June 2020 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-13514) Huge memory leak in WildFly

by Flavia Rainone (Jira)

[ https://issues.redhat.com/browse/WFLY-13514?page=com.atlassian.jira.plugi... ] Flavia Rainone commented on WFLY-13514: --------------------------------------- It seems I found a fix for UNDERTOW-1573 that does not causes this OOME. I'm running a few more tests before submitting a PR and releasing Undertow 2.1.2.Final with the fix. > Huge memory leak in WildFly > --------------------------- > > Key: WFLY-13514 > URL: https://issues.redhat.com/browse/WFLY-13514 > Project: WildFly > Issue Type: Bug > Components: CDI / Weld, JSF, Web (Undertow) > Affects Versions: 18.0.1.Final, 19.1.0.Final, 20.0.0.Beta1 > Reporter: Konrad Bak > Assignee: Flavia Rainone > Priority: Blocker > Fix For: 20.0.0.Final > > > https://github.com/konbk/bug-report-wildfly-oome > The project shows a huge memory leak introduced in recent WildFly versions that can crash a real-world Java EE application in a matter of hours. > When a JSF page contains any component bound to page variable, all CDI beans (regardless of scope) used on that page stay in memory. -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4988) Upgrade Undertow from 2.1.1.Final to 2.1.2.Final

by Brian Stansberry (Jira)

Brian Stansberry created WFCORE-4988: ---------------------------------------- Summary: Upgrade Undertow from 2.1.1.Final to 2.1.2.Final Key: WFCORE-4988 URL: https://issues.redhat.com/browse/WFCORE-4988 Project: WildFly Core Issue Type: Component Upgrade Components: Server Reporter: Brian Stansberry Assignee: Flavia Rainone Fix For: 12.0.0.CR1 Tracker to pick up any final Undertow upgrade needed for WF 20.0.0.Final. -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1428) Elytron provider has to be installed manually for key-store-ssl-certificate

