May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2892) Regression in legacy security in DR17, Kerberos for CLI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2892?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2892: ------------------------------------- Fix Version/s: 3.0.0.Beta24 > Regression in legacy security in DR17, Kerberos for CLI > -------------------------------------------------------- > > Key: WFCORE-2892 > URL: https://issues.jboss.org/browse/WFCORE-2892 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta23 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta24 > > > User impact: User relying on fallback authentication mechanism in case of Kerberos can't. > This worked well in DR16. > When GSSAPI mechanism fails other mechanism e.g. PLAIN doesn't occure. > {code:title=server.log} > 14:47:03,078 TRACE [org.wildfly.security] (management I/O-2) Handling MechanismInformationCallback type='SASL' name='GSSAPI' host-name='localhost.localdomain' protocol='remote' > 14:47:03,078 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) configuredMaxReceiveBuffer=16777215 > 14:47:03,078 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) relaxComplianceChecks=false > 14:47:03,078 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) QOP={AUTH} > 14:47:03,078 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) Obtaining GSSCredential for the service from callback handler... > 14:47:03,078 TRACE [org.jboss.as.domain.management.security] (management I/O-2) Selected KeytabService with principal 'remote/localhost.localdomain(a)WRONG_REALM.ORG' for host 'localhost.localdomain' > 14:47:03,079 INFO [stdout] (management I/O-2) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.5505588796137857648.keytab refreshKrb5Config is false principal is remote/localhost.localdomain(a)WRONG_REALM.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false > 14:47:03,079 INFO [stdout] (management I/O-2) principal is remote/localhost.localdomain(a)WRONG_REALM.ORG > 14:47:03,079 INFO [stdout] (management I/O-2) Will use keytab > 14:47:03,079 INFO [stdout] (management I/O-2) Commit Succeeded > 14:47:03,079 INFO [stdout] (management I/O-2) > 14:47:03,079 INFO [stdout] (management I/O-2) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.5505588796137857648.keytab for remote/localhost.localdomain(a)WRONG_REALM.ORG > 14:47:03,080 INFO [stdout] (management I/O-2) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.5505588796137857648.keytab for remote/localhost.localdomain(a)WRONG_REALM.ORG > 14:47:03,080 INFO [stdout] (management I/O-2) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.5505588796137857648.keytab for remote/localhost.localdomain(a)WRONG_REALM.ORG > 14:47:03,080 INFO [stdout] (management I/O-2) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.5505588796137857648.keytab for remote/localhost.localdomain(a)WRONG_REALM.ORG > 14:47:03,080 TRACE [org.wildfly.security] (management I/O-2) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 14:47:03,080 TRACE [org.jboss.remoting.endpoint] (management I/O-2) Allocated tick to 9 of endpoint "localhost:MANAGEMENT" <15985cc1> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@211c95d4) > 14:47:03,081 INFO [stdout] (management task-6) Entered Krb5Context.acceptSecContext with state=STATE_NEW > 14:47:03,082 INFO [stdout] (management task-6) Looking for keys for: remote/localhost.localdomain(a)WRONG_REALM.ORG > 14:47:03,083 TRACE [org.jboss.remoting.remote.server] (management task-6) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05031: [GSSAPI] Unable to accept SASL client message [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96)] > at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateMessage(GssapiServer.java:152) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) > at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateResponse(GssapiServer.java:121) > at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58) > at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106) > at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57) > at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245) > at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:467) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:891) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96) > at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateMessage(GssapiServer.java:131) > ... 12 more > Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96 > at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278) > at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149) > at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108) > at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) > ... 15 more > 14:47:03,083 TRACE [org.wildfly.security.sasl.gssapi.server] (management task-6) dispose > 14:47:03,083 TRACE [org.wildfly.security] (management task-6) Handling AuthenticationCompleteCallback: fail > 14:47:03,084 TRACE [org.jboss.remoting.endpoint] (management task-6) Resource closed count 00000008 of endpoint "localhost:MANAGEMENT" <15985cc1> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@211c95d4) > 14:47:03,084 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 5 bytes > 14:47:03,084 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 14:47:03,084 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Shut down writes on channel > 14:47:03,086 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 14:47:03,086 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 14:47:03,086 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received EOF > 14:47:03,087 TRACE [org.jboss.remoting.remote] (management I/O-2) Received connection end-of-stream > 14:47:03,108 INFO [org.jboss.eapqe.krbldap.eap7.utils.CustomCLIExecutor] (main) CLI executor output: > 14:47:03,109 INFO [org.jboss.eapqe.krbldap.eap7.utils.CustomCLIExecutor] (main) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb5-1708048015373854835.conf > Loaded from Java config > >>>KinitOptions cache name is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb5cc > >>>DEBUG <CCacheInputStream> client principal is hnelson30d3d46a-214b-4b2d-903e-c484ebab7908(a)JBOSS.ORG > >>>DEBUG <CCacheInputStream> server principal is krbtgt/JBOSS.ORG(a)JBOSS.ORG > >>>DEBUG <CCacheInputStream> key type: 17 > >>>DEBUG <CCacheInputStream> auth time: Tue May 02 14:46:23 CEST 2017 > >>>DEBUG <CCacheInputStream> start time: Tue May 02 14:46:23 CEST 2017 > >>>DEBUG <CCacheInputStream> end time: Tue May 02 22:46:23 CEST 2017 > >>>DEBUG <CCacheInputStream> renew_till time: null > >>> CCacheInputStream: readFlags() INITIAL; PRE_AUTH; > Found ticket for hnelson30d3d46a-214b-4b2d-903e-c484ebab7908(a)JBOSS.ORG to go to krbtgt/JBOSS.ORG(a)JBOSS.ORG expiring on Tue May 02 22:46:23 CEST 2017 > Entered Krb5Context.initSecContext with state=STATE_NEW > Service ticket not found in the subject > >>> Credentials acquireServiceCreds: same realm > default etypes for default_tgs_enctypes: 17. > >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > >>> KdcAccessibility: reset > >>> KrbKdcReq send: kdc=localhost.localdomain UDP:6088, timeout=5000, number of retries =3, #bytes=648 > >>> KDCCommunication: kdc=localhost.localdomain UDP:6088, timeout=5000,Attempt =1, #bytes=648 > >>> KrbKdcReq send: #bytes read=634 > >>> KdcAccessibility: remove localhost.localdomain:6088 > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > Krb5Context setting mySeqNumber to: 23519002 > Krb5Context setting peerSeqNumber to: 0 > Created InitSecContextToken: > 0000: 01 00 6E 82 02 2C 30 82 02 28 A0 03 02 01 05 A1 ..n..,0..