]
Anil Saldhana reassigned JBAS-7876:
-----------------------------------
Assignee: Anil Saldhana (was: Stefan Guilhen)
NPE in JNDIBasedSecurityManagement causing authentication failure
-----------------------------------------------------------------
Key: JBAS-7876
URL:
https://jira.jboss.org/jira/browse/JBAS-7876
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-6.0.0.M2
Environment: JBoss AS trunk
Reporter: Jeff Mesnil
Assignee: Anil Saldhana
Fix For: JBossAS-6.0.0.M3
when running TCK jms tests, tests starts to fail with authentication error.
The failing tests are doing nothing fancy with security, just authenticating JMS user.
I have 300+ tests with the same security settings which pass and then the following tests
start to fail because the JMS user can no longer be authenticated.
I enabled jboss security traces and got a NPE just before tests start to fail:
13:13:27,409 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Look up
of JNDI for cts/mappingMgr failed with null
13:13:27,410 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Exception
in getting MappingManager: java.lang.NullPointerException
at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:881)
at
org.jboss.security.integration.JNDIBasedSecurityManagement.getMappingManager(JNDIBasedSecurityManagement.java:219)
at
org.jboss.security.plugins.JBossSecurityContext.getMappingManager(JBossSecurityContext.java:280)
at
org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:406)
at
org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
at
org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at
org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at
org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
...
13:13:27,414 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught
unexpected exception: java.lang.NullPointerException
at
org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:407)
at
org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
at
org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at
org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at
org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
...
13:13:57,453 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] logout
13:13:57,454 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin
getAppConfigurationEntry(cts), size=15
13:13:57,454 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End
getAppConfigurationEntry(cts), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=usersProperties, value=cts-users.properties
name=unauthenticatedIdentity, value=cts-user
name=rolesProperties, value=cts-roles.properties
name=password-stacking, value=useFirstPass
13:13:57,456 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.cts] Login
failure: javax.security.auth.login.LoginException: classe LoginModule introuvable :
org.jboss.security.auth.spi.UsersRolesLoginModule
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at
org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUser(JBossASSecurityManager.java:81)
at
org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:128)
...
This occurs only when I ran the full tests (which takes several hours).
Restarting the AS and running again the failing tests did not show the authentication
error.
I enabled traces for org.jboss.security. Tell me if you need more info
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: