January 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-896) NPE in server log if client's password is null

by Josef Cacek (JIRA)

[ https://issues.jboss.org/browse/ELY-896?page=com.atlassian.jira.plugin.sy... ] Josef Cacek moved WFLY-7969 to ELY-896: --------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-896 (was: WFLY-7969) Component/s: Passwords (was: Security) > NPE in server log if client's password is null > ----------------------------------------------- > > Key: ELY-896 > URL: https://issues.jboss.org/browse/ELY-896 > Project: WildFly Elytron > Issue Type: Bug > Components: Passwords > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Blocker > > If standalone JMS client creates connection with username and password where password is {{null}} like: > {code} > connectionFactory.createConnection("admin", null); > {code} > then server logs NPE: > {code} > 13:24:10,567 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: java.lang.NullPointerException > at java.util.Arrays.fill(Arrays.java:2951) [rt.jar:1.8.0_71] > at org.wildfly.security.evidence.PasswordGuessEvidence.destroy(PasswordGuessEvidence.java:53) [wildfly-elytron-1.1.0.Beta16.jar:1.1.0.Beta16] > at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.authenticate(ElytronSecurityManager.java:107) > at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.validateUser(ElytronSecurityManager.java:62) > at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:132) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) > at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) > at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) > at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > {code} > Server should log the same error as if wrong password is provided: > {code} > 13:23:38,713 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119031: Unable to validate user] > at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:144) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) > at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) > at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) > at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7969) NPE in server log if client's password is null

by Josef Cacek (JIRA)

[ https://issues.jboss.org/browse/WFLY-7969?page=com.atlassian.jira.plugin.... ] Josef Cacek commented on WFLY-7969: ----------------------------------- I don't see any reported Coverity issue with {{PasswordGuessEvidence}} in it. I'll check the unreported issues too. Moving the issue to ELY project. Sorry for choosing the wrong project in the original clone. > NPE in server log if client's password is null > ----------------------------------------------- > > Key: WFLY-7969 > URL: https://issues.jboss.org/browse/WFLY-7969 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Blocker > > If standalone JMS client creates connection with username and password where password is {{null}} like: > {code} > connectionFactory.createConnection("admin", null); > {code} > then server logs NPE: > {code} > 13:24:10,567 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: java.lang.NullPointerException > at java.util.Arrays.fill(Arrays.java:2951) [rt.jar:1.8.0_71] > at org.wildfly.security.evidence.PasswordGuessEvidence.destroy(PasswordGuessEvidence.java:53) [wildfly-elytron-1.1.0.Beta16.jar:1.1.0.Beta16] > at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.authenticate(ElytronSecurityManager.java:107) > at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.validateUser(ElytronSecurityManager.java:62) > at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:132) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) > at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) > at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) > at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > {code} > Server should log the same error as if wrong password is provided: > {code} > 13:23:38,713 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119031: Unable to validate user] > at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:144) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) > at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) > at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) > at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7969) NPE in server log if client's password is null

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7969?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-7969: ---------------------------------------- Also can we please double check the static analysis issues, this sounds detectable so there is a risk we may actually already have an issue raised and assigned. > NPE in server log if client's password is null > ----------------------------------------------- > > Key: WFLY-7969 > URL: https://issues.jboss.org/browse/WFLY-7969 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Blocker > > If standalone JMS client creates connection with username and password where password is {{null}} like: > {code} > connectionFactory.createConnection("admin", null); > {code} > then server logs NPE: > {code} > 13:24:10,567 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: java.lang.NullPointerException > at java.util.Arrays.fill(Arrays.java:2951) [rt.jar:1.8.0_71] > at org.wildfly.security.evidence.PasswordGuessEvidence.destroy(PasswordGuessEvidence.java:53) [wildfly-elytron-1.1.0.Beta16.jar:1.1.0.Beta16] > at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.authenticate(ElytronSecurityManager.java:107) > at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.validateUser(ElytronSecurityManager.java:62) > at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:132) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) > at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) > at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) > at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > {code} > Server should log the same error as if wrong password is provided: > {code} > 13:23:38,713 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119031: Unable to validate user] > at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:144) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) > at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) > at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) > at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7969) NPE in server log if client's password is null

