January 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-22) Expand LDAP realm to support authPassword attribute (RFC3112)

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-22?page=com.atlassian.jira.plugin.sys... ] Jan Kalina updated ELY-22: -------------------------- Summary: Expand LDAP realm to support authPassword attribute (RFC3112) (was: Expand LDAP realm to support RFC3112) > Expand LDAP realm to support authPassword attribute (RFC3112) > ------------------------------------------------------------- > > Key: ELY-22 > URL: https://issues.jboss.org/browse/ELY-22 > Project: WildFly Elytron > Issue Type: Sub-task > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > RFC3112 adds a new attribute 'authPassword' and can be used to store passwords in various formats. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-16) Add a RFC2256 based LDAP Realm

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-16?page=com.atlassian.jira.plugin.sys... ] Jan Kalina resolved ELY-16. --------------------------- Fix Version/s: 1.0.0.Alpha1 (was: 2.0.0.Alpha1) Resolution: Done > Add a RFC2256 based LDAP Realm > ------------------------------ > > Key: ELY-16 > URL: https://issues.jboss.org/browse/ELY-16 > Project: WildFly Elytron > Issue Type: Sub-task > Reporter: Darran Lofthouse > Fix For: 1.0.0.Alpha1 > > > RFC2256 defines the userPassword attribute on LDAP entries, officially this is supposed to be clear text - however many vendors now support a one way hash where the hash algorithm is specified at the beginning of the attribute value: - > {noformat} > {ssha}izu672WN0xA2ZaYofeiWyQ5QKxEBMNsbyQKwRw== > {noformat} > {noformat} > ( 2.5.4.35 NAME 'userPassword' DESC 'RFC2256/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 USAGE userApplications X-SCHEMA 'system' ) > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-262) The equivalent of wrap and unwrap for HTTP authentication mechanisms

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-262?page=com.atlassian.jira.plugin.sy... ] Jan Kalina updated ELY-262: --------------------------- Description: For example, for DIGEST is in RFC 7616 defined integrity protection - qop=auth-int. > The equivalent of wrap and unwrap for HTTP authentication mechanisms > -------------------------------------------------------------------- > > Key: ELY-262 > URL: https://issues.jboss.org/browse/ELY-262 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta14 > > > For example, for DIGEST is in RFC 7616 defined integrity protection - qop=auth-int. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1387) SSLContext for where authentication client resources load from a URI.

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1387?page=com.atlassian.jira.plugin.s... ] Jan Kalina updated ELY-1387: ---------------------------- Component/s: Authentication Client > SSLContext for where authentication client resources load from a URI. > --------------------------------------------------------------------- > > Key: ELY-1387 > URL: https://issues.jboss.org/browse/ELY-1387 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Fix For: 2.0.0.Alpha1 > > > Where resources can be loaded from a URI we may want to define an SSLContext for access to that resource so we can verify it is a trusted resource. > i.e. our local config contains internal key and trust stores but the remove destinations may change so we load the certificates and revocation lists from an internal trusted source. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (LOGTOOL-132) Support low-metaspace bundles/classes

by James Perkins (JIRA)

[ https://issues.jboss.org/browse/LOGTOOL-132?page=com.atlassian.jira.plugi... ] James Perkins commented on LOGTOOL-132: --------------------------------------- I think I'm just going break compatibility and remove the previous properties which allowed the generated implementation to work with 3.0.x. For compiling I'll throw an exception if the correct minimum version of {{jboss-logging}} isn't used. I think it will just make it easier. Keeping the compatibility is likely just going to complicated the generated code and we should really leave it very simple as the goal is shrinking the metaspace size. I seem to have this working well locally. There are few main issues left: # There was a way for a default locale, LOGTOOL-116, to be set. Given the same implementation is used for all languages we need to away to determine which locale should be used for translated messages vs fallback messages. # We need to figure out how we fallback from {{fr_CA}} to {{fr}} if both properties files exist # Performance testing needs to be done. One kind of interesting thing, and something I'll look at in more depth, is while the implementations seem to be down about 50% in metaspace size the total only seems down about 1%. > Support low-metaspace bundles/classes > ------------------------------------- > > Key: LOGTOOL-132 > URL: https://issues.jboss.org/browse/LOGTOOL-132 > Project: Log Tool > Issue Type: Enhancement > Reporter: David Lloyd > Priority: Critical > > Metaspace is at a premium in the application server environment, and the number one consumer is presently generated log classes. > Introduce a leaner variation on generated classes with the following requirements: > * The generated class must be {{final}} > * The generated class must contain no message strings > * The generated class must accept both a {{Logger}} and a {{Locale}}, and load its resources from a file based on that information > * The