May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2639) Elytron server-ssl-context does not work with key manager exported from legacy security domain

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2639?page=com.atlassian.jira.plugi... ] Yeray Borges reassigned WFCORE-2639: ------------------------------------ Assignee: Yeray Borges > Elytron server-ssl-context does not work with key manager exported from legacy security domain > ---------------------------------------------------------------------------------------------- > > Key: WFCORE-2639 > URL: https://issues.jboss.org/browse/WFCORE-2639 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta13 > Reporter: Ondrej Kotek > Assignee: Yeray Borges > Priority: Critical > Labels: legacy-integration > > Elytron {{server-ssl-context}} does not work with key manager exported from legacy security domain. A connection is refused. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1118) Non-existing alias for SSL in Elytron Client configuration file causes NPE

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-1118?page=com.atlassian.jira.plugin.s... ] Ondrej Lukas updated ELY-1118: ------------------------------ Component/s: Authentication Client > Non-existing alias for SSL in Elytron Client configuration file causes NPE > -------------------------------------------------------------------------- > > Key: ELY-1118 > URL: https://issues.jboss.org/browse/ELY-1118 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Affects Versions: 1.1.0.Beta39 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > In case when Elytron Client configuration file for {{key-store-ssl-certificate}} element includes alias which does not exist in given keystore then NPE is thrown. > It is caused by missing null check for {{entry}} in [1]. > Thrown NPE: > {code} > ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /dep/ctx: java.lang.NullPointerException > at org.wildfly.security.auth.client.ElytronXmlParser$PrivateKeyKeyStoreEntryCredentialFactory.get(ElytronXmlParser.java:2404) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextType$5(ElytronXmlParser.java:459) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextRuleType$6(ElytronXmlParser.java:501) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$8(ElytronXmlParser.java:537) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:309) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:180) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:141) > at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:116) > at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.doGet(WildflyConfigXmlServlet.java:91) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > [1] https://github.com/wildfly-security/wildfly-elytron/blob/07dca201e47344ee... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1118) Non-existing alias for SSL in Elytron Client configuration file causes NPE

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/ELY-1118?page=com.atlassian.jira.plugin.s... ] Ondrej Lukas updated ELY-1118: ------------------------------ Affects Version/s: 1.1.0.Beta39 > Non-existing alias for SSL in Elytron Client configuration file causes NPE > -------------------------------------------------------------------------- > > Key: ELY-1118 > URL: https://issues.jboss.org/browse/ELY-1118 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta39 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > In case when Elytron Client configuration file for {{key-store-ssl-certificate}} element includes alias which does not exist in given keystore then NPE is thrown. > It is caused by missing null check for {{entry}} in [1]. > Thrown NPE: > {code} > ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /dep/ctx: java.lang.NullPointerException > at org.wildfly.security.auth.client.ElytronXmlParser$PrivateKeyKeyStoreEntryCredentialFactory.get(ElytronXmlParser.java:2404) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextType$5(ElytronXmlParser.java:459) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextRuleType$6(ElytronXmlParser.java:501) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$8(ElytronXmlParser.java:537) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:309) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:180) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:141) > at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:116) > at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.doGet(WildflyConfigXmlServlet.java:91) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > [1] https://github.com/wildfly-security/wildfly-elytron/blob/07dca201e47344ee... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1118) Non-existing alias for SSL in Elytron Client configuration file causes NPE

by Ondrej Lukas (JIRA)