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-1428?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-1428: ------------------------------- Description: Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider. {noformat} Security.addProvider(new WildFlyElytronProvider()); {noformat} Specifying this in {{wildfly-config.xml}} doesn't help: {noformat} <providers> <use-service-loader/> </providers> {noformat} Example of {{wildfly-config.xml}} where I need this when using it with EJB client: {code:xml} <configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <credentials> <key-store-reference key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-reference> </credentials> </configuration> </authentication-configurations> <key-stores> <key-store name="client-keystore" type="JKS"> <file name="${keystore.path:src/main/resources/client.keystore}"/> <key-store-clear-password password="abcdef"/> </key-store> <key-store name="client-truststore" type="JKS"> <file name="${truststore.path:src/main/resources/client.truststore}"/> </key-store> </key-stores> <ssl-contexts> <ssl-context name="client-ssl-context"> <trust-store key-store-name="client-truststore"/> <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-ssl-certificate> </ssl-context> </ssl-contexts> <ssl-context-rules> <rule use-ssl-context="client-ssl-context"/> </ssl-context-rules> </authentication-client> </configuration> {code} Without installing the Elytron provider, the client will fail with this error: {noformat} Exception in thread "main" java.lang.ExceptionInInitializerError at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:21) Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) ... 10 more Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) ... 12 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) ... 24 more {noformat} Using credential-store-reference clear-text cause similar error. There is example of clear passwords which works, so it will be problem of this specific elements: {code:xml} <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <sasl-mechanism-selector selector="DIGEST-MD5"/> <set-user-name name="joe"/> <credentials> <clear-password password="joeIsAwesome2013!"/> </credentials> </configuration> </authentication-configurations> </authentication-client> {code} was: Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider. {noformat} Security.addProvider(new WildFlyElytronProvider()); {noformat} Specifying this in {{wildfly-config.xml}} doesn't help: {noformat} <providers> <use-service-loader/> </providers> {noformat} Example of {{wildfly-config.xml}} where I need this when using it with EJB client: {code:xml} <configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <credentials> <key-store-reference key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-reference> </credentials> </configuration> </authentication-configurations> <key-stores> <key-store name="client-keystore" type="JKS"> <file name="${keystore.path:src/main/resources/client.keystore}"/> <key-store-clear-password password="abcdef"/> </key-store> <key-store name="client-truststore" type="JKS"> <file name="${truststore.path:src/main/resources/client.truststore}"/> </key-store> </key-stores> <ssl-contexts> <ssl-context name="client-ssl-context"> <trust-store key-store-name="client-truststore"/> <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-ssl-certificate> </ssl-context> </ssl-contexts> <ssl-context-rules> <rule use-ssl-context="client-ssl-context"/> </ssl-context-rules> </authentication-client> </configuration> {code} Without installing the Elytron provider, the client will fail with this error: {noformat} Exception in thread "main" java.lang.ExceptionInInitializerError at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:21) Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) ... 10 more Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) ... 12 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) ... 24 more {noformat} Using credential-store-reference clear-text cause similar error. There is example of clear passwords which works, so it will be problem of this specific elements: {code:xml} <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <sasl-mechanism-selector selector="DIGEST-MD5"/> <set-user-name name="joe"/> <credentials> <clear-password password="joeIsAwesome2013!"/> </credentials> </configuration> </authentication-configurations> </authentication-client> {code} The problem seems to be in PasswordFactory.getInstance() in KeyStoreCredentialStore where we aren't setting the providers we have configured. Instead, it seems to use INSTALLED_PROVIDERS which does not have the Elytron providers. > Elytron provider has to be installed manually for key-store-ssl-certificate > --------------------------------------------------------------------------- > > Key: ELY-1428 > URL: https://issues.redhat.com/browse/ELY-1428 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.9.Final, 1.2.0.Beta11 > > > Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider. > {noformat} > Security.addProvider(new WildFlyElytronProvider()); > {noformat} > Specifying this in {{wildfly-config.xml}} doesn't help: > {noformat} > <providers> > <use-service-loader/> > </providers> > {noformat} > Example of {{wildfly-config.xml}} where I need this when using it with EJB client: > {code:xml} > <configuration> > <authentication-client xmlns="urn:elytron:1.0"> > <authentication-rules> > <rule use-configuration="default"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default"> > <credentials> > <key-store-reference key-store-name="client-keystore" alias="joe"> > <key-store-clear-password password="abcdef"/> > </key-store-reference> > </credentials> > </configuration> > </authentication-configurations> > <key-stores> > <key-store name="client-keystore" type="JKS"> > <file name="${keystore.path:src/main/resources/client.keystore}"/> > <key-store-clear-password password="abcdef"/> > </key-store> > <key-store name="client-truststore" type="JKS"> > <file name="${truststore.path:src/main/resources/client.truststore}"/> > </key-store> > </key-stores> > <ssl-contexts> > <ssl-context name="client-ssl-context"> > <trust-store key-store-name="client-truststore"/> > <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> > <key-store-clear-password password="abcdef"/> > </key-store-ssl-certificate> > </ssl-context> > </ssl-contexts> > <ssl-context-rules> > <rule use-ssl-context="client-ssl-context"/> > </ssl-context-rules> > </authentication-client> > </configuration> > {code} > Without installing the Elytron provider, the client will fail with this error: > {noformat} > Exception in thread "main" java.lang.ExceptionInInitializerError > at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) > at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) > at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) > at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) > at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) > at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) > at com.sun.proxy.$Proxy2.hello(Unknown Source) > at client.Client.main(Client.java:21) > Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data > at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) > ... 10 more > Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data > at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) > ... 12 more > Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) > ... 24 more > {noformat} > Using credential-store-reference clear-text cause similar error. > There is example of clear passwords which works, so it will be problem of this specific elements: > {code:xml} > <authentication-client xmlns="urn:elytron:1.0"> > <authentication-rules> > <rule use-configuration="default"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default"> > <sasl-mechanism-selector selector="DIGEST-MD5"/> > <set-user-name name="joe"/> > <credentials> > <clear-password password="joeIsAwesome2013!"/> > </credentials> > </configuration> > </authentication-configurations> > </authentication-client> > {code} -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1428) Elytron provider has to be installed manually for key-store-ssl-certificate

