[JBoss JIRA] (WFCORE-2657) Elytron, mechanism-names is not checked on defined allowed values.
by Bartosz Baranowski (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2657?page=com.atlassian.jira.plugi... ]
Bartosz Baranowski reassigned WFCORE-2657:
------------------------------------------
Assignee: Bartosz Baranowski (was: Darran Lofthouse)
> Elytron, mechanism-names is not checked on defined allowed values.
> ------------------------------------------------------------------
>
> Key: WFCORE-2657
> URL: https://issues.jboss.org/browse/WFCORE-2657
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Bartosz Baranowski
> Priority: Critical
>
> Although {{mechanism-names}} attributes model metadata define allowed values. This is not checked and I am allowed to execute this command
> {code}
> /subsystem=elytron/kerberos-security-factory=c:add(principal="HTTP/localhost", path="/not/exist", mechanism-names=[DOES_NOT_EXIST])
> [standalone@localhost:9990 /] /subsystem=elytron/kerberos-security-factory=c:add(principal="HTTP/localhost", path="/not/exist", mechanism-names=[DOES_NOT_EXIST])
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException: GSSException: Improperly formatted Object Identifier String - null",
> "rolled-back" => true
> }
> {code}
> {code:title=elytron.model}
> "mechanism-names" => {
> "type" => LIST,
> "description" => "The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "default" => [
> "KRB5",
> "SPNEGO"
> ],
> "allowed" => [
> "KRB5LEGACY",
> "GENERIC",
> "KRB5",
> "KRB5V2",
> "SPNEGO"
> ],
> "value-type" => STRING,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "resource-services"
> }
> {code}
> {code:title=server.log}
> 07:15:56,489 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("kerberos-security-factory" => "c")
> ]): java.lang.IllegalArgumentException: GSSException: Improperly formatted Object Identifier String - null
> at org.wildfly.extension.elytron.KerberosSecurityFactoryDefinition$2.lambda$getValueSupplier$1(KerberosSecurityFactoryDefinition.java:172)
> at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
> at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
> at java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1235)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
> at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
> at java.util.stream.StreamSpliterators$WrappingSpliterator.forEachRemaining(StreamSpliterators.java:312)
> at java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
> at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
> at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
> at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
> at org.wildfly.extension.elytron.KerberosSecurityFactoryDefinition$2.getValueSupplier(KerberosSecurityFactoryDefinition.java:174)
> at org.wildfly.extension.elytron.TrivialAddHandler.performRuntime(TrivialAddHandler.java:77)
> at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151)
> at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:979)
> at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:722)
> at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:441)
> at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1397)
> at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:421)
> at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:243)
> at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:263)
> at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:229)
> at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:243)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:217)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:137)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:161)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
> at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:287)
> at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:244)
> at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254)
> at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:157)
> at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
> at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> Caused by: GSSException: Improperly formatted Object Identifier String - null
> at org.ietf.jgss.Oid.<init>(Oid.java:71)
> at org.wildfly.extension.elytron.KerberosSecurityFactoryDefinition$2.lambda$getValueSupplier$1(KerberosSecurityFactoryDefinition.java:170)
> ... 39 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-986) Method equals for MatchRule throws java.lang.IllegalStateException
by Ingo Weiss (JIRA)
[ https://issues.jboss.org/browse/ELY-986?page=com.atlassian.jira.plugin.sy... ]
Ingo Weiss commented on ELY-986:
--------------------------------
Just tested on latest master and it seems to not have this issue. This is what I'm seeing now:
{noformat}
Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.277 sec <<< FAILURE! - in org.wildfly.security.auth.client.AuthenticationContextTest
withoutRuleSsl(org.wildfly.security.auth.client.AuthenticationContextTest) Time elapsed: 0.115 sec <<< FAILURE!
java.lang.AssertionError: expected: org.wildfly.security.auth.client.MatchPortRule<port=1234> but was: org.wildfly.security.auth.client.MatchPortRule<port=1234>
{noformat}
> Method equals for MatchRule throws java.lang.IllegalStateException
> ------------------------------------------------------------------
>
> Key: ELY-986
> URL: https://issues.jboss.org/browse/ELY-986
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta28
> Reporter: Ondrej Lukas
> Assignee: Ingo Weiss
> Priority: Critical
>
> In case when method {{equals(MatchRule other)}} is called on {{org.wildfly.security.auth.client.MatchRule}} then it finishes with java.lang.IllegalStateException with following stack trace, for calling {{MatchRule.ALL.equals(MatchRule.ALL);}}:
> {code}
> java.lang.IllegalStateException
> at org.wildfly.security.auth.client.MatchRule$1.getMatchUser(MatchRule.java:102)
> at org.wildfly.security.auth.client.MatchRule.getMatchUser(MatchRule.java:500)
> at org.wildfly.security.auth.client.MatchNoUserRule.halfEqual(MatchNoUserRule.java:46)
> at org.wildfly.security.auth.client.MatchRule.equals(MatchRule.java:157)
> ...
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-986) Method equals for MatchRule throws java.lang.IllegalStateException
by Ingo Weiss (JIRA)
[ https://issues.jboss.org/browse/ELY-986?page=com.atlassian.jira.plugin.sy... ]
Ingo Weiss reassigned ELY-986:
------------------------------
Assignee: Ingo Weiss (was: Darran Lofthouse)
> Method equals for MatchRule throws java.lang.IllegalStateException
> ------------------------------------------------------------------
>
> Key: ELY-986
> URL: https://issues.jboss.org/browse/ELY-986
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta28
> Reporter: Ondrej Lukas
> Assignee: Ingo Weiss
> Priority: Critical
>
> In case when method {{equals(MatchRule other)}} is called on {{org.wildfly.security.auth.client.MatchRule}} then it finishes with java.lang.IllegalStateException with following stack trace, for calling {{MatchRule.ALL.equals(MatchRule.ALL);}}:
> {code}
> java.lang.IllegalStateException
> at org.wildfly.security.auth.client.MatchRule$1.getMatchUser(MatchRule.java:102)
> at org.wildfly.security.auth.client.MatchRule.getMatchUser(MatchRule.java:500)
> at org.wildfly.security.auth.client.MatchNoUserRule.halfEqual(MatchNoUserRule.java:46)
> at org.wildfly.security.auth.client.MatchRule.equals(MatchRule.java:157)
> ...
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFLY-7649) Ensure initial context lookup using the "java:" prefix works with the new naming client
by Alessio Soldano (JIRA)
[ https://issues.jboss.org/browse/WFLY-7649?page=com.atlassian.jira.plugin.... ]
Alessio Soldano commented on WFLY-7649:
---------------------------------------
I'm proposing a fix version just to be sure this is not forgotten...
> Ensure initial context lookup using the "java:" prefix works with the new naming client
> ---------------------------------------------------------------------------------------
>
> Key: WFLY-7649
> URL: https://issues.jboss.org/browse/WFLY-7649
> Project: WildFly
> Issue Type: Task
> Components: Naming
> Reporter: Farah Juma
> Assignee: Farah Juma
> Fix For: 11.0.0.Beta1
>
>
> Currently, using the new naming client to perform initial context lookup using the "java:" prefix will result in the following exception:
> {code}
> WFNAM00026: No provider for found for URI: java
> at org.wildfly.naming.client.WildFlyRootContext.getProviderContext(WildFlyRootContext.java:334)
> at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:123)
> at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:113)
> at javax.naming.InitialContext.lookup(InitialContext.java:417)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months