(...... > 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ > 0020: 2C 61 82 01 28 30 82 01 24 A0 03 02 01 05 A1 0B ,a..(0..$....... > 0030: 1B 09 4A 42 4F 53 53 2E 4F 52 47 A2 2A 30 28 A0 ..JBOSS.ORG.*0(. > 0040: 03 02 01 00 A1 21 30 1F 1B 06 72 65 6D 6F 74 65 .....!0...remote > 0050: 1B 15 6C 6F 63 61 6C 68 6F 73 74 2E 6C 6F 63 61 ..localhost.loca > 0060: 6C 64 6F 6D 61 69 6E A3 81 E3 30 81 E0 A0 03 02 ldomain...0..... > 0070: 01 11 A2 81 D8 04 81 D5 6B C5 1A F4 8B 3A B3 7B ........k....:.. > 0080: AE 21 B6 7C 76 DA 7F 42 F7 74 77 08 B1 47 5E 91 .!..v..B.tw..G^. > 0090: 2D 93 54 AA FF 8B A2 A3 F4 ED E4 20 58 8F 1D 3A -.T........ X..: > 00A0: 11 1D E7 26 86 BF 70 A9 64 F2 D4 B6 E5 5A 7B 6D ...&..p.d....Z.m > 00B0: D4 4A 47 C3 7E A8 40 8F 6A CE B1 B0 E4 8C 00 CC .JG...@.j....... > 00C0: AD D0 30 23 D7 A2 6D 55 58 32 9C 0E 4D 48 78 62 ..0#..mUX2..MHxb > 00D0: 7C BD C5 64 05 A4 2A F1 A7 D9 29 C2 78 F5 A0 E8 ...d..*...).x... > 00E0: C3 24 77 34 C0 6A 70 27 42 20 47 EA E8 BE 7A 1C .$w4.jp'B G...z. > 00F0: 72 3A AB 01 E9 5B 71 7A 86 AE E8 D8 00 94 17 2F r:...[qz......./ > 0100: 3F 8F 62 FC 58 4B 27 86 24 78 B9 97 71 1B E4 ED ?.b.XK'.$x..q... > 0110: 93 A5 8F 1C 1B 7A 31 17 E4 E5 90 2A 02 88 22 39 .....z1....*.."9 > 0120: 9D B9 48 05 89 A2 8D F6 4F E7 29 C6 75 CE 2A EB ..H.....O.).u.*. > 0130: A4 EB 60 C7 DA 26 AB 75 17 8C 9E 0B 55 A6 69 5B ..`..&.u....U.i[ > 0140: 53 DF 41 F7 E0 48 01 53 44 F3 8A 8F 5A A4 81 E2 S.A..H.SD...Z... > 0150: 30 81 DF A0 03 02 01 11 A2 81 D7 04 81 D4 F2 C9 0............... > 0160: 95 00 E1 89 EB 9F AF 03 DB 8E 9C 9B F5 FF E4 AF ................ > 0170: BD AB 4C FA 87 FD 87 B4 0B C8 21 53 7C A2 D9 07 ..L.......!S.... > 0180: 0D 63 D5 EA 76 D4 30 C4 17 ED 1D 90 6B 46 20 BE .c..v.0.....kF . > 0190: 28 C0 02 87 7D D8 EC 21 0F 50 FC 39 D7 0B AD C3 (......!.P.9.... > 01A0: 07 10 7A F4 79 71 0E 59 5C 8D 55 D6 71 54 4B 35 ..z.yq.Y\.U.qTK5 > 01B0: EE E7 33 87 BD 21 78 79 76 49 DF FA 17 CA 5A B2 ..3..!xyvI....Z. > 01C0: A6 72 4C 6B E2 CB A6 8F 2E 8B 1B F4 DD 41 4D 85 .rLk.........AM. > 01D0: 5D 9A 92 5A 90 EB 2F 80 7A 02 F4 05 9A 54 1D D5 ]..Z../.z....T.. > 01E0: 0F 04 12 53 29 1D A1 D3 5B 08 E4 FA 75 F0 AE 2E ...S)...[...u... > 01F0: F6 07 0E 44 BD F2 6C 0F 3F 95 14 D6 75 2F 12 08 ...D..l.?...u/.. > 0200: 0E F5 6E B9 CB 28 6A 5C 51 7E 4F 9D E0 2F 18 1C ..n..(j\Q.O../.. > 0210: 0D 0D 18 AA 31 FE 8E D2 42 AD CA 62 B1 EF 69 9D ....1...B..b..i. > 0220: 88 82 57 36 58 B2 72 CF 35 54 B1 BE 9B 57 10 F5 ..W6X.r.5T...W.. > 0230: 2C FF ,. > Failed to connect to the controller: The controller is not available at localhost.localdomain:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost.localdomain:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost.localdomain:9990. The connection failed: JBREM000202: Abrupt close on Remoting connection 79a3d728 to localhost.localdomain/127.0.0.1:9990 of endpoint "cli-client" <24aed80c> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6646) Incorrect implementation and specification version in Manifest for wildfly-client-all-10.0.0.CR2-redhat-1-sources.jar