usage of Java 8's locale lookup functionality should be considered, to support language tags etc.; a helper utility could be introduced into {{jboss-logging}} for this > Here are some implementation ideas: > * Option 1: The resource files contain only messages, one per line, loaded directly into a {{String[]}} instance field in the implementation class; each logging method uses a hard-coded array index to access its message > ** A key advantage is that the implementation class is very small, and consumes very little metaspace; also, it is fast, requiring only an array lookup to acquire the string > ** A disadvantage is, any change to the message set invalidates all the locale files, which must then be regenerated > ** Also, each locale file must contain all messages, unless a fallback mechanism is used (e.g. an empty line signifies that the string should come from the parent locale) > * Option 2: The resource files contain key-value pairs, with the key being equal to the method name > ** Advantage: the file is not invalidated if a key is added, and sub-locales can inherit more easily from parent locales > ** Disadvantage: the added overhead of mapping lines to methods (for example, using a switch statement to map method names to fixed indexes, or loading the messages into a hash table e.g. {{HashMap}}) will fill metaspace or impact performance, or both -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2275) Null pointer exception when calling updateToVersion with existing data in a stateful KieSession

by Chad Poe (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2275?page=com.atlassian.jira.plugi... ] Chad Poe updated DROOLS-2275: ----------------------------- Summary: Null pointer exception when calling updateToVersion with existing data in a stateful KieSession (was: Null pointer exception when calling updateToVersion with data in a stateful KieSession) > Null pointer exception when calling updateToVersion with existing data in a stateful KieSession > ----------------------------------------------------------------------------------------------- > > Key: DROOLS-2275 > URL: https://issues.jboss.org/browse/DROOLS-2275 > Project: Drools > Issue Type: Bug > Environment: Wildfly 8.2.1, Standalone > Reporter: Chad Poe > Assignee: Edson Tirelli > Attachments: org.drools.test.beta-memory.zip > > > This error was first discovered in a proprietary application that is running in wildfly 8.2.1. Up until now I was unable to reproduce outside of the mentioned environment. After narrowing down the exact conditions that cause the error to occur I was able to create a sample project that forces the issue to occur. Below is the stack trace: > Caused by: java.lang.NullPointerException > at org.drools.core.reteoo.BetaMemory.linkNode(BetaMemory.java:93) > at org.drools.core.reteoo.BetaMemory.linkNode(BetaMemory.java:88) > at org.drools.core.reteoo.SingleObjectSinkAdapter.staticDoLinkRiaNode(SingleObjectSinkAdapter.java:111) > at org.drools.core.reteoo.SingleObjectSinkAdapter.doLinkRiaNode(SingleObjectSinkAdapter.java:93) > at org.drools.core.reteoo.RiaPathMemory.doLinkRule(RiaPathMemory.java:52) > at org.drools.core.reteoo.PathMemory.linkSegment(PathMemory.java:103) > at org.drools.core.reteoo.SegmentMemory.notifyRuleLinkSegment(SegmentMemory.java:192) > at org.drools.core.phreak.AddRemoveRule.addNewPaths(AddRemoveRule.java:452) > at org.drools.core.phreak.AddRemoveRule.addRule(AddRemoveRule.java:123) > at org.drools.core.reteoo.builder.ReteooRuleBuilder.addSubRule(ReteooRuleBuilder.java:189) > at org.drools.core.reteoo.builder.ReteooRuleBuilder.addRule(ReteooRuleBuilder.java:133) > at org.drools.core.reteoo.ReteooBuilder.addRule(ReteooBuilder.java:110) > at org.drools.core.impl.KnowledgeBaseImpl.internalAddRule(KnowledgeBaseImpl.java:1530) > at org.drools.core.impl.KnowledgeBaseImpl.lambda$addRules$4(KnowledgeBaseImpl.java:1523) > at org.drools.core.impl.KnowledgeBaseImpl.enqueueModification(KnowledgeBaseImpl.java:734) > at org.drools.core.impl.KnowledgeBaseImpl.addRules(KnowledgeBaseImpl.java:1521) > at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.compileRete(KnowledgeBuilderImpl.java:1010) > at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.buildRules(KnowledgeBuilderImpl.java:2524) > at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.buildPackages(KnowledgeBuilderImpl.java:2450) > at org.drools.compiler.builder.impl.CompositeKnowledgeBuilderImpl.buildPackages(CompositeKnowledgeBuilderImpl.java:109) > at org.drools.compiler.builder.impl.CompositeKnowledgeBuilderImpl.build(CompositeKnowledgeBuilderImpl.java:99) > at org.drools.compiler.kie.builder.impl.KieContainerImpl.rebuildAll(KieContainerImpl.java:473) > at org.drools.compiler.kie.builder.impl.KieContainerImpl.updateKBase(KieContainerImpl.java:309) > at org.drools.compiler.kie.builder.impl.KieContainerImpl.lambda$update$0(KieContainerImpl.java:260) > at org.drools.core.impl.KnowledgeBaseImpl.enqueueModification(KnowledgeBaseImpl.java:734) > at org.drools.compiler.kie.builder.impl.KieContainerImpl.update(KieContainerImpl.java:260) > at org.drools.compiler.kie.builder.impl.KieContainerImpl.updateToVersion(KieContainerImpl.java:199) > at org.drools.test.KieRuntimeManager.buildOnKfs(KieRuntimeManager.java:202) > at org.drools.test.KieRuntimeManager.loadRule(KieRuntimeManager.java:147) > at org.drools.test.DroolsReasonerContainer.loadRule(DroolsReasonerContainer.java:22) > at org.drools.test.App.main(App.java:22) > ... 6 more -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1426) DigestSasl obtains URP digest for authzid instead of username

