[JBoss JIRA] (WFCORE-2517) Coverity, Dereference after null check (Elytron subsystem)
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2517?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-2517:
-------------------------------------
Fix Version/s: 3.0.0.Beta14
> Coverity, Dereference after null check (Elytron subsystem)
> ----------------------------------------------------------
>
> Key: WFCORE-2517
> URL: https://issues.jboss.org/browse/WFCORE-2517
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Ilia Vassilev
> Fix For: 3.0.0.Beta14
>
>
> Coverity found possible dereference of null. In this code {{defaultPolicy}} is checked for null and in next step {{defaultPolicy.equals()}} is called.
> https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=10578...
> {code:java|title=PolicyParser.java}
> boolean providerFound = defaultPolicy == null;
> while (reader.hasNext() && reader.nextTag() != END_ELEMENT) {
> verifyNamespace(reader);
> String localName = reader.getLocalName();
> switch (localName) {
> // Permission Mapper
> case JACC_POLICY:
> providerFound = defaultPolicy.equals(parseJaccPolicy(addPolicy, reader, operations)) || providerFound;
> break;
> case CUSTOM_POLICY:
> providerFound = defaultPolicy.equals(parseCustomPolicy(addPolicy, reader, operations)) || providerFound;
> break;
> default:
> throw unexpectedElement(reader);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2556) Aliases in credential stores should be case insensitive
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2556?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-2556:
-------------------------------------
Fix Version/s: 3.0.0.Beta14
> Aliases in credential stores should be case insensitive
> -------------------------------------------------------
>
> Key: WFCORE-2556
> URL: https://issues.jboss.org/browse/WFCORE-2556
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Josef Cacek
> Assignee: ehsavoie Hugonnet
> Priority: Critical
> Labels: credential-store, user_experience
> Fix For: 3.0.0.Beta14
>
>
> Working with credential store aliases should be case insensitive.
> Current behavior, when aliases are converted to lowercase during add operation is not user-friendly. Subsequent operations should also support automatic conversion to lowercase.
> E.g.
> {code}
> /subsystem=elytron/credential-store=cred-store-default/alias=UPPER:add(secret-value=password)
> /subsystem=elytron/credential-store=cred-store-default/alias=UPPER:remove()
> {code}
> *Current behavior:*
> First command succeeds and the second fails as the alias is changed to "upper" (in lowercase).
> *Expected behavior:*
> Both commans succeeds.
> *Unignore tests*
> When this issue is fixed, unignore (and fix if needed) related tests in {{testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/application/}}. Thanks.
> {code}
> git grep WFLY-8131
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2371) Unable to create custom credentail security factory
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2371?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-2371:
-------------------------------------
Fix Version/s: 3.0.0.Beta14
> Unable to create custom credentail security factory
> ---------------------------------------------------
>
> Key: WFCORE-2371
> URL: https://issues.jboss.org/browse/WFCORE-2371
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Jan Kalina
> Priority: Blocker
> Fix For: 3.0.0.Beta14
>
>
> When I try to register custom credential security factory I get {{NoClassDefFoundError}}
> {code}
> 06:54:49,166 WARN [org.jboss.modules] (MSC service thread 1-4) Failed to define class org.wildfly.extras.creaper.commands.elytron.credfactory.AddCustomCredentialSecurityFactoryImpl in Module "org.jboss.customcredsecfacimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules/system/layers/base)): java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/credfactory/AddCustomCredentialSecurityFactoryImpl (Module "org.jboss.customcredsecfacimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/CredentialSecurityFactory
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:448)
> at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:276)
> at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:79)
> at org.jboss.modules.Module.loadModuleClass(Module.java:708)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:192)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:156)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$1(CustomComponentDefinition.java:135)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> 06:54:49,167 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory: org.jboss.msc.service.StartException in service org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/credfactory/AddCustomCredentialSecurityFactoryImpl (Module "org.jboss.customcredsecfacimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/CredentialSecurityFactory