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-1428?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-1428: ------------------------------- Description: Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider. {noformat} Security.addProvider(new WildFlyElytronProvider()); {noformat} Specifying this in {{wildfly-config.xml}} doesn't help: {noformat} <providers> <use-service-loader/> </providers> {noformat} Example of {{wildfly-config.xml}} where I need this when using it with EJB client: {code:xml} <configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <credentials> <key-store-reference key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-reference> </credentials> </configuration> </authentication-configurations> <key-stores> <key-store name="client-keystore" type="JKS"> <file name="${keystore.path:src/main/resources/client.keystore}"/> <key-store-clear-password password="abcdef"/> </key-store> <key-store name="client-truststore" type="JKS"> <file name="${truststore.path:src/main/resources/client.truststore}"/> </key-store> </key-stores> <ssl-contexts> <ssl-context name="client-ssl-context"> <trust-store key-store-name="client-truststore"/> <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-ssl-certificate> </ssl-context> </ssl-contexts> <ssl-context-rules> <rule use-ssl-context="client-ssl-context"/> </ssl-context-rules> </authentication-client> </configuration> {code} Without installing the Elytron provider, the client will fail with this error: {noformat} Exception in thread "main" java.lang.ExceptionInInitializerError at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:21) Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) ... 10 more Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) ... 12 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) ... 24 more {noformat} Using credential-store-reference clear-text cause similar error. There is example of clear passwords which works, so it will be problem of this specific elements: {code:xml} <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <sasl-mechanism-selector selector="DIGEST-MD5"/> <set-user-name name="joe"/> <credentials> <clear-password password="joeIsAwesome2013!"/> </credentials> </configuration> </authentication-configurations> </authentication-client> {code} The problem seems to be in PasswordFactory.getInstance() in KeyStoreCredentialStore where we aren't setting the providers we have configured. Instead, it seems to use INSTALLED_PROVIDERS which does not have the Elytron providers. was: Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider. {noformat} Security.addProvider(new WildFlyElytronProvider()); {noformat} Specifying this in {{wildfly-config.xml}} doesn't help: {noformat} <providers> <use-service-loader/> </providers> {noformat} Example of {{wildfly-config.xml}} where I need this when using it with EJB client: {code:xml} <configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <credentials> <key-store-reference key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-reference> </credentials> </configuration> </authentication-configurations> <key-stores> <key-store name="client-keystore" type="JKS"> <file name="${keystore.path:src/main/resources/client.keystore}"/> <key-store-clear-password password="abcdef"/> </key-store> <key-store name="client-truststore" type="JKS"> <file name="${truststore.path:src/main/resources/client.truststore}"/> </key-store> </key-stores> <ssl-contexts> <ssl-context name="client-ssl-context"> <trust-store key-store-name="client-truststore"/> <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-ssl-certificate> </ssl-context> </ssl-contexts> <ssl-context-rules> <rule use-ssl-context="client-ssl-context"/> </ssl-context-rules> </authentication-client> </configuration> {code} Without installing the Elytron provider, the client will fail with this error: {noformat} Exception in thread "main" java.lang.ExceptionInInitializerError at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:21) Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) ... 10 more Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) ... 12 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) ... 24 more {noformat} Using credential-store-reference clear-text cause similar error. There is example of clear passwords which works, so it will be problem of this specific elements: {code:xml} <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <sasl-mechanism-selector selector="DIGEST-MD5"/> <set-user-name name="joe"/> <credentials> <clear-password password="joeIsAwesome2013!"/> </credentials> </configuration> </authentication-configurations> </authentication-client> {code} > Elytron provider has to be installed manually for key-store-ssl-certificate > --------------------------------------------------------------------------- > > Key: ELY-1428 > URL: https://issues.redhat.com/browse/ELY-1428 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.9.Final, 1.2.0.Beta11 > > > Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider. > {noformat} > Security.addProvider(new WildFlyElytronProvider()); > {noformat} > Specifying this in {{wildfly-config.xml}} doesn't help: > {noformat} > <providers> > <use-service-loader/> > </providers> > {noformat} > Example of {{wildfly-config.xml}} where I need this when using it with EJB client: > {code:xml} > <configuration> > <authentication-client xmlns="urn:elytron:1.0"> > <authentication-rules> > <rule use-configuration="default"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default"> > <credentials> > <key-store-reference key-store-name="client-keystore" alias="joe"> > <key-store-clear-password password="abcdef"/> > </key-store-reference> > </credentials> > </configuration> > </authentication-configurations> > <key-stores> > <key-store name="client-keystore" type="JKS"> > <file name="${keystore.path:src/main/resources/client.keystore}"/> > <key-store-clear-password password="abcdef"/> > </key-store> > <key-store name="client-truststore" type="JKS"> > <file name="${truststore.path:src/main/resources/client.truststore}"/> > </key-store> > </key-stores> > <ssl-contexts> > <ssl-context name="client-ssl-context"> > <trust-store key-store-name="client-truststore"/> > <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> > <key-store-clear-password password="abcdef"/> > </key-store-ssl-certificate> > </ssl-context> > </ssl-contexts> > <ssl-context-rules> > <rule use-ssl-context="client-ssl-context"/> > </ssl-context-rules> > </authentication-client> > </configuration> > {code} > Without installing the Elytron provider, the client will fail with this error: > {noformat} > Exception in thread "main" java.lang.ExceptionInInitializerError > at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) > at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) > at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) > at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) > at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) > at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) > at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) > at com.sun.proxy.$Proxy2.hello(Unknown Source) > at client.Client.main(Client.java:21) > Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data > at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) > ... 10 more > Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data > at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) > ... 12 more > Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) > ... 24 more > {noformat} > Using credential-store-reference clear-text cause similar error. > There is example of clear passwords which works, so it will be problem of this specific elements: > {code:xml} > <authentication-client xmlns="urn:elytron:1.0"> > <authentication-rules> > <rule use-configuration="default"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default"> > <sasl-mechanism-selector selector="DIGEST-MD5"/> > <set-user-name name="joe"/> > <credentials> > <clear-password password="joeIsAwesome2013!"/> > </credentials> > </configuration> > </authentication-configurations> > </authentication-client> > {code} > The problem seems to be in PasswordFactory.getInstance() in KeyStoreCredentialStore where we aren't setting the providers we have configured. Instead, it seems to use INSTALLED_PROVIDERS which does not have the Elytron providers. -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1976) Elytron provider not being used with credential store and SASL authentication

