September 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1369) FIPS mode, Elytron HTTP DIGEST authentication mechanism not fips compliant

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1369?page=com.atlassian.jira.plugin.s... ] Jan Kalina commented on ELY-1369: --------------------------------- Hmm... reading too late, but algorithm adding is trivial change - most of PR is fix of hash for defined qop=auth (+test coverage). > FIPS mode, Elytron HTTP DIGEST authentication mechanism not fips compliant > -------------------------------------------------------------------------- > > Key: ELY-1369 > URL: https://issues.jboss.org/browse/ELY-1369 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.2.0.Beta3 > Reporter: Jan Kalina > Assignee: Jan Kalina > Labels: eap7.1.0-to-prd > > Elytron HTTP DIGEST authentication comply to rfc2617 - which means MD5 is used by default (it means it is hardcode, with no way to configure another hash algorithm). But MD5 could make troubles in fips environment [5]. > {code:java|title=DigestAuthenticationMechanism.java} > String algorithm = convertToken(ALGORITHM, responseTokens.get(ALGORITHM)); > if (MD5.equals(algorithm) == false) { > throw log.mechUnsupportedAlgorithm(getMechanismName(), algorithm); > } > {code} > There exists proposed rfc7616 which makes algorithm configurable, work on new DIGEST features are covered by [1]. [~dlofthouse] is it planned for [1] to target 7.1? > [1] https://issues.jboss.org/browse/ELY-286 > [2] https://developer.jboss.org/wiki/ElytronHTTPDigestNonceHandling-Design > [3] https://tools.ietf.org/html/rfc2617 > [4] https://tools.ietf.org/html/rfc7616 > [5] https://access.redhat.com/support/cases/#/case/01761455 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3311) embedded server --std-out=discard still causes log output to be shown

by Ken Wills (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3311?page=com.atlassian.jira.plugi... ] Ken Wills moved JBEAP-13221 to WFCORE-3311: ------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-3311 (was: JBEAP-13221) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Target Release: (was: 7.backlog.GA) > embedded server --std-out=discard still causes log output to be shown > --------------------------------------------------------------------- > > Key: WFCORE-3311 > URL: https://issues.jboss.org/browse/WFCORE-3311 > Project: WildFly Core > Issue Type: Bug > Reporter: Ken Wills > Assignee: Ken Wills > > [disconnected /] embed-server --std-out=discard > 10:27:43,671 INFO [org.jboss.modules] (CLI command executor) JBoss Modules version 1.6.1.Final > 10:27:43,698 INFO [org.jboss.as] (MSC service thread 2-8) WFLYSRV0049: WildFly Core 4.0.0.Alpha1-SNAPSHOT "Kenny" starting > ... etc -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3310) mechanism-configuration in http/sasl authentication factory in server configuration should fail when includes some attribute

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3310?page=com.atlassian.jira.plugi... ] Darran Lofthouse commented on WFCORE-3310: ------------------------------------------ [~ivassile] It is up to you if you want to continue to contribute a fix but IMO this is code due to be replaced so I don't really see anyone benefiting from a fix. > mechanism-configuration in http/sasl authentication factory in server configuration should fail when includes some attribute > ---------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-3310 > URL: https://issues.jboss.org/browse/WFCORE-3310 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.3.Final > Reporter: Ondrej Lukas > Assignee: Ilia Vassilev > > Based on wildfly-elytron XSD mechanism-configuration element of http-authentication-factory or sasl-authentication-factory should not contain any attribute. However when some attribute is added for this element in standalone.xml then it does not fail during server start. In correct behavior Validation error should be thrown during starting server. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9336) Extend security context propagation test coverage

by Josef Cacek (JIRA)