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:448)
> at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:276)
> at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:79)
> at org.jboss.modules.Module.loadModuleClass(Module.java:708)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:192)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:156)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$1(CustomComponentDefinition.java:135)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> ... 3 more
> 06:54:49,168 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("custom-credential-security-factory" => "CreaperTestAddCustomCredentialSecurityFactory")
> ]) - failure description: {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory" => "org.jboss.msc.service.StartException in service org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory: Failed to start service
> Caused by: java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/credfactory/AddCustomCredentialSecurityFactoryImpl (Module \"org.jboss.customcredsecfacimpl\" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/CredentialSecurityFactory"},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory"]
> }
> {code}
> That works in DR11 without issue
> Here is implementation of custom credential security factory
> {code:java|title=AddCustomCredentialSecurityFactoryImpl.java}
> package org.wildfly.extras.creaper.commands.elytron.credfactory;
> import java.security.GeneralSecurityException;
> import java.util.Map;
> import org.wildfly.extension.elytron.Configurable;
> import org.wildfly.extension.elytron.capabilities.CredentialSecurityFactory;
> import org.wildfly.security.credential.Credential;
> public class AddCustomCredentialSecurityFactoryImpl<T> implements CredentialSecurityFactory, Configurable {
> @Override
> public Credential create() throws GeneralSecurityException {
> return null;
> }
> @Override
> public void initialize(Map<String, String> configuration) {
> if (configuration.containsKey("throwException")) {
> throw new IllegalStateException("Only test purpose. This exception was thrown on demand.");
> }
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-1061) Specify detailed HttpServerAuthenticationMechanismFactory interface contract
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1061?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1061:
----------------------------------
Fix Version/s: 1.1.0.Beta36
(was: 1.1.0.Beta35)
> Specify detailed HttpServerAuthenticationMechanismFactory interface contract
> ----------------------------------------------------------------------------
>
> Key: ELY-1061
> URL: https://issues.jboss.org/browse/ELY-1061
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 1.1.0.Beta36
>
>
> Please specify detailed contract of HttpServerAuthenticationMechanismFactory.
> Describe which params are allowed to be null and what happens in that case. Also describe if null return values are allowed from interface methods and when does that could happen.
> You can consider {{javax.security.sasl.SaslServerFactory}} as example of detailed contract.
> For example:
> * Is {{properties}} parameter of {{getMechanismNames()}} allowed to be null?
> * is {{getMechanismNames()}} allowed to return null ?
> * Are any of {{createAuthenticationMechanism()}} parameters allowed to be null?
> ** For {{ServerMechanismFactoryImpl}} implementation {{properties}} could not be null - is it general rule?
> {code}
> java.lang.IllegalArgumentException: Parameter 'properties' may not be null
> at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69)
> at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47)
> at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:79)
> {code}
> ** For {{ServerMechanismFactoryImpl}} implementation {{callbackHandler}} could not be null - is it general rule?
> {code}
> java.lang.IllegalArgumentException: Parameter 'callbackHandler' may not be null
> at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69)
> at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47)
> at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:80)
> {code}
> ** For {{ServerMechanismFactoryImpl}} implementation {{mechanismName}} could not be null - is it general rule?
> {code}
> java.lang.IllegalArgumentException: Parameter 'mechanismName' may not be null
> at org.wildfly.common.Assert.checkNotNullParamChecked(Assert.java:69)
> at org.wildfly.common.Assert.checkNotNullParam(Assert.java:47)
> at org.wildfly.security.http.impl.ServerMechanismFactoryImpl.createAuthenticationMechanism(ServerMechanismFactoryImpl.java:78)
> {code}
> I would suggest to wrap {{java.lang.IllegalArgumentException}} to HttpAuthenticationException. Otherwise possibility of {{IllegalArgumentException}} should be documented in contract.
> Filing as Critical, as this interface is expected to be implemented by custom factories.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months