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1426?page=com.atlassian.jira.plugin.s... ] Jan Kalina updated ELY-1426: ---------------------------- Fix Version/s: 1.2.0.Beta11 > DigestSasl obtains URP digest for authzid instead of username > ------------------------------------------------------------- > > Key: ELY-1426 > URL: https://issues.jboss.org/browse/ELY-1426 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Affects Versions: 1.2.0.Beta8 > Reporter: Jan Kalina > Assignee: Jan Kalina > Fix For: 1.2.0.Beta11 > > > In following patch was introduced bug: > https://github.com/wildfly-security/wildfly-elytron/pull/851/files#diff-d... > DigestSaslClient requests URP digest for default userName (authzid), not for authentication name (from NameCallback). > Code is ok for server side, but not for client side, where credential callback params should require name obtained by NameCallback. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2275) Null pointer exception when calling updateToVersion with data in a stateful KieSession

by Chad Poe (JIRA)

Chad Poe created DROOLS-2275: -------------------------------- Summary: Null pointer exception when calling updateToVersion with data in a stateful KieSession Key: DROOLS-2275 URL: https://issues.jboss.org/browse/DROOLS-2275 Project: Drools Issue Type: Bug Environment: Wildfly 8.2.1, Standalone Reporter: Chad Poe Assignee: Edson Tirelli Attachments: org.drools.test.beta-memory.zip This error was first discovered in a proprietary application that is running in wildfly 8.2.1. Up until now I was unable to reproduce outside of the mentioned environment. After narrowing down the exact conditions that cause the error to occur I was able to create a sample project that forces the issue to occur. Below is the stack trace: Caused by: java.lang.NullPointerException at org.drools.core.reteoo.BetaMemory.linkNode(BetaMemory.java:93) at org.drools.core.reteoo.BetaMemory.linkNode(BetaMemory.java:88) at org.drools.core.reteoo.SingleObjectSinkAdapter.staticDoLinkRiaNode(SingleObjectSinkAdapter.java:111) at org.drools.core.reteoo.SingleObjectSinkAdapter.doLinkRiaNode(SingleObjectSinkAdapter.java:93) at org.drools.core.reteoo.RiaPathMemory.doLinkRule(RiaPathMemory.java:52) at org.drools.core.reteoo.PathMemory.linkSegment(PathMemory.java:103) at org.drools.core.reteoo.SegmentMemory.notifyRuleLinkSegment(SegmentMemory.java:192) at org.drools.core.phreak.AddRemoveRule.addNewPaths(AddRemoveRule.java:452) at org.drools.core.phreak.AddRemoveRule.addRule(AddRemoveRule.java:123) at org.drools.core.reteoo.builder.ReteooRuleBuilder.addSubRule(ReteooRuleBuilder.java:189) at org.drools.core.reteoo.builder.ReteooRuleBuilder.addRule(ReteooRuleBuilder.java:133) at org.drools.core.reteoo.ReteooBuilder.addRule(ReteooBuilder.java:110) at org.drools.core.impl.KnowledgeBaseImpl.internalAddRule(KnowledgeBaseImpl.java:1530) at org.drools.core.impl.KnowledgeBaseImpl.lambda$addRules$4(KnowledgeBaseImpl.java:1523) at org.drools.core.impl.KnowledgeBaseImpl.enqueueModification(KnowledgeBaseImpl.java:734) at org.drools.core.impl.KnowledgeBaseImpl.addRules(KnowledgeBaseImpl.java:1521) at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.compileRete(KnowledgeBuilderImpl.java:1010) at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.buildRules(KnowledgeBuilderImpl.java:2524) at org.drools.compiler.builder.impl.KnowledgeBuilderImpl.buildPackages(KnowledgeBuilderImpl.java:2450) at org.drools.compiler.builder.impl.CompositeKnowledgeBuilderImpl.buildPackages(CompositeKnowledgeBuilderImpl.java:109) at org.drools.compiler.builder.impl.CompositeKnowledgeBuilderImpl.build(CompositeKnowledgeBuilderImpl.java:99) at org.drools.compiler.kie.builder.impl.KieContainerImpl.rebuildAll(KieContainerImpl.java:473) at org.drools.compiler.kie.builder.impl.KieContainerImpl.updateKBase(KieContainerImpl.java:309) at org.drools.compiler.kie.builder.impl.KieContainerImpl.lambda$update$0(KieContainerImpl.java:260) at org.drools.core.impl.KnowledgeBaseImpl.enqueueModification(KnowledgeBaseImpl.java:734) at org.drools.compiler.kie.builder.impl.KieContainerImpl.update(KieContainerImpl.java:260) at org.drools.compiler.kie.builder.impl.KieContainerImpl.updateToVersion(KieContainerImpl.java:199) at org.drools.test.KieRuntimeManager.buildOnKfs(KieRuntimeManager.java:202) at org.drools.test.KieRuntimeManager.loadRule(KieRuntimeManager.java:147) at org.drools.test.DroolsReasonerContainer.loadRule(DroolsReasonerContainer.java:22) at org.drools.test.App.main(App.java:22) ... 6 more -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1439) Perform certificate authentication only in cases when certificate is present