[ https://issues.jboss.org/browse/WFLY-9336?page=com.atlassian.jira.plugin.... ] Josef Cacek updated WFLY-9336: ------------------------------ Git Pull Request: https://github.com/wildfly/wildfly/pull/10530 > Extend security context propagation test coverage > ------------------------------------------------- > > Key: WFLY-9336 > URL: https://issues.jboss.org/browse/WFLY-9336 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Reporter: Josef Cacek > Assignee: Josef Cacek > Priority: Critical > > Extend security context propagation test coverage: > * add servlet-to-ejb credential propagation scenarios (BASIC, FORM, BEARER) > * add tests for manual credentials retrieving (use in *-to-servlet scenarios) > * credential-less propagation -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3310) mechanism-configuration in http/sasl authentication factory in server configuration should fail when includes some attribute

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3310?page=com.atlassian.jira.plugi... ] Brian Stansberry commented on WFCORE-3310: ------------------------------------------ [~dlofthouse] So the attributes in question are not handled in any way but are just silently ignored? And the fix would be to reject them? In the rest of this post I'l assume that's what we're talking about. If that's the case, this is Minor or even Optional. Only reason it might be Major is if in .Final or .GA docs we showed some attributes like this, thus leading users to create configs that don't work as documented. I think it's perfectly reasonable for a component lead to say they don't want to spend resources dealing with a Minor or Optional bug, particularly in code that will shortly become legacy. "Dealing with" to include discussing and doing code review, neither of which is free. OTOH I have no problem with fixing it and possibly "breaking" people who are using invalid configs. We shouldn't fix it in a micro/patch release unless we have a critical end user demand that requires it. We don't make possibly breaking changes in patch releases just because we have a JIRA on file. So it's a question of resources. We don't have resources to chase everything like this so I think it's fine to just say no. > mechanism-configuration in http/sasl authentication factory in server configuration should fail when includes some attribute > ---------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-3310 > URL: https://issues.jboss.org/browse/WFCORE-3310 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.3.Final > Reporter: Ondrej Lukas > Assignee: Ilia Vassilev > > Based on wildfly-elytron XSD mechanism-configuration element of http-authentication-factory or sasl-authentication-factory should not contain any attribute. However when some attribute is added for this element in standalone.xml then it does not fail during server start. In correct behavior Validation error should be thrown during starting server. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ELY-1368) Elytron CommandCredentialSource closes STD_ERR stream without consuming it

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1368?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1368: ---------------------------------- Fix Version/s: 1.1.3.CR1 (was: 1.2.0.Beta4) > Elytron CommandCredentialSource closes STD_ERR stream without consuming it > -------------------------------------------------------------------------- > > Key: ELY-1368 > URL: https://issues.jboss.org/browse/ELY-1368 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Affects Versions: 1.2.0.Beta3 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.3.CR1 > > > External commands used for retrieving Elytron credentials may fail due to closed error stream. > The {{CommandCredentialSource}} closes STD_ERR stream without consuming it. > Elytron unit test {{CommandCredentialSourceTest}} (which executes an external java program) hits this issue in some environments. Log contains; > {noformat} > 11:30:29,201 TRACE (main) [org.wildfly.security] <CommandCredentialSource.java:114> Exit code from password command = 141 > {noformat} > The issue was investigated in this PR. You can find more details there: > https://github.com/wildfly-security/wildfly-elytron/pull/981 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3310) mechanism-configuration in http/sasl authentication factory in server configuration should fail when includes some attribute