by Petr Sakař (JIRA)

[ https://issues.jboss.org/browse/WFLY-6646?page=com.atlassian.jira.plugin.... ] Petr Sakař closed WFLY-6646. ---------------------------- Assignee: Paul Gier (was: Petr Sakař) > Incorrect implementation and specification version in Manifest for wildfly-client-all-10.0.0.CR2-redhat-1-sources.jar > --------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-6646 > URL: https://issues.jboss.org/browse/WFLY-6646 > Project: WildFly > Issue Type: Enhancement > Components: Build System > Affects Versions: 10.0.0.CR2 > Reporter: Filip Kujikis > Assignee: Paul Gier > Priority: Minor > Fix For: 11.0.0.Beta1 > > > Implementation and specification version in Manifest do not correspond to the JAR: wildfly-client-all-10.0.0.CR2-redhat-1-sources.jar > Corrected in Jboss EAP: https://issues.jboss.org/browse/JBEAP-1185 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6646) Incorrect implementation and specification version in Manifest for wildfly-client-all-10.0.0.CR2-redhat-1-sources.jar

by Petr Sakař (JIRA)

[ https://issues.jboss.org/browse/WFLY-6646?page=com.atlassian.jira.plugin.... ] Petr Sakař commented on WFLY-6646: ---------------------------------- fixed by PR https://github.com/wildfly/wildfly/pull/9970 for https://issues.jboss.org/browse/WFLY-8640 > Incorrect implementation and specification version in Manifest for wildfly-client-all-10.0.0.CR2-redhat-1-sources.jar > --------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-6646 > URL: https://issues.jboss.org/browse/WFLY-6646 > Project: WildFly > Issue Type: Enhancement > Components: Build System > Affects Versions: 10.0.0.CR2 > Reporter: Filip Kujikis > Assignee: Petr Sakař > Priority: Minor > Fix For: 11.0.0.Beta1 > > > Implementation and specification version in Manifest do not correspond to the JAR: wildfly-client-all-10.0.0.CR2-redhat-1-sources.jar > Corrected in Jboss EAP: https://issues.jboss.org/browse/JBEAP-1185 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2805) Use Xalan from JRE rather than our own fork

by Peter Palaga (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2805?page=com.atlassian.jira.plugi... ] Peter Palaga commented on WFCORE-2805: -------------------------------------- In the last iteration named in my previous post, I just removed the two jars from the org.apache.xalan module and kept the (now empty) module in place. I hope, like this, the change will cause less pain to folks that depend on org.apache.xalan https://github.com/ppalaga/wildfly/commit/3633d25eb232e9e6d4362166da6a319... Are there any objections against that? > Use Xalan from JRE rather than our own fork > ------------------------------------------- > > Key: WFCORE-2805 > URL: https://issues.jboss.org/browse/WFCORE-2805 > Project: WildFly Core > Issue Type: Task > Reporter: Peter Palaga > Assignee: Peter Palaga > > As proposed by [~wolfc] we want to check if we can get rid of maintaining our own fork of Xalan. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2805) Use Xalan from JRE rather than our own fork

by Peter Palaga (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2805?page=com.atlassian.jira.plugi... ] Peter Palaga commented on WFCORE-2805: -------------------------------------- I added tests for 2) in {{EmbeddedXsltProcessorTestCase}} and for 3) in {{XsltProcessorInModuleTestCase}} in https://github.com/ppalaga/wildfly/tree/WFCORE-2805 at c615766 All tested scenarios pass both before and after replacing the custom Xalan module with the implementation from the JRE. I am still waiting for an answer ad 4) bq. What is the user currently supposed to do to change the container wide default JAXP impl? > Use Xalan from JRE rather than our own fork > ------------------------------------------- > > Key: WFCORE-2805 > URL: https://issues.jboss.org/browse/WFCORE-2805 > Project: WildFly Core > Issue Type: Task > Reporter: Peter Palaga > Assignee: Peter Palaga > > As proposed by [~wolfc] we want to check if we can get rid of maintaining our own fork of Xalan. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8862) Wrong schema version in several .xsd files

by Aurel Pintea (JIRA)

