[JBoss JIRA] (WFCORE-3406) customized BlockerExtension does not block correctly for standalone server case
by Chao Wang (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3406?page=com.atlassian.jira.plugi... ]
Chao Wang updated WFCORE-3406:
------------------------------
Description:
The find-non-progressing-operation operation of /core-service=management/service=management-operations doesn't return the operation id of a blocking operation on standalone. It works on domain mode.
To simulate the blocking operation, install the BlockingExtension from testsuite and call
{code}
/subsystem=blocker-test:block(block-point=MODEL,block-time=50000}
{code}
Open another jboss-cli.sh and call
{code}
/core-service=management/service=management-operations:find-non-progressing-operation
{code}
Update:
The example above reveals when people manually install BlockingExtension and run in standalone mode, BlockingExtension does not correctly block and count time, as it does not acquire the exclusive lock.
In domain mode, it acquires the lock by calling [context.readResourceForUpdate|https://github.com/wildfly/wildfly-core/blo...]. This does not affect current test scenarios as the block function is tested in OperationCancellationTestCase under domain mode.
was:
The find-non-progressing-operation operation of /core-service=management/service=management-operations doesn't return the operation id of a blocking operation on standalone. It works on domain mode.
To simulate the blocking operation, install the BlockingExtension from testsuite and call
{code}
/subsystem=blocker-test:block(block-point=MODEL,block-time=50000}
{code}
Open another jboss-cli.sh and call
{code}
/core-service=management/service=management-operations:find-non-progressing-operation
{code}
> customized BlockerExtension does not block correctly for standalone server case
> -------------------------------------------------------------------------------
>
> Key: WFCORE-3406
> URL: https://issues.jboss.org/browse/WFCORE-3406
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Domain Management, Test Suite
> Reporter: Claudio Miranda
> Assignee: Chao Wang
> Attachments: helloworld.war
>
>
> The find-non-progressing-operation operation of /core-service=management/service=management-operations doesn't return the operation id of a blocking operation on standalone. It works on domain mode.
> To simulate the blocking operation, install the BlockingExtension from testsuite and call
> {code}
> /subsystem=blocker-test:block(block-point=MODEL,block-time=50000}
> {code}
> Open another jboss-cli.sh and call
> {code}
> /core-service=management/service=management-operations:find-non-progressing-operation
> {code}
> Update:
> The example above reveals when people manually install BlockingExtension and run in standalone mode, BlockingExtension does not correctly block and count time, as it does not acquire the exclusive lock.
> In domain mode, it acquires the lock by calling [context.readResourceForUpdate|https://github.com/wildfly/wildfly-core/blo...]. This does not affect current test scenarios as the block function is tested in OperationCancellationTestCase under domain mode.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFCORE-3406) customized BlockerExtension does not block correctly for standalone server case
by Chao Wang (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3406?page=com.atlassian.jira.plugi... ]
Chao Wang updated WFCORE-3406:
------------------------------
Issue Type: Enhancement (was: Bug)
> customized BlockerExtension does not block correctly for standalone server case
> -------------------------------------------------------------------------------
>
> Key: WFCORE-3406
> URL: https://issues.jboss.org/browse/WFCORE-3406
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Domain Management
> Reporter: Claudio Miranda
> Assignee: Chao Wang
> Attachments: helloworld.war
>
>
> The find-non-progressing-operation operation of /core-service=management/service=management-operations doesn't return the operation id of a blocking operation on standalone. It works on domain mode.
> To simulate the blocking operation, install the BlockingExtension from testsuite and call
> {code}
> /subsystem=blocker-test:block(block-point=MODEL,block-time=50000}
> {code}
> Open another jboss-cli.sh and call
> {code}
> /core-service=management/service=management-operations:find-non-progressing-operation
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFCORE-3406) customized BlockerExtension does not block correctly for standalone server case
by Chao Wang (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3406?page=com.atlassian.jira.plugi... ]
Chao Wang updated WFCORE-3406:
------------------------------
Component/s: Test Suite
> customized BlockerExtension does not block correctly for standalone server case
> -------------------------------------------------------------------------------
>
> Key: WFCORE-3406
> URL: https://issues.jboss.org/browse/WFCORE-3406
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Domain Management, Test Suite
> Reporter: Claudio Miranda
> Assignee: Chao Wang
> Attachments: helloworld.war
>
>
> The find-non-progressing-operation operation of /core-service=management/service=management-operations doesn't return the operation id of a blocking operation on standalone. It works on domain mode.