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3310?page=com.atlassian.jira.plugi... ] Darran Lofthouse commented on WFCORE-3310: ------------------------------------------ [~brian.stansberry] What do you think of issues like this? The problem with fixes here is a previously invalid but working configuration would suddenly stop working if we fix this in the existing parsers, but for the major version bump we plan to move to persistent resource definitions anyway so a lot of this code will become redundant. > mechanism-configuration in http/sasl authentication factory in server configuration should fail when includes some attribute > ---------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-3310 > URL: https://issues.jboss.org/browse/WFCORE-3310 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.3.Final > Reporter: Ondrej Lukas > Assignee: Ilia Vassilev > > Based on wildfly-elytron XSD mechanism-configuration element of http-authentication-factory or sasl-authentication-factory should not contain any attribute. However when some attribute is added for this element in standalone.xml then it does not fail during server start. In correct behavior Validation error should be thrown during starting server. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ELY-1371) NullPointerException within DigestSaslClient if username is null.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1371?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1371: ---------------------------------- Description: When running an EJB client which uses scoped context or legacy jboss-remote-naming API to invoke secured EJBs, a NPE occurs. Additionally, in the case with jboss-remote-naming legacy API, after this exception is logged, the client thread freezes (in the scoped context case, the exception propagates to the client thread). Full stack trace for the case of scoped context: {noformat} Suppressed: java.lang.NullPointerException at java.nio.charset.CharsetEncoder.canEncode(CharsetEncoder.java:984) at org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest(DigestUtil.java:209) at org.wildfly.security.sasl.digest.AbstractDigestMechanism.getSaltedPasswordFromTwoWay(AbstractDigestMechanism.java:539) at org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:231) at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:364) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:349) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {noformat} was: When running an EJB client which uses scoped context or legacy jboss-remote-naming API to invoke secured EJBs, a NPE occurs. Additionally, in the case with jboss-remote-naming legacy API, after this exception is logged, the client thread freezes (in the scoped context case, the exception propagates to the client thread). This is a regression in 7.1.0.CR2. Reproducer attached. Full stack trace for the case of scoped context: {noformat} Exception in thread "main" org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:568) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:115) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:76) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:86) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:916) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:165) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:30) Suppressed: org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: DIGEST-MD5: java.lang.NullPointerException at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:98) at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:71) at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215) at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: DIGEST-MD5: java.lang.NullPointerException at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:446) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) at ...asynchronous invocation...(Unknown Source) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:536) at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83) at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56) at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:487) at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433) at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51) at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122) at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.lambda$getConnection$1(RemoteEJBReceiver.java:174) at java.security.AccessController.doPrivileged(Native Method) at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.getConnection(RemoteEJBReceiver.java:174) at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.processInvocation(RemoteEJBReceiver.java:125) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:455) at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocation(RemotingEJBClientInterceptor.java:51) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:64) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:81) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:303) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:161) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:30) Suppressed: java.lang.NullPointerException at java.nio.charset.CharsetEncoder.canEncode(CharsetEncoder.java:984) at org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest(DigestUtil.java:209) at org.wildfly.security.sasl.digest.AbstractDigestMechanism.getSaltedPasswordFromTwoWay(AbstractDigestMechanism.java:539) at org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:231) at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:364) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:349) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {noformat} > NullPointerException within DigestSaslClient if username is null. > ----------------------------------------------------------------- > > Key: ELY-1371 > URL: https://issues.jboss.org/browse/ELY-1371 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Affects Versions: 1.1.2.Final > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > > When running an EJB client which uses scoped context or legacy jboss-remote-naming API to invoke secured EJBs, a NPE occurs. > Additionally, in the case with jboss-remote-naming legacy API, after this exception is logged, the client thread freezes (in the scoped context case, the exception propagates to the client thread). > Full stack trace for the case of scoped context: > {noformat} > Suppressed: java.lang.NullPointerException > at java.nio.charset.CharsetEncoder.canEncode(CharsetEncoder.java:984) > at org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest(DigestUtil.java:209) > at org.wildfly.security.sasl.digest.AbstractDigestMechanism.getSaltedPasswordFromTwoWay(AbstractDigestMechanism.java:539) > at org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:231) > at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:364) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) > at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:349) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ELY-1371) NullPointerException within DigestSaslClient if username is null.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1371?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1371: ---------------------------------- Summary: NullPointerException within DigestSaslClient if username is null. (was: NPE during authentication when using scoped context or legacy remote-naming API) > NullPointerException within DigestSaslClient if username is null. > ----------------------------------------------------------------- > > Key: ELY-1371 > URL: https://issues.jboss.org/browse/ELY-1371 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Affects Versions: 1.1.2.Final > Reporter: Darran Lofthouse > Priority: Blocker > > When running an EJB client which uses scoped context or legacy jboss-remote-naming API to invoke secured EJBs, a NPE occurs. > Additionally, in the case with jboss-remote-naming legacy API, after this exception is logged, the client thread freezes (in the scoped context case, the exception propagates to the client thread). > This is a regression in 7.1.0.CR2. Reproducer attached. > Full stack trace for the case of scoped context: > {noformat} > Exception in thread "main" org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:568) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:115) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:76) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:86) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:916) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:165) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) > at com.sun.proxy.