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-1976?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-1976: ------------------------------- Description: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. {code:java} <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> {code} The provider configuration in wildfly-config.xml is specified correctly: {code:java} <providers> <use-service-loader /> </providers> {code} The problem seems to be in PasswordFactory.getInstance() in KeyStoreCredentialStore where we aren't setting the providers we have configured. Instead, it seems to use INSTALLED_PROVIDERS which does not have the Elytron providers. was: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. {code:java} <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> {code} The provider configuration in wildfly-config.xml is specified correctly: {code:java} <providers> <use-service-loader /> </providers> {code} The problem seems to be in {code:java}PasswordFactory.getInstance(){code} in {code:java}KeyStoreCredentialStore{code} where we aren't setting the providers we have configured. Instead, it seems to use {code:java}INSTALLED_PROVIDERS{code} which does not have the Elytron providers. > Elytron provider not being used with credential store and SASL authentication > ----------------------------------------------------------------------------- > > Key: ELY-1976 > URL: https://issues.redhat.com/browse/ELY-1976 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: > {code:java} > Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] > at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) > at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) > at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) > at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) > at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: java.io.IOException: ELY01030: Unable to read credential > at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) > at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) > at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) > at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) > at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) > ... 16 more > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) > at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) > at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) > at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) > ... 20 more > Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) > ... 23 more > {code} > Here is my wildfly-config.xml where the credential-store-reference has been configured. > {code:java} > <configuration> > <authentication-client xmlns="urn:elytron:client:1.5"> > <credential-stores> > <credential-store name="mycredstore"> > <attributes> > <attribute name="keyStoreType" value="JCEKS"/> > <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> > </attributes> > <protection-parameter-credentials> > <clear-password password="StorePassword"/> > </protection-parameter-credentials> > </credential-store> > </credential-stores> > <authentication-rules> > <rule use-configuration="default-config"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default-config"> > <set-user-name name="quickstartUser"/> > <credentials> > <credential-store-reference store="mycredstore" alias="quickstartUser"/> > </credentials> > <sasl-mechanism-selector selector="SCRAM-SHA-512"/> > <providers> > <use-service-loader /> > </providers> > </configuration> > </authentication-configurations> > </authentication-client> > </configuration> > {code} > The provider configuration in wildfly-config.xml is specified correctly: > {code:java} > <providers> > <use-service-loader /> > </providers> > {code} > The problem seems to be in PasswordFactory.getInstance() in KeyStoreCredentialStore where we aren't setting the providers we have configured. Instead, it seems to use INSTALLED_PROVIDERS which does not have the Elytron providers. -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1976) Elytron provider not being used with credential store and SASL authentication