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1439?page=com.atlassian.jira.plugin.s... ] Jan Kalina updated ELY-1439: ---------------------------- Description: {panel} Martin Choma·10:18 AM I see some client certificate verificaton related exception. However, I am not configuring 2 way SSL, just 1 way SSL. Why does this verification happens eagerly when there is no chance it can success? Darran Lofthouse·11:03 AM @MartinChoma it is one of those older APIs where the only way we can find out if we do have a peer certificate is to make the call and find out if we get a response or an exception - that is why it is only logged at TRACE level. In this case this is in the mechanism initialisation so slightly separate from the SSLContext handling. Maybe we could double check if we have access to the SSLContext itself at any point and check if needing or wanting a client cert was enabled, but in the want case we would still get this same message if it was not available. Martin Choma·11:09 AM @DarranLofthouse , yes I was thinking of optimalization based on leveraging need-client-auth attribute. I will create enhancement ELY JIRA. Darran Lofthouse·11:10 AM @MartinChoma what we would need to check is if we get access to that, I can't remember if Remoting passes us the complete SSLContext or just the SSLSession if it exists {panel} {noformat} 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capabilities request 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: version 1 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote endpoint name "management-client" 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: message close protocol supported 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote version is "5.0.5.Final-redhat-1" 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels in is "40" 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels out is "40" 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: authentication service 10:13:29,067 TRACE [org.jboss.remoting.remote.server] (management I/O-2) No EXTERNAL mechanism due to unverified SSL peer 10:13:29,067 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Added mechanism ANONYMOUS 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No read bytes available 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 79 bytes 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) No buffers in queue for message header 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Allocated fresh buffers 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Received 79 bytes 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Received message java.nio.HeapByteBuffer[pos=0 lim=75 cap=8192] 10:13:29,068 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capabilities response 10:13:29,068 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: version 1 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote endpoint name "localhost:MANAGEMENT" 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: SASL mechanism ANONYMOUS 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) SASL mechanism ANONYMOUS added to allowed set 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: message close protocol supported 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote version is "5.0.5.Final-redhat-1" 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote channels in is "40" 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote channels out is "40" 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: authentication service 10:13:29,084 TRACE [org.wildfly.security] (XNIO-1 I/O-1) Created SaslClient for mechanism ANONYMOUS, using Provider WildFlyElytron and protocol remote 10:13:29,087 TRACE [org.wildfly.security] (XNIO-1 I/O-1) Created SaslClient [org.wildfly.security.sasl.util.PrivilegedSaslClient@286a43a6->org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$LocalPrincipalSaslClient@149c06be->org.wildfly.security.sasl.anonymous.AnonymousSaslClient@56ad35c9] for mechanisms [ANONYMOUS] 10:13:29,088 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client initiating authentication using mechanism ANONYMOUS 10:13:29,091 TRACE [org.jboss.remoting.endpoint] (XNIO-1 I/O-1) Allocated tick to 9 of endpoint "management-client" <7968a9d> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@71812f8) 10:13:29,093 TRACE [org.jboss.remoting.remote] (XNIO-1 task-3) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@4dff2604 10:13:29,094 TRACE [org.jboss.remoting.endpoint] (XNIO-1 task-3) Resource closed count 00000008 of endpoint "management-client" <7968a9d> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@71812f8) 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Sent 24 bytes 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Flushed channel 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 24 bytes 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=20 cap=8192] 10:13:29,094 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=20 cap=8192] 10:13:29,094 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received authentication request 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Peer unverified: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1000) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) at org.wildfly.security.sasl.util.SSLQueryCallbackHandler.handle(SSLQueryCallbackHandler.java:68) at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:96) at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:74) at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.createSaslServer(AuthenticationCompleteCallbackSaslServerFactory.java:51) at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.createSaslServer(TrustManagerSaslServerFactory.java:72) at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory.createSaslServer(AuthenticationTimeoutSaslServerFactory.java:74) at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) at org.wildfly.security.sasl.util.SSLSaslServerFactory.createSaslServer(SSLSaslServerFactory.java:67) at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) at org.wildfly.security.sasl.util.ServerNameSaslServerFactory.createSaslServer(ServerNameSaslServerFactory.java:48) at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) at