$Proxy2.hello(Unknown Source) > at client.Client.main(Client.java:30) > Suppressed: org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: > DIGEST-MD5: java.lang.NullPointerException > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:98) > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:71) > at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215) > at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: > DIGEST-MD5: java.lang.NullPointerException > at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:446) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > at ...asynchronous invocation...(Unknown Source) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:536) > at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83) > at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56) > at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:487) > at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433) > at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51) > at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122) > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.lambda$getConnection$1(RemoteEJBReceiver.java:174) > at java.security.AccessController.doPrivileged(Native Method) > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.getConnection(RemoteEJBReceiver.java:174) > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.processInvocation(RemoteEJBReceiver.java:125) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:455) > at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocation(RemotingEJBClientInterceptor.java:51) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) > at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:87) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) > at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:64) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) > at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:81) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) > at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:303) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:161) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) > at com.sun.proxy.$Proxy2.hello(Unknown Source) > at client.Client.main(Client.java:30) > Suppressed: java.lang.NullPointerException > at java.nio.charset.CharsetEncoder.canEncode(CharsetEncoder.java:984) > at org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest(DigestUtil.java:209) > at org.wildfly.security.sasl.digest.AbstractDigestMechanism.getSaltedPasswordFromTwoWay(AbstractDigestMechanism.java:539) > at org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:231) > at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:364) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) > at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:349) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (ELY-1371) NullPointerException within DigestSaslClient if username is null.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1371?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1371: ------------------------------------- Assignee: Darran Lofthouse > NullPointerException within DigestSaslClient if username is null. > ----------------------------------------------------------------- > > Key: ELY-1371 > URL: https://issues.jboss.org/browse/ELY-1371 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Affects Versions: 1.1.2.Final > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > > When running an EJB client which uses scoped context or legacy jboss-remote-naming API to invoke secured EJBs, a NPE occurs. > Additionally, in the case with jboss-remote-naming legacy API, after this exception is logged, the client thread freezes (in the scoped context case, the exception propagates to the client thread). > This is a regression in 7.1.0.CR2. Reproducer attached. > Full stack trace for the case of scoped context: > {noformat} > Exception in thread "main" org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:568) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:115) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:76) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:86) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) > at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) > at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:916) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:165) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) > at com.sun.proxy.$Proxy2.hello(Unknown Source) > at client.Client.main(Client.java:30) > Suppressed: org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: > DIGEST-MD5: java.lang.NullPointerException > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:98) > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:71) > at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215) > at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: > DIGEST-MD5: java.lang.NullPointerException > at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:446) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > at ...asynchronous invocation...(Unknown Source) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:536) > at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83) > at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56) > at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:487) > at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433) > at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51) > at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122) > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.lambda$getConnection$1(RemoteEJBReceiver.java:174) > at java.security.AccessController.doPrivileged(Native Method) > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.getConnection(RemoteEJBReceiver.java:174) > at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.processInvocation(RemoteEJBReceiver.java:125) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:455) > at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocation(RemotingEJBClientInterceptor.java:51) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) > at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:87) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) > at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:64) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) > at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:81) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) > at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203) > at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:303) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:161) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) > at com.sun.proxy.$Proxy2.hello(Unknown Source) > at client.Client.main(Client.java:30) > Suppressed: java.lang.NullPointerException > at java.nio.charset.CharsetEncoder.canEncode(CharsetEncoder.java:984) > at org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest(DigestUtil.java:209) > at org.wildfly.security.sasl.digest.AbstractDigestMechanism.getSaltedPasswordFromTwoWay(AbstractDigestMechanism.java:539) > at org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:231) > at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:364) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) > at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:349) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 7 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira September 2017