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-1976?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-1976: ------------------------------- Description: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. {code:java} <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> {code} The provider configuration in wildfly-config.xml is specified correctly: {code:java} <providers> <use-service-loader /> </providers> {code} The problem seems to be in {code:java}PasswordFactory.getInstance(){code} in {code:java}KeyStoreCredentialStore{code} where we aren't setting the providers we have configured. Instead, it seems to use {code:java}INSTALLED_PROVIDERS{code} which does not have the Elytron providers. was: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. {code:java} <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> {code} The provider configuration in wildfly-config.xml is specified correctly: ``` <providers> <use-service-loader /> </providers> ``` The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. > Elytron provider not being used with credential store and SASL authentication > ----------------------------------------------------------------------------- > > Key: ELY-1976 > URL: https://issues.redhat.com/browse/ELY-1976 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: > {code:java} > Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] > at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) > at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) > at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) > at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) > at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: java.io.IOException: ELY01030: Unable to read credential > at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) > at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) > at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) > at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) > at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) > ... 16 more > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) > at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) > at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) > at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) > ... 20 more > Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) > ... 23 more > {code} > Here is my wildfly-config.xml where the credential-store-reference has been configured. > {code:java} > <configuration> > <authentication-client xmlns="urn:elytron:client:1.5"> > <credential-stores> > <credential-store name="mycredstore"> > <attributes> > <attribute name="keyStoreType" value="JCEKS"/> > <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> > </attributes> > <protection-parameter-credentials> > <clear-password password="StorePassword"/> > </protection-parameter-credentials> > </credential-store> > </credential-stores> > <authentication-rules> > <rule use-configuration="default-config"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default-config"> > <set-user-name name="quickstartUser"/> > <credentials> > <credential-store-reference store="mycredstore" alias="quickstartUser"/> > </credentials> > <sasl-mechanism-selector selector="SCRAM-SHA-512"/> > <providers> > <use-service-loader /> > </providers> > </configuration> > </authentication-configurations> > </authentication-client> > </configuration> > {code} > The provider configuration in wildfly-config.xml is specified correctly: > {code:java} > <providers> > <use-service-loader /> > </providers> > {code} > The problem seems to be in {code:java}PasswordFactory.getInstance(){code} in {code:java}KeyStoreCredentialStore{code} where we aren't setting the providers we have configured. Instead, it seems to use {code:java}INSTALLED_PROVIDERS{code} which does not have the Elytron providers. -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1976) Elytron provider not being used with credential store and SASL authentication

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-1976?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-1976: ------------------------------- Description: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. ``` <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> ``` The provider configuration in wildfly-config.xml is specified correctly: ``` <providers> <use-service-loader /> </providers> ``` The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. was: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: ``` Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more ``` Here is my wildfly-config.xml where the credential-store-reference has been configured. ``` <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> ``` The provider configuration in wildfly-config.xml is specified correctly: ``` <providers> <use-service-loader /> </providers> ``` The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. > Elytron provider not being used with credential store and SASL authentication > ----------------------------------------------------------------------------- > > Key: ELY-1976 > URL: https://issues.redhat.com/browse/ELY-1976 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: > {code:java} > Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] > at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) > at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) > at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) > at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) > at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: java.io.IOException: ELY01030: Unable to read credential > at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) > at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) > at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) > at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) > at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) > ... 16 more > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) > at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) > at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) > at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) > ... 20 more > Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) > ... 23 more > {code} > Here is my wildfly-config.xml where the credential-store-reference has been configured. > ``` > <configuration> > <authentication-client xmlns="urn:elytron:client:1.5"> > <credential-stores> > <credential-store name="mycredstore"> > <attributes> > <attribute name="keyStoreType" value="JCEKS"/> > <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> > </attributes> > <protection-parameter-credentials> > <clear-password password="StorePassword"/> > </protection-parameter-credentials> > </credential-store> > </credential-stores> > <authentication-rules> > <rule use-configuration="default-config"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default-config"> > <set-user-name name="quickstartUser"/> > <credentials> > <credential-store-reference store="mycredstore" alias="quickstartUser"/> > </credentials> > <sasl-mechanism-selector selector="SCRAM-SHA-512"/> > <providers> > <use-service-loader /> > </providers> > </configuration> > </authentication-configurations> > </authentication-client> > </configuration> > ``` > The provider configuration in wildfly-config.xml is specified correctly: > ``` > <providers> > <use-service-loader /> > </providers> > ``` > The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1976) Elytron provider not being used with credential store and SASL authentication