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7969?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-7969: ---------------------------------------- For issues like this where analysis has shown the error happens within a core Elytron class the community issue should be raised within the Elytron project. There is nothing to do in WildFly other than a WildFly Core component upgrade to address this. > NPE in server log if client's password is null > ----------------------------------------------- > > Key: WFLY-7969 > URL: https://issues.jboss.org/browse/WFLY-7969 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Blocker > > If standalone JMS client creates connection with username and password where password is {{null}} like: > {code} > connectionFactory.createConnection("admin", null); > {code} > then server logs NPE: > {code} > 13:24:10,567 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: java.lang.NullPointerException > at java.util.Arrays.fill(Arrays.java:2951) [rt.jar:1.8.0_71] > at org.wildfly.security.evidence.PasswordGuessEvidence.destroy(PasswordGuessEvidence.java:53) [wildfly-elytron-1.1.0.Beta16.jar:1.1.0.Beta16] > at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.authenticate(ElytronSecurityManager.java:107) > at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.validateUser(ElytronSecurityManager.java:62) > at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:132) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) > at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) > at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) > at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > {code} > Server should log the same error as if wrong password is provided: > {code} > 13:23:38,713 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119031: Unable to validate user] > at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:144) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) > at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) > at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) > at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) > at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) > at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) > at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) > at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) > at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) > at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) > at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7969) NPE in server log if client's password is null

by Josef Cacek (JIRA)

Josef Cacek created WFLY-7969: --------------------------------- Summary: NPE in server log if client's password is null Key: WFLY-7969 URL: https://issues.jboss.org/browse/WFLY-7969 Project: WildFly Issue Type: Bug Components: Security Reporter: Josef Cacek Assignee: Darran Lofthouse Priority: Blocker If standalone JMS client creates connection with username and password where password is {{null}} like: {code} connectionFactory.createConnection("admin", null); {code} then server logs NPE: {code} 13:24:10,567 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: java.lang.NullPointerException at java.util.Arrays.fill(Arrays.java:2951) [rt.jar:1.8.0_71] at org.wildfly.security.evidence.PasswordGuessEvidence.destroy(PasswordGuessEvidence.java:53) [wildfly-elytron-1.1.0.Beta16.jar:1.1.0.Beta16] at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.authenticate(ElytronSecurityManager.java:107) at org.wildfly.extension.messaging.activemq.ElytronSecurityManager.validateUser(ElytronSecurityManager.java:62) at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:132) at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] {code} Server should log the same error as if wrong password is provided: {code} 13:23:38,713 ERROR [org.apache.activemq.artemis.core.server] (default I/O-6) AMQ224018: Failed to create session: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119031: Unable to validate user] at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:144) at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1205) at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:156) at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:81) at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:624) at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:373) at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:356) at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:621) at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:277) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:264) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962) at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:435) at org.xnio.netty.transport.AbstractXnioSocketChannel$ReadListener.handleEvent(AbstractXnioSocketChannel.java:371) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1128) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) [xnio-nio-3.4.1.Final-redhat-1.jar:3.4.1.Final-redhat-1] {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7968) Coverity: Incorrect definition of Serializable classes *PrivateKey (Elytron)

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7968?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-7968: ------------------------------- Affects Version/s: 11.0.0.Alpha1 > Coverity: Incorrect definition of Serializable classes *PrivateKey (Elytron) > ---------------------------------------------------------------------------- > > Key: WFLY-7968 > URL: https://issues.jboss.org/browse/WFLY-7968 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Martin Choma > Assignee: Ilia Vassilev > > There are couple of classes marked as Serializable, but containing non-serializable fields. > * RawECPrivateKey > * RawDHPrivateKey > * RawDSAPrivateKey > * RawRSAMultiPrimePrivateCrtKey > Mark non-serializable fields transient or Serializable > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85539... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7968) Coverity: Incorrect definition of Serializable classes *PrivateKey (Elytron)

by Martin Choma (JIRA)