[ https://issues.jboss.org/browse/WFLY-8862?page=com.atlassian.jira.plugin.... ] Aurel Pintea updated WFLY-8862: ------------------------------- Description: Some schemas in ${EAP_HOME}/docs/schema have wrong version specified. (was: Some schemas in ${EAP_HOME}/docs/schema has wrong version specified.) > Wrong schema version in several .xsd files > ------------------------------------------ > > Key: WFLY-8862 > URL: https://issues.jboss.org/browse/WFLY-8862 > Project: WildFly > Issue Type: Bug > Reporter: Aurel Pintea > Assignee: Aurel Pintea > Priority: Minor > > Some schemas in ${EAP_HOME}/docs/schema have wrong version specified. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8862) Wrong schema version in several .xsd files

by Aurel Pintea (JIRA)

Aurel Pintea created WFLY-8862: ---------------------------------- Summary: Wrong schema version in several .xsd files Key: WFLY-8862 URL: https://issues.jboss.org/browse/WFLY-8862 Project: WildFly Issue Type: Bug Reporter: Aurel Pintea Assignee: Aurel Pintea Priority: Minor Some schemas in ${EAP_HOME}/docs/schema has wrong version specified. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-1214) Elytron LocalUserServer Overrides finalize method

by Martin Choma (JIRA)

Martin Choma created ELY-1214: --------------------------------- Summary: Elytron LocalUserServer Overrides finalize method Key: ELY-1214 URL: https://issues.jboss.org/browse/ELY-1214 Project: WildFly Elytron Issue Type: Bug Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Critical {{finalize}} method can be called even when object is still in use [1]. Please change LocalUserServer not to rely on finalize() method {code:java|title=LocalUserServer.java} @Override protected void finalize() throws Throwable { deleteChallenge(); } {code} [1] https://www.infoq.com/articles/Fatal-Flaw-Finalizers-Phantoms -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-1214) Elytron LocalUserServer Overrides finalize method

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1214?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1214: ------------------------------ Description: {{finalize()}} method can be called even when object is still in use [1]. Please change LocalUserServer not to rely on {{finalize()}} method {code:java|title=LocalUserServer.java} @Override protected void finalize() throws Throwable { deleteChallenge(); } {code} [1] https://www.infoq.com/articles/Fatal-Flaw-Finalizers-Phantoms was: {{finalize}} method can be called even when object is still in use [1]. Please change LocalUserServer not to rely on finalize() method {code:java|title=LocalUserServer.java} @Override protected void finalize() throws Throwable { deleteChallenge(); } {code} [1] https://www.infoq.com/articles/Fatal-Flaw-Finalizers-Phantoms > Elytron LocalUserServer Overrides finalize method > ------------------------------------------------- > > Key: ELY-1214 > URL: https://issues.jboss.org/browse/ELY-1214 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > > {{finalize()}} method can be called even when object is still in use [1]. Please change LocalUserServer not to rely on {{finalize()}} method > {code:java|title=LocalUserServer.java} > @Override > protected void finalize() throws Throwable { > deleteChallenge(); > } > {code} > [1] https://www.infoq.com/articles/Fatal-Flaw-Finalizers-Phantoms -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2891) Regresion in DR17, elytron returns 401 instead of 500.