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-1976?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-1976: ------------------------------- Description: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. {code:java} <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> {code} The provider configuration in wildfly-config.xml is specified correctly: ``` <providers> <use-service-loader /> </providers> ``` The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. was: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. ``` <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> ``` The provider configuration in wildfly-config.xml is specified correctly: ``` <providers> <use-service-loader /> </providers> ``` The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. > Elytron provider not being used with credential store and SASL authentication > ----------------------------------------------------------------------------- > > Key: ELY-1976 > URL: https://issues.redhat.com/browse/ELY-1976 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: > {code:java} > Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] > at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) > at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) > at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) > at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) > at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: java.io.IOException: ELY01030: Unable to read credential > at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) > at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) > at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) > at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) > at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) > ... 16 more > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) > at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) > at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) > at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) > ... 20 more > Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) > ... 23 more > {code} > Here is my wildfly-config.xml where the credential-store-reference has been configured. > {code:java} > <configuration> > <authentication-client xmlns="urn:elytron:client:1.5"> > <credential-stores> > <credential-store name="mycredstore"> > <attributes> > <attribute name="keyStoreType" value="JCEKS"/> > <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> > </attributes> > <protection-parameter-credentials> > <clear-password password="StorePassword"/> > </protection-parameter-credentials> > </credential-store> > </credential-stores> > <authentication-rules> > <rule use-configuration="default-config"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default-config"> > <set-user-name name="quickstartUser"/> > <credentials> > <credential-store-reference store="mycredstore" alias="quickstartUser"/> > </credentials> > <sasl-mechanism-selector selector="SCRAM-SHA-512"/> > <providers> > <use-service-loader /> > </providers> > </configuration> > </authentication-configurations> > </authentication-client> > </configuration> > {code} > The provider configuration in wildfly-config.xml is specified correctly: > ``` > <providers> > <use-service-loader /> > </providers> > ``` > The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1976) Elytron provider not being used with credential store and SASL authentication

by Sonia Zaldana (Jira)

Sonia Zaldana created ELY-1976: ---------------------------------- Summary: Elytron provider not being used with credential store and SASL authentication Key: ELY-1976 URL: https://issues.redhat.com/browse/ELY-1976 Project: WildFly Elytron Issue Type: Bug Components: Authentication Client Reporter: Sonia Zaldana Assignee: Sonia Zaldana Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: ``` Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more ``` Here is my wildfly-config.xml where the credential-store-reference has been configured. ``` <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> ``` The provider configuration in wildfly-config.xml is specified correctly: ``` <providers> <use-service-loader /> </providers> ``` The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-4995) Error popups when collection editor dialog is open

by Yeser Amer (Jira)

[ https://issues.redhat.com/browse/DROOLS-4995?page=com.atlassian.jira.plug... ] Yeser Amer commented on DROOLS-4995: ------------------------------------ Hi [~srambach]! I would like to apply a sort of backdrop around that modal window, can you please suggest me a way to implement it? Thanks! > Error popups when collection editor dialog is open > --------------------------------------------------- > > Key: DROOLS-4995 > URL: https://issues.redhat.com/browse/DROOLS-4995 > Project: Drools > Issue Type: Bug > Components: Test Scenarios Editor > Affects Versions: 7.32.0.Final > Reporter: Anna Dupliak > Assignee: Yeser Amer > Priority: Minor > Labels: drools-tools > Attachments: overlapError.webm > > > The error popup overlaps with collection dialog editor wlile navigating to the filing cell and releasing focus again (without clicking) > See the video -- This message was sent by Atlassian Jira (v7.13.8#713008)

3 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira June 2020