org.wildfly.security.sasl.util.ProtocolSaslServerFactory.createSaslServer(ProtocolSaslServerFactory.java:48) at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.createSaslServer(SecurityIdentitySaslServerFactory.java:51) at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:61) at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:52) at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.createMechanism(AbstractMechanismAuthenticationFactory.java:54) at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:281) at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:141) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1131) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Handling MechanismInformationCallback type='SASL' name='ANONYMOUS' host-name='localhost.localdomain' protocol='remote' 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@2a8e9ff7->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@493accbb->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@6a9c91e2->org.wildfly.security.sasl.anonymous.AnonymousSaslServer@2b612585] for mechanism [ANONYMOUS] {noformat} was: {noformat} Martin Choma·10:18 AM I see some client certificate verificaton related exception. However, I am not configuring 2 way SSL, just 1 way SSL. Why does this verification happens eagerly when there is no chance it can success? Darran Lofthouse·11:03 AM @MartinChoma it is one of those older APIs where the only way we can find out if we do have a peer certificate is to make the call and find out if we get a response or an exception - that is why it is only logged at TRACE level. In this case this is in the mechanism initialisation so slightly separate from the SSLContext handling. Maybe we could double check if we have access to the SSLContext itself at any point and check if needing or wanting a client cert was enabled, but in the want case we would still get this same message if it was not available. Martin Choma·11:09 AM @DarranLofthouse , yes I was thinking of optimalization based on leveraging need-client-auth attribute. I will create enhancement ELY JIRA. Darran Lofthouse·11:10 AM @MartinChoma what we would need to check is if we get access to that, I can't remember if Remoting passes us the complete SSLContext or just the SSLSession if it exists {noformat} {noformat} 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capabilities request 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: version 1 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote endpoint name "management-client" 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: message close protocol supported 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote version is "5.0.5.Final-redhat-1" 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels in is "40" 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels out is "40" 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: authentication service 10:13:29,067 TRACE [org.jboss.remoting.remote.server] (management I/O-2) No EXTERNAL mechanism due to unverified SSL peer 10:13:29,067 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Added mechanism ANONYMOUS 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No read bytes available 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 79 bytes 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) No buffers in queue for message header 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Allocated fresh buffers 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Received 79 bytes 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Received message java.nio.HeapByteBuffer[pos=0 lim=75 cap=8192] 10:13:29,068 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capabilities response 10:13:29,068 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: version 1 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote endpoint name "localhost:MANAGEMENT" 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: SASL mechanism ANONYMOUS 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) SASL mechanism ANONYMOUS added to allowed set 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: message close protocol supported 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote version is "5.0.5.Final-redhat-1" 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote channels in is "40" 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote channels out is "40" 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: authentication service 10:13:29,084 TRACE [org.wildfly.security] (XNIO-1 I/O-1) Created SaslClient for mechanism ANONYMOUS, using Provider WildFlyElytron and protocol remote 10:13:29,087 TRACE [org.wildfly.security] (XNIO-1 I/O-1) Created SaslClient [org.wildfly.security.sasl.util.PrivilegedSaslClient@286a43a6->org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$LocalPrincipalSaslClient@149c06be->org.wildfly.security.sasl.anonymous.AnonymousSaslClient@56ad35c9] for mechanisms [ANONYMOUS] 10:13:29,088 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client initiating authentication using mechanism ANONYMOUS 10:13:29,091 TRACE [org.jboss.remoting.endpoint] (XNIO-1 I/O-1) Allocated tick to 9 of endpoint "management-client" <7968a9d> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@71812f8) 10:13:29,093 TRACE [org.jboss.remoting.remote] (XNIO-1 task-3) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@4dff2604 10:13:29,094 TRACE [org.jboss.remoting.endpoint] (XNIO-1 task-3) Resource closed count 00000008 of endpoint "management-client" <7968a9d> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@71812f8) 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Sent 24 bytes 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Flushed channel 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 24 bytes 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=20 cap=8192] 10:13:29,094 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=20 cap=8192] 10:13:29,094 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received authentication request 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Peer unverified: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1000) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) at org.wildfly.security.sasl.util.SSLQueryCallbackHandler.handle(SSLQueryCallbackHandler.java:68) at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:96) at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:74) at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.createSaslServer(AuthenticationCompleteCallbackSaslServerFactory.java:51) at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.createSaslServer(TrustManagerSaslServerFactory.java:72) at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory.createSaslServer(AuthenticationTimeoutSaslServerFactory.java:74) at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) at org.wildfly.security.sasl.util.SSLSaslServerFactory.createSaslServer(SSLSaslServerFactory.java:67) at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) at org.wildfly.security.sasl.util.ServerNameSaslServerFactory.createSaslServer(ServerNameSaslServerFactory.java:48) at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) at org.wildfly.security.sasl.util.ProtocolSaslServerFactory.createSaslServer(ProtocolSaslServerFactory.java:48) at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.createSaslServer(SecurityIdentitySaslServerFactory.java:51) at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:61) at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:52) at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.createMechanism(AbstractMechanismAuthenticationFactory.java:54) at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:281) at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:141) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1131) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Handling MechanismInformationCallback type='SASL' name='ANONYMOUS' host-name='localhost.localdomain' protocol='remote' 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@2a8e9ff7->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@493accbb->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@6a9c91e2->org.wildfly.security.sasl.anonymous.AnonymousSaslServer@2b612585] for mechanism [ANONYMOUS] {noformat} > Perform certificate authentication only in cases when certificate is present > ---------------------------------------------------------------------------- > > Key: ELY-1439 > URL: https://issues.jboss.org/browse/ELY-1439 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Mechanisms > Affects Versions: 1.2.0.Beta9 > Reporter: Martin Choma > > {panel} > Martin Choma·10:18 AM > I see some client certificate verificaton related exception. However, I am not configuring 2 way SSL, just 1 way SSL. Why does this verification happens eagerly when there is no chance it can success? > Darran Lofthouse·11:03 AM > @MartinChoma it is one of those older APIs where the only way we can find out if we do have a peer certificate is to make the call and find out if we get a response or an exception - that is why it is only logged at TRACE level. In this case this is in the mechanism initialisation so slightly separate from the SSLContext handling. Maybe we could double check if we have access to the SSLContext itself at any point and check if needing or wanting a client cert was enabled, but in the want case we would still get this same message if it was not available. > Martin Choma·11:09 AM > @DarranLofthouse , yes I was thinking of optimalization based on leveraging need-client-auth attribute. I will create enhancement ELY JIRA. > Darran Lofthouse·11:10 AM > @MartinChoma what we would need to check is if we get access to that, I can't remember if Remoting passes us the complete SSLContext or just the SSLSession if it exists > {panel} > {noformat} > 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capabilities request > 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: version 1 > 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote endpoint name "management-client" > 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: message close protocol supported > 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote version is "5.0.5.Final-redhat-1" > 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels in is "40" > 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels out is "40" > 10:13:29,062 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: authentication service > 10:13:29,067 TRACE [org.jboss.remoting.remote.server] (management I/O-2) No EXTERNAL mechanism due to unverified SSL peer > 10:13:29,067 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Added mechanism ANONYMOUS > 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 10:13:29,067 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No read bytes available > 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 79 bytes > 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) No buffers in queue for message header > 