Martin Choma created WFLY-7968: ---------------------------------- Summary: Coverity: Incorrect definition of Serializable classes *PrivateKey (Elytron) Key: WFLY-7968 URL: https://issues.jboss.org/browse/WFLY-7968 Project: WildFly Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse There are couple of classes marked as Serializable, but containing non-serializable fields. * RawECPrivateKey * RawDHPrivateKey * RawDSAPrivateKey * RawRSAMultiPrimePrivateCrtKey Mark non-serializable fields transient or Serializable https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85539... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7968) Coverity: Incorrect definition of Serializable classes *PrivateKey (Elytron)

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7968?page=com.atlassian.jira.plugin.... ] Martin Choma reassigned WFLY-7968: ---------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > Coverity: Incorrect definition of Serializable classes *PrivateKey (Elytron) > ---------------------------------------------------------------------------- > > Key: WFLY-7968 > URL: https://issues.jboss.org/browse/WFLY-7968 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > > There are couple of classes marked as Serializable, but containing non-serializable fields. > * RawECPrivateKey > * RawDHPrivateKey > * RawDSAPrivateKey > * RawRSAMultiPrimePrivateCrtKey > Mark non-serializable fields transient or Serializable > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85539... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7967) Coverity: Incorrect definition of RawKey as a parent of Serializable classes

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7967?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-7967: ------------------------------- Description: There are some Serializable classes, which extends from RawKey, which is not Serializable. * RawRSAPrivateKey * RawDHPrivateKey * RawPBEKey * RawECPrivateKey * RawDSAPrivateKey Either mark RawKey as Serializable as well or if this is not desired, provide no-args constructor in RawKey class, as javadoc describes: ??During deserialization, the fields of non-serializable classes will be initialized using the public or protected no-arg constructor of the class. A no-arg constructor must be accessible to the subclass that is serializable. The fields of serializable subclasses will be restored from the stream. [1]?? [1] http://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85539... was: There are some Serializable classes, which extends from RawKey, which is not Serializable. * RawRSAPrivateKey * RawDHPrivateKey * RawPBEKey * RawECPrivateKey * RawDSAPrivateKey Either mark RawKey as Serializable as well or if this is not desired, provide no-args constructor in RawKey class, as javadoc describes: During deserialization, the fields of non-serializable classes will be initialized using the public or protected no-arg constructor of the class. A no-arg constructor must be accessible to the subclass that is serializable. The fields of serializable subclasses will be restored from the stream. [1] [1] http://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85539... > Coverity: Incorrect definition of RawKey as a parent of Serializable classes > ---------------------------------------------------------------------------- > > Key: WFLY-7967 > URL: https://issues.jboss.org/browse/WFLY-7967 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > > There are some Serializable classes, which extends from RawKey, which is not Serializable. > * RawRSAPrivateKey > * RawDHPrivateKey > * RawPBEKey > * RawECPrivateKey > * RawDSAPrivateKey > Either mark RawKey as Serializable as well or if this is not desired, provide no-args constructor in RawKey class, as javadoc describes: > ??During deserialization, the fields of non-serializable classes will be initialized using the public or protected no-arg constructor of the class. A no-arg constructor must be accessible to the subclass that is serializable. The fields of serializable subclasses will be restored from the stream. [1]?? > [1] http://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85539... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7967) Coverity: Incorrect definition of RawKey as a parent of Serializable classes

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7967?page=com.atlassian.jira.plugin.... ] Martin Choma reassigned WFLY-7967: ---------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > Coverity: Incorrect definition of RawKey as a parent of Serializable classes > ---------------------------------------------------------------------------- > > Key: WFLY-7967 > URL: https://issues.jboss.org/browse/WFLY-7967 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > > There are some Serializable classes, which extends from RawKey, which is not Serializable. > * RawRSAPrivateKey > * RawDHPrivateKey > * RawPBEKey > * RawECPrivateKey > * RawDSAPrivateKey > Either mark RawKey as Serializable as well or if this is not desired, provide no-args constructor in RawKey class, as javadoc describes: > During deserialization, the fields of non-serializable classes will be initialized using the public or protected no-arg constructor of the class. A no-arg constructor must be accessible to the subclass that is serializable. The fields of serializable subclasses will be restored from the stream. [1] > [1] http://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85539... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2017