Jan Kalina created WFLY-7429: -------------------------------- Summary: configurable-sasl-server-factory cannot set mechanism information Key: WFLY-7429 URL: https://issues.jboss.org/browse/WFLY-7429 Project: WildFly Issue Type: Bug Components: Security Reporter: Jan Kalina Assignee: Jan Kalina sasl-authentication-factory and sasl-server-factory creates chain of SaslServerFactories - for example ServerNameSaslServerFactory only delegates creating to following factory in chain but with rewriting of the server name. In this chain is also *SetMechanismInformationSaslServerFactory*, which call callback handler to send MechanismInformation into ServerAuthenticationContext - there it will cause state change from InactiveState to InitialState. *The problem is,* if the configurable-sasl-server-factory is used, the *SetMechanismInformationSaslServerFactory* is in chain twice. The first occurence (by sasl-authentication-factory) will cause change state to InitialState, but before the serverName+protocol is overriden by SaslServerFactories following in chain. The second occurence (by configurable-sasl-server-factory) already have serverName+protocol set, but because the ServerAuthenticationContext is already in InitialState, the exception "Too late to set" is thrown and createSaslServer returns null - fail completely. The chain of SaslServerFactories: {code:java} AuthenticationTimeoutSSF TrustManagerSSF AuthenticationCompleteSSF SetMechanismInformationSSF => cbh => InactiveState -> InitialState(undefined, null) ServerNameSSF ProtocolSSF SetMechanismInformationSSF => cbh => "Too late to set" => return null SecurityProviderSSF {code} Will have to discuss yet how to correctly solve this... (maybe consider allowing of multiple MechanismInformation setting? In current design the sasl-authentication-factory cannot detect the configurable-sasl-server-factory WILL change the MechanismInformation yet...) -- This message was sent by Atlassian JIRA (v7.2.2#72004)