Ondrej Lukas created ELY-1118: --------------------------------- Summary: Non-existing alias for SSL in Elytron Client configuration file causes NPE Key: ELY-1118 URL: https://issues.jboss.org/browse/ELY-1118 Project: WildFly Elytron Issue Type: Bug Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Critical In case when Elytron Client configuration file for {{key-store-ssl-certificate}} element includes alias which does not exist in given keystore then NPE is thrown. It is caused by missing null check for {{entry}} in [1]. Thrown NPE: {code} ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /dep/ctx: java.lang.NullPointerException at org.wildfly.security.auth.client.ElytronXmlParser$PrivateKeyKeyStoreEntryCredentialFactory.get(ElytronXmlParser.java:2404) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextType$5(ElytronXmlParser.java:459) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseSslContextRuleType$6(ElytronXmlParser.java:501) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$8(ElytronXmlParser.java:537) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:309) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:180) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:141) at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:116) at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.doGet(WildflyConfigXmlServlet.java:91) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) {code} [1] https://github.com/wildfly-security/wildfly-elytron/blob/07dca201e47344ee... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8678) Re-enable tests temporarily disabled in -Delytron run.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-8678?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-8678: ----------------------------------- Fix Version/s: 11.0.0.Beta1 > Re-enable tests temporarily disabled in -Delytron run. > ------------------------------------------------------ > > Key: WFLY-8678 > URL: https://issues.jboss.org/browse/WFLY-8678 > Project: WildFly > Issue Type: Task > Components: Security, Test Suite > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 11.0.0.Beta1 > > > The following tests are temporarily ignored: - > Tests in error: > ExportImportJournalTestCase.testExportImportJournal:136->sendMessage:77 » Communication > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > PooledConnectionFactoryStatisticsTestCase.testStatistics:83 » Communication WF... > RemoteNamingEjbTestCase.testDeploymentBinding:140 » Communication WFNAM00018: ... > RemoteNamingEjbTestCase.testIt:99 » Communication WFNAM00018: Failed to connec... > RemoteNamingTestCase.testNestedLookup:109 » Communication WFNAM00018: Failed t... > RemoteNamingTestCase.testRemoteContextLookup:97 » Communication WFNAM00018: Fa... > RemoteNamingTestCase.testRemoteLookup:85 » Communication WFNAM00018: Failed to... > TransactionInflowTestCase.inflowTransactionCommit:138 » IllegalState EJBCLIENT... > TransactionInflowTestCase.inflowTransactionRollback:156 » IllegalState EJBCLIE... > Investigation needs to continue as it actually appears something running before these tests is the cause as running these tests in isolation does not cause a failure. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8678) Re-enable tests temporarily disabled in -Delytron run.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-8678?page=com.atlassian.jira.plugin.... ] Darran Lofthouse moved JBEAP-10656 to WFLY-8678: ------------------------------------------------ Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8678 (was: JBEAP-10656) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security Test Suite (was: Security) (was: Test Suite) > Re-enable tests temporarily disabled in -Delytron run. > ------------------------------------------------------ > > Key: WFLY-8678 > URL: https://issues.jboss.org/browse/WFLY-8678 > Project: WildFly > Issue Type: Task > Components: Security, Test Suite > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 11.0.0.Beta1 > > > The following tests are temporarily ignored: - > Tests in error: > ExportImportJournalTestCase.testExportImportJournal:136->sendMessage:77 » Communication > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSQueueManagementTestCase.addQueues:105 » Communication WFNAM00018: Failed to... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > JMSTopicManagementTestCase.before:89 » Communication WFNAM00018: Failed to con... > PooledConnectionFactoryStatisticsTestCase.testStatistics:83 » Communication WF... > RemoteNamingEjbTestCase.testDeploymentBinding:140 » Communication WFNAM00018: ... > RemoteNamingEjbTestCase.testIt:99 » Communication WFNAM00018: Failed to connec... > RemoteNamingTestCase.testNestedLookup:109 » Communication WFNAM00018: Failed t... > RemoteNamingTestCase.testRemoteContextLookup:97 » Communication WFNAM00018: Fa... > RemoteNamingTestCase.testRemoteLookup:85 » Communication WFNAM00018: Failed to... > TransactionInflowTestCase.inflowTransactionCommit:138 » IllegalState EJBCLIENT... > TransactionInflowTestCase.inflowTransactionRollback:156 » IllegalState EJBCLIE... > Investigation needs to continue as it actually appears something running before these tests is the cause as running these tests in isolation does not cause a failure. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1117) Regresion in DR17, elytron returns 401 instead of 500.