> To simulate the blocking operation, install the BlockingExtension from testsuite and call
> {code}
> /subsystem=blocker-test:block(block-point=MODEL,block-time=50000}
> {code}
> Open another jboss-cli.sh and call
> {code}
> /core-service=management/service=management-operations:find-non-progressing-operation
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFCORE-3406) customized BlockerExtension does not block correctly for standalone server case
by Chao Wang (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3406?page=com.atlassian.jira.plugi... ]
Chao Wang updated WFCORE-3406:
------------------------------
Summary: customized BlockerExtension does not block correctly for standalone server case (was: find-non-progressing-operation doesn't return the blocking operation)
> customized BlockerExtension does not block correctly for standalone server case
> -------------------------------------------------------------------------------
>
> Key: WFCORE-3406
> URL: https://issues.jboss.org/browse/WFCORE-3406
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Reporter: Claudio Miranda
> Assignee: Chao Wang
> Attachments: helloworld.war
>
>
> The find-non-progressing-operation operation of /core-service=management/service=management-operations doesn't return the operation id of a blocking operation on standalone. It works on domain mode.
> To simulate the blocking operation, install the BlockingExtension from testsuite and call
> {code}
> /subsystem=blocker-test:block(block-point=MODEL,block-time=50000}
> {code}
> Open another jboss-cli.sh and call
> {code}
> /core-service=management/service=management-operations:find-non-progressing-operation
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFLY-9553) PooledConnectionFactoryAdd adds a resource with no registration
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-9553?page=com.atlassian.jira.plugin.... ]
Brian Stansberry commented on WFLY-9553:
----------------------------------------
https://github.com/wildfly/wildfly/compare/master...bstansberry:WFLY-9553 has a simple, untested, fix. It's tested to the extent that the standalone-full-ha.xml config boots with it, and mbean counts are correct, but that's it!
> PooledConnectionFactoryAdd adds a resource with no registration
> ---------------------------------------------------------------
>
> Key: WFLY-9553
> URL: https://issues.jboss.org/browse/WFLY-9553
> Project: WildFly
> Issue Type: Bug
> Components: JMS
> Affects Versions: 11.0.0.Final
> Reporter: Brian Stansberry
> Assignee: Jeff Mesnil
> Priority: Minor
>
> When working on WFCORE-2930 I was investigating discrepancies in mbean counts generated via the method in that fix vs current code. I discovered one in WildFly's messaging-activemq that is a result of a statistics resource being added to the resource tree even if attribute that triggers registration of the related ManagementResourceRegistration isn't set. So we have an undescribed resource.
> This likely has no other impact than a slightly inaccurate result from MBeanServerConnection.getMBeanCount() but we don't want this kind of thing anyway.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFLY-9553) PooledConnectionFactoryAdd adds a resource with no registration
by Brian Stansberry (JIRA)
Brian Stansberry created WFLY-9553:
--------------------------------------
Summary: PooledConnectionFactoryAdd adds a resource with no registration
Key: WFLY-9553
URL: https://issues.jboss.org/browse/WFLY-9553
Project: WildFly
Issue Type: Bug
Components: JMS
Affects Versions: 11.0.0.Final
Reporter: Brian Stansberry
Assignee: Jeff Mesnil
Priority: Minor
When working on WFCORE-2930 I was investigating discrepancies in mbean counts generated via the method in that fix vs current code. I discovered one in WildFly's messaging-activemq that is a result of a statistics resource being added to the resource tree even if attribute that triggers registration of the related ManagementResourceRegistration isn't set. So we have an undescribed resource.
This likely has no other impact than a slightly inaccurate result from MBeanServerConnection.getMBeanCount() but we don't want this kind of thing anyway.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (DROOLS-2127) Importing a jar into a project in work bench not working properly
by Michael Anstis (JIRA)
[ https://issues.jboss.org/browse/DROOLS-2127?page=com.atlassian.jira.plugi... ]
Michael Anstis updated DROOLS-2127:
-----------------------------------
Component/s: Artifact Repository
(was: Examples (Workbench))
> Importing a jar into a project in work bench not working properly
> -----------------------------------------------------------------
>
> Key: DROOLS-2127
> URL: https://issues.jboss.org/browse/DROOLS-2127
> Project: Drools
> Issue Type: Bug
> Components: Artifact Repository
> Affects Versions: 7.4.1.Final
> Environment: wildfly 10, workbench 7.4.1, java 1.8.0.141
> Reporter: Ramesh C
> Assignee: Michael Anstis
> Priority: Blocker
> Attachments: WorkbenchIssue.png
>
>
> If we import a jar into repository in workbench and try to import it in projects, it is not working.
> I found, it is missing a first char of a package name in the path.
> please refer attached image for details.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (ELY-1443) Jdbc-realm with scram mapper
by David Lloyd (JIRA)
[ https://issues.jboss.org/browse/ELY-1443?page=com.atlassian.jira.plugin.s... ]
David Lloyd reassigned ELY-1443:
--------------------------------
Assignee: David Lloyd
> Jdbc-realm with scram mapper
> ----------------------------
>
> Key: ELY-1443
> URL: https://issues.jboss.org/browse/ELY-1443
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Passwords
> Affects Versions: 1.2.0.Beta9
> Reporter: Martin Choma
> Assignee: David Lloyd
>
> This is follow up on ELY-1435, but in this case trying scram hash.
> Salt: c2FsdA==
> Password: YywoEuRtRgQQK6dhjp1tfS+BKPYma0oDJk0qBGC33LM=
> Salt: 1000
> I get these values by
> {code:java|name=ScramDigestPasswordTest.java}
> digest = ScramDigestPasswordImpl.scramDigest(ALGORITHM_SCRAM_SHA_256, "password".getBytes(StandardCharsets.UTF_8), "salt".getBytes(StandardCharsets.UTF_8), 1000);
> assertEquals("632c2812e46d4604102ba7618e9d6d7d2f8128f6266b4a03264d2a0460b7dcb3", ByteIterator.ofBytes(digest).hexEncode().drainToString());
> spec = new IteratedSaltedHashPasswordSpec(digest, "salt".getBytes(StandardCharsets.UTF_8), 1000);
> impl = new ScramDigestPasswordImpl(ALGORITHM_SCRAM_SHA_256, spec);
> assertTrue(impl.verify("password".toCharArray()));
> assertFalse(impl.verify("bad".toCharArray()));
> Encoder encoder = Base64.getEncoder();
> String elytronSalt = encoder.encodeToString( impl.getSalt() );
> String elytronHash = encoder.encodeToString( impl.getDigest() );
> int itertationCount = impl.getIterationCount();
> {code}
> {noformat}
> 17:05:40,723 TRACE [org.wildfly.security] (default task-3) Handling NameCallback: authenticationName = correctUser
> 17:05:40,723 TRACE [org.wildfly.security] (default task-3) Principal assigning: [correctUser], pre-realm rewritten: [correctUser], realm name: [jdbc-realm], post-realm rewritten: [correctUser], realm rewritten: [correctUser]
> 17:05:40,727 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD, SALT, ITERATION FROM USERS WHERE NAME = ? with value correctUser
> 17:05:40,813 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT roles.name FROM users, roles, users_roles WHERE users.name=? AND users.id = users_roles.userid AND roles.id = users_roles.roleid with value correctUser
> 17:05:40,817 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD, SALT, ITERATION FROM USERS WHERE NAME = ? with value correctUser
> 17:05:40,865 ERROR [io.undertow.request] (default task-3) UT005023: Exception handling request to /elytron-app/protected/printRoles: java.lang.IllegalArgumentException: Empty key
> at javax.crypto.spec.SecretKeySpec.<init>(SecretKeySpec.java:96)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.getMacInstance(ScramDigestPasswordImpl.java:281)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.scramDigest(ScramDigestPasswordImpl.java:240)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.verify(ScramDigestPasswordImpl.java:195)
> at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineVerify(PasswordFactorySpiImpl.java:755)
> at org.wildfly.security.password.PasswordFactory.verify(PasswordFactory.java:209)
> at org.wildfly.security.credential.PasswordCredential.verify(PasswordCredential.java:116)
> at org.wildfly.security.credential.Credential.verify(Credential.java:79)
> at org.wildfly.security.auth.realm.jdbc.JdbcSecurityRealm$JdbcRealmIdentity.verifyEvidence(JdbcSecurityRealm.java:199)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1977)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:759)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:992)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:902)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1052)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839)
> at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
> at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authenticate(UsernamePasswordAuthenticationMechanism.java:76)
> at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:152)
> at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114)
> at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
> at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
> at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
> at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
> at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
> at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (ELY-1443) Jdbc-realm with scram mapper
by David Lloyd (JIRA)
[ https://issues.jboss.org/browse/ELY-1443?page=com.atlassian.jira.plugin.s... ]
David Lloyd updated ELY-1443:
-----------------------------
Need Info from: (was: David Lloyd)
> Jdbc-realm with scram mapper
> ----------------------------
>
> Key: ELY-1443
> URL: https://issues.jboss.org/browse/ELY-1443
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Passwords
> Affects Versions: 1.2.0.Beta9
> Reporter: Martin Choma
>
> This is follow up on ELY-1435, but in this case trying scram hash.
