
org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider.getCallbackHandler(EndpointServerAuthenticationProvider.java:54)
[infinispan-server-endpoints-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:208)
[infinispan.jar:7.0.0-SNAPSHOT]
at
org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:152)
[infinispan.jar:7.0.0-SNAPSHOT]
at
org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:148)
[infinispan.jar:7.0.0-SNAPSHOT]
at
org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:96)
[infinispan.jar:7.0.0-SNAPSHOT]
... 14 more
{noformat}
When running same test, but using login/passwd store in properties file, everything
works. Serve LDAP config:
{noformat}
<security-realms>
<security-realm name="ApplicationRealm">
<authentication>
<ldap connection="ldap_connection"
recursive="true" base-dn="ou=People,dc=infinispan,dc=org">
<username-filter attribute="uid" />
</ldap>
</authentication>
<authorization>
<properties path="application-roles.properties"
relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<outbound-connections>
<ldap name="ldap_connection"
url="ldap://localhost:10389"/>
</outbound-connections>
{noformat}