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1117?page=com.atlassian.jira.plugin.s... ] Martin Choma commented on ELY-1117: ----------------------------------- Seems to me https://issues.jboss.org/browse/JBEAP-10246?focusedCommentId=13392098&pag... applies here. I tried obtain-kerberos-ticket option and get 500 as expected. > Regresion in DR17, elytron returns 401 instead of 500. > ------------------------------------------------------ > > Key: ELY-1117 > URL: https://issues.jboss.org/browse/ELY-1117 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > > There is regression against DR16. When Elytron kerberos security factory is misconfigured - wrong principal name - 401 is returned. Till DR16 it was 500. > IMO 500 is more appropriate in this case as server is misconfigured and authenticatoin is not possible at all. > But 401 means user can try authenticate with another credential. Also there is no other authentication mechanism configured, which could be tried to authenticate - just SPNEGO. > {code:title=server.log} > 09:26:33,615 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,616 TRACE [org.wildfly.security] (default task-1) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,617 TRACE [org.wildfly.security] (default task-1) Obtaining GSSCredential for the service from callback handler... > 09:26:33,617 TRACE [org.wildfly.security] (default task-1) No valid cached credential, obtaining new one... > 09:26:33,618 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: > ] > 09:26:33,623 INFO [stdout] (default task-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab refreshKrb5Config is false principal is WRONG_SERVICE/wrong.host tryFirstPass is false useFirstPass is false storePass is false clearPass is false > 09:26:33,626 INFO [stdout] (default task-1) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb5-3763796955751468261.conf > 09:26:33,626 INFO [stdout] (default task-1) Loaded from Java config > 09:26:33,627 INFO [stdout] (default task-1) principal is WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,628 INFO [stdout] (default task-1) Will use keytab > 09:26:33,628 INFO [stdout] (default task-1) Commit Succeeded > 09:26:33,628 INFO [stdout] (default task-1) > 09:26:33,628 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: > Principal: WRONG_SERVICE/wrong.host(a)JBOSS.ORG > Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > ] succeed > 09:26:33,630 TRACE [org.wildfly.security] (default task-1) Creating GSSName for Principal 'WRONG_SERVICE/wrong.host(a)JBOSS.ORG' > 09:26:33,634 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,635 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,635 TRACE [org.wildfly.security] (default task-1) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f] > 09:26:33,636 TRACE [org.wildfly.security] (default task-1) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@3409081b] > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Caching GSSContext sun.security.jgss.GSSContextImpl@480e78a0 > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Caching KerberosTicket null > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Sent HTTP authorizations: [null] > 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Request lacks valid authentication credentials > 09:26:33,666 WARN [org.apache.http.impl.auth.HttpAuthenticator] (main) NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Obtaining GSSCredential for the service from callback handler... > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@b065a6e] > 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Caching GSSContext sun.security.jgss.GSSContextImpl@5c1a57e > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Caching KerberosTicket null > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Sent HTTP authorizations: [null] > 