> Salt: c2FsdA==
> Password: YywoEuRtRgQQK6dhjp1tfS+BKPYma0oDJk0qBGC33LM=
> Salt: 1000
> I get these values by
> {code:java|name=ScramDigestPasswordTest.java}
> digest = ScramDigestPasswordImpl.scramDigest(ALGORITHM_SCRAM_SHA_256, "password".getBytes(StandardCharsets.UTF_8), "salt".getBytes(StandardCharsets.UTF_8), 1000);
> assertEquals("632c2812e46d4604102ba7618e9d6d7d2f8128f6266b4a03264d2a0460b7dcb3", ByteIterator.ofBytes(digest).hexEncode().drainToString());
> spec = new IteratedSaltedHashPasswordSpec(digest, "salt".getBytes(StandardCharsets.UTF_8), 1000);
> impl = new ScramDigestPasswordImpl(ALGORITHM_SCRAM_SHA_256, spec);
> assertTrue(impl.verify("password".toCharArray()));
> assertFalse(impl.verify("bad".toCharArray()));
> Encoder encoder = Base64.getEncoder();
> String elytronSalt = encoder.encodeToString( impl.getSalt() );
> String elytronHash = encoder.encodeToString( impl.getDigest() );
> int itertationCount = impl.getIterationCount();
> {code}
> {noformat}
> 17:05:40,723 TRACE [org.wildfly.security] (default task-3) Handling NameCallback: authenticationName = correctUser
> 17:05:40,723 TRACE [org.wildfly.security] (default task-3) Principal assigning: [correctUser], pre-realm rewritten: [correctUser], realm name: [jdbc-realm], post-realm rewritten: [correctUser], realm rewritten: [correctUser]
> 17:05:40,727 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD, SALT, ITERATION FROM USERS WHERE NAME = ? with value correctUser
> 17:05:40,813 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT roles.name FROM users, roles, users_roles WHERE users.name=? AND users.id = users_roles.userid AND roles.id = users_roles.roleid with value correctUser
> 17:05:40,817 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD, SALT, ITERATION FROM USERS WHERE NAME = ? with value correctUser
> 17:05:40,865 ERROR [io.undertow.request] (default task-3) UT005023: Exception handling request to /elytron-app/protected/printRoles: java.lang.IllegalArgumentException: Empty key
> at javax.crypto.spec.SecretKeySpec.<init>(SecretKeySpec.java:96)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.getMacInstance(ScramDigestPasswordImpl.java:281)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.scramDigest(ScramDigestPasswordImpl.java:240)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.verify(ScramDigestPasswordImpl.java:195)
> at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineVerify(PasswordFactorySpiImpl.java:755)
> at org.wildfly.security.password.PasswordFactory.verify(PasswordFactory.java:209)
> at org.wildfly.security.credential.PasswordCredential.verify(PasswordCredential.java:116)
> at org.wildfly.security.credential.Credential.verify(Credential.java:79)
> at org.wildfly.security.auth.realm.jdbc.JdbcSecurityRealm$JdbcRealmIdentity.verifyEvidence(JdbcSecurityRealm.java:199)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1977)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:759)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:992)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:902)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1052)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839)
> at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
> at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authenticate(UsernamePasswordAuthenticationMechanism.java:76)
> at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:152)
> at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114)
> at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
> at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
> at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
> at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
> at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
> at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (ELY-1443) Jdbc-realm with scram mapper
by David Lloyd (JIRA)
[ https://issues.jboss.org/browse/ELY-1443?page=com.atlassian.jira.plugin.s... ]
David Lloyd commented on ELY-1443:
----------------------------------
I could be wrong but, reading the code it looks as if the error here is that the MAC algorithm used to verify the password refuses to accept an empty guess. We probably should have a check at {{org.wildfly.security.password.impl.ScramDigestPasswordImpl#verify(char[])}} which returns {{false}} if the {{char[]}} has a {{length}} of zero.