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2891?page=com.atlassian.jira.plugi... ] Jan Kalina moved JBEAP-11238 to WFCORE-2891: -------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2891 (was: JBEAP-11238) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta23 (was: 7.1.0.DR17) > Regresion in DR17, elytron returns 401 instead of 500. > ------------------------------------------------------ > > Key: WFCORE-2891 > URL: https://issues.jboss.org/browse/WFCORE-2891 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta23 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Critical > > There is regression against DR16. When Elytron kerberos security factory is misconfigured - wrong principal name - 401 is returned. Till DR16 it was 500. > IMO 500 is more appropriate in this case as server is misconfigured and authenticatoin is not possible at all. > But 401 means user can try authenticate with another credential. Also there is no other authentication mechanism configured, which could be tried to authenticate - just SPNEGO. > {code:title=server.log} > 09:26:33,615 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,616 TRACE [org.wildfly.security] (default task-1) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,617 TRACE [org.wildfly.security] (default task-1) Obtaining GSSCredential for the service from callback handler... > 09:26:33,617 TRACE [org.wildfly.security] (default task-1) No valid cached credential, obtaining new one... > 09:26:33,618 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: > ] > 09:26:33,623 INFO [stdout] (default task-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab refreshKrb5Config is false principal is WRONG_SERVICE/wrong.host tryFirstPass is false useFirstPass is false storePass is false clearPass is false > 09:26:33,626 INFO [stdout] (default task-1) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb5-3763796955751468261.conf > 09:26:33,626 INFO [stdout] (default task-1) Loaded from Java config > 09:26:33,627 INFO [stdout] (default task-1) principal is WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,628 INFO [stdout] (default task-1) Will use keytab > 09:26:33,628 INFO [stdout] (default task-1) Commit Succeeded > 09:26:33,628 INFO [stdout] (default task-1) > 09:26:33,628 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: > Principal: WRONG_SERVICE/wrong.host(a)JBOSS.ORG > Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > ] succeed > 09:26:33,630 TRACE [org.wildfly.security] (default task-1) Creating GSSName for Principal 'WRONG_SERVICE/wrong.host(a)JBOSS.ORG' > 09:26:33,634 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,635 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,635 TRACE [org.wildfly.security] (default task-1) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f] > 09:26:33,636 TRACE [org.wildfly.security] (default task-1) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@3409081b] > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Caching GSSContext sun.security.jgss.GSSContextImpl@480e78a0 > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Caching KerberosTicket null > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Sent HTTP authorizations: [null] > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Request lacks valid authentication credentials > 09:26:33,666 WARN [org.apache.http.impl.auth.HttpAuthenticator] (main) NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Obtaining GSSCredential for the service from callback handler... > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@b065a6e] > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Caching GSSContext sun.security.jgss.GSSContextImpl@5c1a57e > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Caching KerberosTicket null > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Sent HTTP authorizations: [null] > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Request lacks valid authentication credentials > Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false > Refreshing Kerberos configuration > [Krb5LoginModule] user entered username: jdukef95f0ce7-ed0b-4086-b498-e11f0cbee025 > principal is jdukef95f0ce7-ed0b-4086-b498-e11f0cbee025(a)JBOSS.ORG > Commit Succeeded > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Obtaining GSSCredential for the service from callback handler... > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@ee77462] > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Caching GSSContext sun.security.jgss.GSSContextImpl@209bce > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Caching KerberosTicket null > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Sent HTTP authorizations: [null] > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Request lacks valid authentication credentials > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Obtaining GSSCredential for the service from callback handler... > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@511a63e2] > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Caching GSSContext sun.security.jgss.GSSContextImpl@5fdd87b1 > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Caching KerberosTicket null > 09:26:33,759 TRACE [org.wildfly.security] (default task-4) Sent HTTP authorizations: [Negotiate YIIE1gYGKwYBBQUCoIIEyjCCBMagDTALBgkqhkiG9xIBAgKhBAMCAfaiggStBIIEqWCCBKUGCSqGSIb3EgECAgEAboIElDCCBJCgAwIBBaEDAgEOogcDBQAgAAAAo4IBKGGCASQwggEgoAMCAQWhCxsJSkJPU1MuT1JHoigwJqADAgEAoR8wHRsESFRUUBsVbG9jYWxob3N0LmxvY2FsZG9tYWluo4HhMIHeoAMCARGigdYEgdNZUz5w85v5Lg3rdGjYo4b+X5C6BpUMjg7SMoS+xl5ChgJMY0VQjvizbudYm0UXRRHgDXLE8rH1dx4VjK/yZ4W7GL4yP7wqrZLu9bqG+V6bNu0q5OijcV08XzwvE2EuL7SLhJ+3MtGsAclO/BkZwppYuMMJzFPN0nwguITxE8m+9Y/X+ikRtM2XsXINqduMFM5BfAZIcskA0yQ6ZqqB/gtDq6VGWKZ+KMr9fAMVfqH3DFE+Rwm4Ei6WMg2sJ9bAGpZgHOKjYhQDvMa49fxDth5tL8COpIIDTTCCA0mgAwIBEaKCA0AEggM82CoQag7UyA/xrAduZ14kwQUQiFvL0FNubJqi+r+hDtVd+ip549Veh7/XqskzaSQ/5+MJUhbx879YxkEUrUnnmnkQvtVxlZo7bhQMhhbuoJCA8aeBwOsBLd/DMvk9FxjP7axEfOSB2ENZ02mvEPqy8c039rGmWKpgimrJOjn9v3MkIV6dTtYVutdyW9o9cJGzT2+qOcOcylS19u2MNzIYH5XcpMWzGAX+ij7jNy/w7jHWnh7eXgl89et4L0zNVSsRmSNG6/95/zqvzAUpgmM6OyMTT2Zpd79vFAL/rI9bTsFCkGzB0pBFhcEuNmNiaLD3xKTLzsEpJqruue+7+FYmF9vOFTy1mFxMt5twkkGC48x8bPLFf2F8RAXKlrZp5HAD3MbmrTdCOzFW77yzFbCrCB1Fw0qtzLuWFZFJnMtZL4074WmOMR9upTNR6D76yhUJw8+HV5iPpJzxq84usRUI/jHkF7TdBJll0MpJQbXJMteYGAVp04jaisKsAQVPLfcmgEuamb9nrdTJ3E+zkviB80NhK2JwTZzsnGIudoPWaSl7eM7/XajgM/9MFwWkiB/z7iCtiXdrTLkJg0ZQeBlImNK6MO79NHaO6e5fG+jKEd7SuEa/MJmBRCpTjkc3g87N5wDMzz16wmzgRE96AoF9vS9hJaoM6CkPSigvno1x5A+e4e3+kOObY1QYzR5bJLwG+kzQGhKxkjI5CwS9M0rVkvxIU+BEIWgVCp8447EtXFmrsbREAwQ432kbTDdQLJZeUDjJFY9aoqVoUpePukD3H92icwvQkEvahm6U2q3bstLSKq47VRwtJr7q28PLllFlkFI7WPbsOgl5ZZ+SzvleskVPvNoX5I+HyQJHLO3cz/DGRpswGLxTmCSpRYe3Ul/33AE+sSnhqC9Ndl8e+z7uZgVaCMZci8JJ2/ZUfv72BDKou4BiFIo+G6IzFEFMs0O+x8fueJ/3aKoHSxV5WEANhW9W8mzpewf0wvYojlRL4zgAorVCamSIuG3OB4vq5OSlDEC9raRTR5Sl2EU+5WvDF2UzA6VDpkb58DGVm8FA7O5JFehY7ErEyD8gTM98i5FCK+kUORguAXK3fKVt] > 09:26:33,759 TRACE [org.wildfly.security] (default task-4) Processing incoming response to a challenge... > 09:26:33,764 INFO [stdout] (default task-4) Entered Krb5Context.acceptSecContext with state=STATE_NEW > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 79; type: 16 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 87; type: 18 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 63; type: 3 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 71; type: 17 > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 71; type: 23 > 09:26:33,770 INFO [stdout] (default task-4) Looking for keys for: WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,816 TRACE [org.wildfly.security] (default task-4) GSSContext message exchange failed: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96) > at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) > at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.lambda$evaluateRequest$2(SpnegoAuthenticationMechanism.java:164) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:164) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96 > at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278) > at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149) > at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108) > at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) > ... 47 more > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 4 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017