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Request lacks valid authentication credentials > Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false > Refreshing Kerberos configuration > [Krb5LoginModule] user entered username: jdukef95f0ce7-ed0b-4086-b498-e11f0cbee025 > principal is jdukef95f0ce7-ed0b-4086-b498-e11f0cbee025(a)JBOSS.ORG > Commit Succeeded > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Obtaining GSSCredential for the service from callback handler... > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@ee77462] > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Caching GSSContext sun.security.jgss.GSSContextImpl@209bce > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Caching KerberosTicket null > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Sent HTTP authorizations: [null] > 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Request lacks valid authentication credentials > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Evaluating SPNEGO request: cached GSSContext = null > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Obtaining GSSCredential for the service from callback handler... > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Used cached GSSCredential [[GSSCredential: > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] > WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@511a63e2] > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Caching GSSContext sun.security.jgss.GSSContextImpl@5fdd87b1 > 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Caching KerberosTicket null > 09:26:33,759 TRACE [org.wildfly.security] (default task-4) Sent HTTP authorizations: [Negotiate YIIE1gYGKwYBBQUCoIIEyjCCBMagDTALBgkqhkiG9xIBAgKhBAMCAfaiggStBIIEqWCCBKUGCSqGSIb3EgECAgEAboIElDCCBJCgAwIBBaEDAgEOogcDBQAgAAAAo4IBKGGCASQwggEgoAMCAQWhCxsJSkJPU1MuT1JHoigwJqADAgEAoR8wHRsESFRUUBsVbG9jYWxob3N0LmxvY2FsZG9tYWluo4HhMIHeoAMCARGigdYEgdNZUz5w85v5Lg3rdGjYo4b+X5C6BpUMjg7SMoS+xl5ChgJMY0VQjvizbudYm0UXRRHgDXLE8rH1dx4VjK/yZ4W7GL4yP7wqrZLu9bqG+V6bNu0q5OijcV08XzwvE2EuL7SLhJ+3MtGsAclO/BkZwppYuMMJzFPN0nwguITxE8m+9Y/X+ikRtM2XsXINqduMFM5BfAZIcskA0yQ6ZqqB/gtDq6VGWKZ+KMr9fAMVfqH3DFE+Rwm4Ei6WMg2sJ9bAGpZgHOKjYhQDvMa49fxDth5tL8COpIIDTTCCA0mgAwIBEaKCA0AEggM82CoQag7UyA/xrAduZ14kwQUQiFvL0FNubJqi+r+hDtVd+ip549Veh7/XqskzaSQ/5+MJUhbx879YxkEUrUnnmnkQvtVxlZo7bhQMhhbuoJCA8aeBwOsBLd/DMvk9FxjP7axEfOSB2ENZ02mvEPqy8c039rGmWKpgimrJOjn9v3MkIV6dTtYVutdyW9o9cJGzT2+qOcOcylS19u2MNzIYH5XcpMWzGAX+ij7jNy/w7jHWnh7eXgl89et4L0zNVSsRmSNG6/95/zqvzAUpgmM6OyMTT2Zpd79vFAL/rI9bTsFCkGzB0pBFhcEuNmNiaLD3xKTLzsEpJqruue+7+FYmF9vOFTy1mFxMt5twkkGC48x8bPLFf2F8RAXKlrZp5HAD3MbmrTdCOzFW77yzFbCrCB1Fw0qtzLuWFZFJnMtZL4074WmOMR9upTNR6D76yhUJw8+HV5iPpJzxq84usRUI/jHkF7TdBJll0MpJQbXJMteYGAVp04jaisKsAQVPLfcmgEuamb9nrdTJ3E+zkviB80NhK2JwTZzsnGIudoPWaSl7eM7/XajgM/9MFwWkiB/z7iCtiXdrTLkJg0ZQeBlImNK6MO79NHaO6e5fG+jKEd7SuEa/MJmBRCpTjkc3g87N5wDMzz16wmzgRE96AoF9vS9hJaoM6CkPSigvno1x5A+e4e3+kOObY1QYzR5bJLwG+kzQGhKxkjI5CwS9M0rVkvxIU+BEIWgVCp8447EtXFmrsbREAwQ432kbTDdQLJZeUDjJFY9aoqVoUpePukD3H92icwvQkEvahm6U2q3bstLSKq47VRwtJr7q28PLllFlkFI7WPbsOgl5ZZ+SzvleskVPvNoX5I+HyQJHLO3cz/DGRpswGLxTmCSpRYe3Ul/33AE+sSnhqC9Ndl8e+z7uZgVaCMZci8JJ2/ZUfv72BDKou4BiFIo+G6IzFEFMs0O+x8fueJ/3aKoHSxV5WEANhW9W8mzpewf0wvYojlRL4zgAorVCamSIuG3OB4vq5OSlDEC9raRTR5Sl2EU+5WvDF2UzA6VDpkb58DGVm8FA7O5JFehY7ErEyD8gTM98i5FCK+kUORguAXK3fKVt] > 09:26:33,759 TRACE [org.wildfly.security] (default task-4) Processing incoming response to a challenge... > 09:26:33,764 INFO [stdout] (default task-4) Entered Krb5Context.acceptSecContext with state=STATE_NEW > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 79; type: 16 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 87; type: 18 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 63; type: 3 > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 71; type: 17 > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain > 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 71; type: 23 > 09:26:33,770 INFO [stdout] (default task-4) Looking for keys for: WRONG_SERVICE/wrong.host(a)JBOSS.ORG > 09:26:33,816 TRACE [org.wildfly.security] (default task-4) GSSContext message exchange failed: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96) > at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) > at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.lambda$evaluateRequest$2(SpnegoAuthenticationMechanism.java:164) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:164) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96 > at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278) > at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149) > at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108) > at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) > ... 47 more > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1117) Regresion in DR17, elytron returns 401 instead of 500.

by Martin Choma (JIRA)

Martin Choma created ELY-1117: --------------------------------- Summary: Regresion in DR17, elytron returns 401 instead of 500. Key: ELY-1117 URL: https://issues.jboss.org/browse/ELY-1117 Project: WildFly Elytron Issue Type: Bug Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Critical There is regression against DR16. When Elytron kerberos security factory is misconfigured - wrong principal name - 401 is returned. Till DR16 it was 500. IMO 500 is more appropriate in this case as server is misconfigured and authenticatoin is not possible at all. But 401 means user can try authenticate with another credential. Also there is no other authentication mechanism configured, which could be tried to authenticate - just SPNEGO. {code:title=server.log} 09:26:33,615 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' 09:26:33,616 TRACE [org.wildfly.security] (default task-1) Evaluating SPNEGO request: cached GSSContext = null 09:26:33,617 TRACE [org.wildfly.security] (default task-1) Obtaining GSSCredential for the service from callback handler... 09:26:33,617 TRACE [org.wildfly.security] (default task-1) No valid cached credential, obtaining new one... 09:26:33,618 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: ] 09:26:33,623 INFO [stdout] (default task-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab refreshKrb5Config is false principal is WRONG_SERVICE/wrong.host tryFirstPass is false useFirstPass is false storePass is false clearPass is false 09:26:33,626 INFO [stdout] (default task-1) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb5-3763796955751468261.conf 09:26:33,626 INFO [stdout] (default task-1) Loaded from Java config 09:26:33,627 INFO [stdout] (default task-1) principal is WRONG_SERVICE/wrong.host(a)JBOSS.ORG 09:26:33,628 INFO [stdout] (default task-1) Will use keytab 09:26:33,628 INFO [stdout] (default task-1) Commit Succeeded 09:26:33,628 INFO [stdout] (default task-1) 09:26:33,628 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject: Principal: WRONG_SERVICE/wrong.host(a)JBOSS.ORG Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG ] succeed 09:26:33,630 TRACE [org.wildfly.security] (default task-1) Creating GSSName for Principal 'WRONG_SERVICE/wrong.host(a)JBOSS.ORG' 09:26:33,634 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG 09:26:33,635 INFO [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.3649597682700651441.keytab for WRONG_SERVICE/wrong.host(a)JBOSS.ORG 09:26:33,635 TRACE [org.wildfly.security] (default task-1) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f] 09:26:33,636 TRACE [org.wildfly.security] (default task-1) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@3409081b] 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Caching GSSContext sun.security.jgss.GSSContextImpl@480e78a0 