Hynek Švábek created WFLY-6922: ---------------------------------- Summary: Default value for "realm" option in RealmUsersRolesLoginModule isn't set. Key: WFLY-6922 URL: https://issues.jboss.org/browse/WFLY-6922 Project: WildFly Issue Type: Bug Components: Security Reporter: Hynek Švábek Assignee: Darran Lofthouse Default value for "realm" option in RealmUsersRolesLoginModule isn't set. I can see default value for "realm" option in documentation https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli.... But I have to set this option explicitly otherwise I will get NPE exception. In my opinion problem is here https://github.com/jbossas/jboss-eap7/blob/7.x/security/subsystem/src/mai.... {code} 2016-08-04 10:58:19,415 DEBUG [org.jboss.security] (management task-9) PBOX00206: Login failure: javax.security.auth.login.LoginException: java.lang.NullPointerException at org.jboss.sasl.util.UsernamePasswordHashUtil.stringToByte(UsernamePasswordHashUtil.java:86) at org.jboss.sasl.util.UsernamePasswordHashUtil.generateHashedURP(UsernamePasswordHashUtil.java:131) at org.jboss.sasl.util.UsernamePasswordHashUtil.generateHashedHexURP(UsernamePasswordHashUtil.java:156) at org.jboss.sasl.util.UsernamePasswordHashUtil.generateHashedHexURP(UsernamePasswordHashUtil.java:162) at org.jboss.as.security.RealmUsersRolesLoginModule.createPasswordHash(RealmUsersRolesLoginModule.java:71) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:263) at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:171) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406) at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323) at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:406) at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:367) at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:347) at org.jboss.as.domain.management.security.JaasCallbackHandler.handle(JaasCallbackHandler.java:174) at org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:175) at org.jboss.as.domain.http.server.security.RealmIdentityManager.verify(RealmIdentityManager.java:162) at org.jboss.as.domain.http.server.security.RealmIdentityManager.verify(RealmIdentityManager.java:141) at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:161) at org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:239) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:257) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:225) at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:124) at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99) at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406) at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323) at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:406) at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:367) at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:347) at org.jboss.as.domain.management.security.JaasCallbackHandler.handle(JaasCallbackHandler.java:174) at org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:175) at org.jboss.as.domain.http.server.security.RealmIdentityManager.verify(RealmIdentityManager.java:162) at org.jboss.as.domain.http.server.security.RealmIdentityManager.verify(RealmIdentityManager.java:141) at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:161) at org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:239) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:257) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:225) at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:124) at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99) at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)