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Allocated fresh buffers > 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Received 79 bytes > 10:13:29,068 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Received message java.nio.HeapByteBuffer[pos=0 lim=75 cap=8192] > 10:13:29,068 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capabilities response > 10:13:29,068 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: version 1 > 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote endpoint name "localhost:MANAGEMENT" > 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: SASL mechanism ANONYMOUS > 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) SASL mechanism ANONYMOUS added to allowed set > 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: message close protocol supported > 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote version is "5.0.5.Final-redhat-1" > 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote channels in is "40" > 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: remote channels out is "40" > 10:13:29,069 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received capability: authentication service > 10:13:29,084 TRACE [org.wildfly.security] (XNIO-1 I/O-1) Created SaslClient for mechanism ANONYMOUS, using Provider WildFlyElytron and protocol remote > 10:13:29,087 TRACE [org.wildfly.security] (XNIO-1 I/O-1) Created SaslClient [org.wildfly.security.sasl.util.PrivilegedSaslClient@286a43a6->org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$LocalPrincipalSaslClient@149c06be->org.wildfly.security.sasl.anonymous.AnonymousSaslClient@56ad35c9] for mechanisms [ANONYMOUS] > 10:13:29,088 TRACE [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client initiating authentication using mechanism ANONYMOUS > 10:13:29,091 TRACE [org.jboss.remoting.endpoint] (XNIO-1 I/O-1) Allocated tick to 9 of endpoint "management-client" <7968a9d> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@71812f8) > 10:13:29,093 TRACE [org.jboss.remoting.remote] (XNIO-1 task-3) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@4dff2604 > 10:13:29,094 TRACE [org.jboss.remoting.endpoint] (XNIO-1 task-3) Resource closed count 00000008 of endpoint "management-client" <7968a9d> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@71812f8) > 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Sent 24 bytes > 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) Flushed channel > 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 24 bytes > 10:13:29,094 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=20 cap=8192] > 10:13:29,094 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=20 cap=8192] > 10:13:29,094 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received authentication request > 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Peer unverified: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1000) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) > at org.wildfly.security.sasl.util.SSLQueryCallbackHandler.handle(SSLQueryCallbackHandler.java:68) > at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:96) > at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:74) > at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.createSaslServer(AuthenticationCompleteCallbackSaslServerFactory.java:51) > at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.createSaslServer(TrustManagerSaslServerFactory.java:72) > at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory.createSaslServer(AuthenticationTimeoutSaslServerFactory.java:74) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.SSLSaslServerFactory.createSaslServer(SSLSaslServerFactory.java:67) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.ServerNameSaslServerFactory.createSaslServer(ServerNameSaslServerFactory.java:48) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.ProtocolSaslServerFactory.createSaslServer(ProtocolSaslServerFactory.java:48) > at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.createSaslServer(SecurityIdentitySaslServerFactory.java:51) > at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:61) > at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:52) > at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.createMechanism(AbstractMechanismAuthenticationFactory.java:54) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:281) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:141) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1131) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) > 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Handling MechanismInformationCallback type='SASL' name='ANONYMOUS' host-name='localhost.localdomain' protocol='remote' > 10:13:29,097 TRACE [org.wildfly.security] (management I/O-2) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@2a8e9ff7->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@493accbb->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@6a9c91e2->org.wildfly.security.sasl.anonymous.AnonymousSaslServer@2b612585] for mechanism [ANONYMOUS] > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1501) Release WildFly Elytron 1.1.8.Final

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-1501: ------------------------------------- Summary: Release WildFly Elytron 1.1.8.Final Key: ELY-1501 URL: https://issues.jboss.org/browse/ELY-1501 Project: WildFly Elytron Issue Type: Release Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 1.1.8.CR1 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2018