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Caching KerberosTicket null 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Sent HTTP authorizations: [null] 09:26:33,637 TRACE [org.wildfly.security] (default task-1) Request lacks valid authentication credentials 09:26:33,666 WARN [org.apache.http.impl.auth.HttpAuthenticator] (main) NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Evaluating SPNEGO request: cached GSSContext = null 09:26:33,667 TRACE [org.wildfly.security] (default task-2) Obtaining GSSCredential for the service from callback handler... 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Used cached GSSCredential [[GSSCredential: WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@b065a6e] 09:26:33,668 TRACE [org.wildfly.security] (default task-2) Caching GSSContext sun.security.jgss.GSSContextImpl@5c1a57e 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Caching KerberosTicket null 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Sent HTTP authorizations: [null] 09:26:33,669 TRACE [org.wildfly.security] (default task-2) Request lacks valid authentication credentials Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration [Krb5LoginModule] user entered username: jdukef95f0ce7-ed0b-4086-b498-e11f0cbee025 principal is jdukef95f0ce7-ed0b-4086-b498-e11f0cbee025(a)JBOSS.ORG Commit Succeeded 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Evaluating SPNEGO request: cached GSSContext = null 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Obtaining GSSCredential for the service from callback handler... 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Used cached GSSCredential [[GSSCredential: WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] 09:26:33,691 TRACE [org.wildfly.security] (default task-3) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@ee77462] 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Caching GSSContext sun.security.jgss.GSSContextImpl@209bce 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Caching KerberosTicket null 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Sent HTTP authorizations: [null] 09:26:33,692 TRACE [org.wildfly.security] (default task-3) Request lacks valid authentication credentials 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Evaluating SPNEGO request: cached GSSContext = null 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Obtaining GSSCredential for the service from callback handler... 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Used cached GSSCredential [[GSSCredential: WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential] WRONG_SERVICE/wrong.host(a)JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]] 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Using SpnegoAuthenticationMechanism to authenticate WRONG_SERVICE/wrong.host(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@511a63e2] 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Caching GSSContext sun.security.jgss.GSSContextImpl@5fdd87b1 09:26:33,757 TRACE [org.wildfly.security] (default task-4) Caching KerberosTicket null 09:26:33,759 TRACE [org.wildfly.security] (default task-4) Sent HTTP authorizations: [Negotiate YIIE1gYGKwYBBQUCoIIEyjCCBMagDTALBgkqhkiG9xIBAgKhBAMCAfaiggStBIIEqWCCBKUGCSqGSIb3EgECAgEAboIElDCCBJCgAwIBBaEDAgEOogcDBQAgAAAAo4IBKGGCASQwggEgoAMCAQWhCxsJSkJPU1MuT1JHoigwJqADAgEAoR8wHRsESFRUUBsVbG9jYWxob3N0LmxvY2FsZG9tYWluo4HhMIHeoAMCARGigdYEgdNZUz5w85v5Lg3rdGjYo4b+X5C6BpUMjg7SMoS+xl5ChgJMY0VQjvizbudYm0UXRRHgDXLE8rH1dx4VjK/yZ4W7GL4yP7wqrZLu9bqG+V6bNu0q5OijcV08XzwvE2EuL7SLhJ+3MtGsAclO/BkZwppYuMMJzFPN0nwguITxE8m+9Y/X+ikRtM2XsXINqduMFM5BfAZIcskA0yQ6ZqqB/gtDq6VGWKZ+KMr9fAMVfqH3DFE+Rwm4Ei6WMg2sJ9bAGpZgHOKjYhQDvMa49fxDth5tL8COpIIDTTCCA0mgAwIBEaKCA0AEggM82CoQag7UyA/xrAduZ14kwQUQiFvL0FNubJqi+r+hDtVd+ip549Veh7/XqskzaSQ/5+MJUhbx879YxkEUrUnnmnkQvtVxlZo7bhQMhhbuoJCA8aeBwOsBLd/DMvk9FxjP7axEfOSB2ENZ02mvEPqy8c039rGmWKpgimrJOjn9v3MkIV6dTtYVutdyW9o9cJGzT2+qOcOcylS19u2MNzIYH5XcpMWzGAX+ij7jNy/w7jHWnh7eXgl89et4L0zNVSsRmSNG6/95/zqvzAUpgmM6OyMTT2Zpd79vFAL/rI9bTsFCkGzB0pBFhcEuNmNiaLD3xKTLzsEpJqruue+7+FYmF9vOFTy1mFxMt5twkkGC48x8bPLFf2F8RAXKlrZp5HAD3MbmrTdCOzFW77yzFbCrCB1Fw0qtzLuWFZFJnMtZL4074WmOMR9upTNR6D76yhUJw8+HV5iPpJzxq84usRUI/jHkF7TdBJll0MpJQbXJMteYGAVp04jaisKsAQVPLfcmgEuamb9nrdTJ3E+zkviB80NhK2JwTZzsnGIudoPWaSl7eM7/XajgM/9MFwWkiB/z7iCtiXdrTLkJg0ZQeBlImNK6MO79NHaO6e5fG+jKEd7SuEa/MJmBRCpTjkc3g87N5wDMzz16wmzgRE96AoF9vS9hJaoM6CkPSigvno1x5A+e4e3+kOObY1QYzR5bJLwG+kzQGhKxkjI5CwS9M0rVkvxIU+BEIWgVCp8447EtXFmrsbREAwQ432kbTDdQLJZeUDjJFY9aoqVoUpePukD3H92icwvQkEvahm6U2q3bstLSKq47VRwtJr7q28PLllFlkFI7WPbsOgl5ZZ+SzvleskVPvNoX5I+HyQJHLO3cz/DGRpswGLxTmCSpRYe3Ul/33AE+sSnhqC9Ndl8e+z7uZgVaCMZci8JJ2/ZUfv72BDKou4BiFIo+G6IzFEFMs0O+x8fueJ/3aKoHSxV5WEANhW9W8mzpewf0wvYojlRL4zgAorVCamSIuG3OB4vq5OSlDEC9raRTR5Sl2EU+5WvDF2UzA6VDpkb58DGVm8FA7O5JFehY7ErEyD8gTM98i5FCK+kUORguAXK3fKVt] 09:26:33,759 TRACE [org.wildfly.security] (default task-4) Processing incoming response to a challenge... 09:26:33,764 INFO [stdout] (default task-4) Entered Krb5Context.acceptSecContext with state=STATE_NEW 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP 09:26:33,768 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 79; type: 16 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 87; type: 18 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 63; type: 3 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain 09:26:33,769 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 71; type: 17 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): JBOSS.ORG 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): HTTP 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTabInputStream, readName(): localhost.localdomain 09:26:33,770 INFO [stdout] (default task-4) >>> KeyTab: load() entry length: 71; type: 23 09:26:33,770 INFO [stdout] (default task-4) Looking for keys for: WRONG_SERVICE/wrong.host(a)JBOSS.ORG 09:26:33,816 TRACE [org.wildfly.security] (default task-4) GSSContext message exchange failed: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.lambda$evaluateRequest$2(SpnegoAuthenticationMechanism.java:164) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:164) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with HMAC SHA1-96 at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149) at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) ... 47 more {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1106) Unable to configure protocol and cipher-suite in wildfly-config.xml ssl-context

by Bartosz Baranowski (JIRA)

[ https://issues.jboss.org/browse/ELY-1106?page=com.atlassian.jira.plugin.s... ] Bartosz Baranowski reassigned ELY-1106: --------------------------------------- Assignee: Bartosz Baranowski (was: Darran Lofthouse) > Unable to configure protocol and cipher-suite in wildfly-config.xml ssl-context > ------------------------------------------------------------------------------- > > Key: ELY-1106 > URL: https://issues.jboss.org/browse/ELY-1106 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta38 > Reporter: Martin Choma > Assignee: Bartosz Baranowski > Priority: Blocker > Labels: eap7.1-rfe-failure > > Setting {{cipher-suite}} or {{protocol}} attribute > {code:xml|title=wildfly-config.xml} > <ssl-context name="client-ssl-context"> > <trust-store key-store-name="trustsore"/> > <cipher-suite selector="TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_AES_256_CBC_SHA"/> > <protocol names="TLSv1.1"/> > <use-system-providers/> > </ssl-context> > {code} > leads to > {code:server.log} > 13:47:57,206 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /wildfly-config-app/authenticationContext: java.lang.RuntimeException: org.wildfly.client.config.ConfigXMLParseException: CONF0005: Unexpected element "cipher-suite" in namespace "urn:elytron:1.0" encountered > at vfs:/content/wildfly-config-app.war/META-INF/wildfly-config.xml:21:17 > at com.redhat.eap.qe.deployment.servlet.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:119) > at com.redhat.eap.qe.deployment.servlet.WildflyConfigXmlServlet.doGet(WildflyConfigXmlServlet.java:91) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.wildfly.client.config.ConfigXMLParseException: CONF0005: Unexpected element "cipher-suite" in namespace "urn:elytron:1.0" encountered > at vfs:/content/wildfly-config-app.war/META-INF/wildfly-config.xml:21:17 > at org.wildfly.client.config.ConfigurationXMLStreamReader.unexpectedElement(ConfigurationXMLStreamReader.java:245) > at org.wildfly.security.auth.client.ElytronXmlParser.parseSslContextType(ElytronXmlParser.java:420) > at org.wildfly.security.auth.client.ElytronXmlParser.parseSslContextsType(ElytronXmlParser.java:342) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:265) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:172) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:133) > at com.redhat.eap.qe.deployment.servlet.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:116) > ... 41 more > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1116) Credential store reload operation doesn't has effect in dependent resources.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/ELY-1116?page=com.atlassian.jira.plugin.s... ] Hynek Švábek moved JBEAP-10652 to ELY-1116: ------------------------------------------- Project: WildFly Elytron (was: JBoss Enterprise Application Platform) Key: ELY-1116 (was: JBEAP-10652) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Credential Store (was: Security) Affects Version/s: (was: 7.1.0.DR17) > Credential store reload operation doesn't has effect in dependent resources. > ---------------------------------------------------------------------------- > > Key: ELY-1116 > URL: https://issues.jboss.org/browse/ELY-1116 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Priority: Blocker > > Credential store reload operation doesn't has effect in dependent resources. > When we have keystore which obtains password from credential store, we change on file system backed storage file which contains wrong password to keystore and reload it. Credential store is right state, but keystore still works. > There is expected fail. > *How to reproduce* > For simplifying we only update value in credential store and reload it (it should work too JBEAP-6614). > In my opinion is there same problem and solving one will solve both problems. > {code} > /subsystem=elytron/credential-store=cs001:add(uri="cr-store://cs001.jceks?create=true", relative-to="jboss.server.data.dir", credential-reference={clear-text=pass123}) > /subsystem=elytron/credential-store=cs001/alias=ff:add(secret-value=Elytron) > /subsystem=elytron/key-store=firefly:add(path=firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=cs001,alias=ff} > this command show all aliases > /subsystem=elytron/key-store=firefly:read-children-names(child-type=alias) > {code} > *Now we change keystore password to wrong and reload credential store* > OR > *You can replace storage file which contains wrong password to keystore and call RELOAD command only* > {code} > /subsystem=elytron/credential-store=cs001/alias=ff:remove > /subsystem=elytron/credential-store=cs001/alias=ff:add(secret-value=ElytronWrong) > /subsystem=elytron/credential-store=cs001:reload > {code} > *This command wrongly prints all aliases* > {code} > /subsystem=elytron/key-store=firefly:read-children-names(child-type=alias) > {code} > *We expect error message about wrong password to access to keystore* -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017