> Jdbc-realm with scram mapper
> ----------------------------
>
> Key: ELY-1443
> URL: https://issues.jboss.org/browse/ELY-1443
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Passwords
> Affects Versions: 1.2.0.Beta9
> Reporter: Martin Choma
>
> This is follow up on ELY-1435, but in this case trying scram hash.
> Salt: c2FsdA==
> Password: YywoEuRtRgQQK6dhjp1tfS+BKPYma0oDJk0qBGC33LM=
> Salt: 1000
> I get these values by
> {code:java|name=ScramDigestPasswordTest.java}
> digest = ScramDigestPasswordImpl.scramDigest(ALGORITHM_SCRAM_SHA_256, "password".getBytes(StandardCharsets.UTF_8), "salt".getBytes(StandardCharsets.UTF_8), 1000);
> assertEquals("632c2812e46d4604102ba7618e9d6d7d2f8128f6266b4a03264d2a0460b7dcb3", ByteIterator.ofBytes(digest).hexEncode().drainToString());
> spec = new IteratedSaltedHashPasswordSpec(digest, "salt".getBytes(StandardCharsets.UTF_8), 1000);
> impl = new ScramDigestPasswordImpl(ALGORITHM_SCRAM_SHA_256, spec);
> assertTrue(impl.verify("password".toCharArray()));
> assertFalse(impl.verify("bad".toCharArray()));
> Encoder encoder = Base64.getEncoder();
> String elytronSalt = encoder.encodeToString( impl.getSalt() );
> String elytronHash = encoder.encodeToString( impl.getDigest() );
> int itertationCount = impl.getIterationCount();
> {code}
> {noformat}
> 17:05:40,723 TRACE [org.wildfly.security] (default task-3) Handling NameCallback: authenticationName = correctUser
> 17:05:40,723 TRACE [org.wildfly.security] (default task-3) Principal assigning: [correctUser], pre-realm rewritten: [correctUser], realm name: [jdbc-realm], post-realm rewritten: [correctUser], realm rewritten: [correctUser]
> 17:05:40,727 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD, SALT, ITERATION FROM USERS WHERE NAME = ? with value correctUser
> 17:05:40,813 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT roles.name FROM users, roles, users_roles WHERE users.name=? AND users.id = users_roles.userid AND roles.id = users_roles.roleid with value correctUser
> 17:05:40,817 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD, SALT, ITERATION FROM USERS WHERE NAME = ? with value correctUser
> 17:05:40,865 ERROR [io.undertow.request] (default task-3) UT005023: Exception handling request to /elytron-app/protected/printRoles: java.lang.IllegalArgumentException: Empty key
> at javax.crypto.spec.SecretKeySpec.<init>(SecretKeySpec.java:96)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.getMacInstance(ScramDigestPasswordImpl.java:281)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.scramDigest(ScramDigestPasswordImpl.java:240)
> at org.wildfly.security.password.impl.ScramDigestPasswordImpl.verify(ScramDigestPasswordImpl.java:195)
> at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineVerify(PasswordFactorySpiImpl.java:755)
> at org.wildfly.security.password.PasswordFactory.verify(PasswordFactory.java:209)
> at org.wildfly.security.credential.PasswordCredential.verify(PasswordCredential.java:116)
> at org.wildfly.security.credential.Credential.verify(Credential.java:79)
> at org.wildfly.security.auth.realm.jdbc.JdbcSecurityRealm$JdbcRealmIdentity.verifyEvidence(JdbcSecurityRealm.java:199)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1977)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:759)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:992)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:902)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1052)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839)
> at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
> at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authenticate(UsernamePasswordAuthenticationMechanism.java:76)
> at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:152)
> at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114)
> at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
> at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
> at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
> at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
> at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
> at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months