Empty http-authentication-factory tries uselessly all mechanisms ---------------------------------------------------------------- Key: WFCORE-3100 URL: https://issues.jboss.org/browse/WFCORE-3100 Project: WildFly Core Issue Type: Bug Components: Security Affects Versions: 3.0.0.Beta28 Reporter: Chao Wang Assignee: Chao Wang Configure server {code} # configure emtpty http-authentication-factory /subsystem=elytron/http-authentication-factory=my-management-http-authentication:add(security-domain=ManagementDomain, http-server-mechanism-factory=global) /core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory, value=my-management-http-authentication) # turn on TRACE logging /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL) /subsystem=logging/logger=org.jboss.security:add(level=ALL) /subsystem=logging/logger=org.jboss.as.security:add(level=ALL) /subsystem=logging/logger=org.picketbox:add(level=ALL) /subsystem=logging/logger=org.apache.catalina.authenticator:add(level=ALL) /subsystem=logging/logger=org.jboss.as.web.security:add(level=ALL) /subsystem=logging/logger=org.jboss.as.domain.management.security:add(level=ALL) /subsystem=logging/logger=org.wildfly.security:add(level=ALL) /subsystem=logging/logger=org.wildfly.elytron:add(level=ALL) {code} access http://localhost.localdomain:9990/management?operation=attribute&name... All mechanisms are tried with message "Unable to locate MechanismConfiguration for mechanism" {code} 09:21:05,673 TRACE [org.wildfly.security] (management task-7) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@56a6073e] for mechanism [CLIENT_CERT] 09:21:05,673 TRACE [org.wildfly.security] (management task-7) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@4f903500] for mechanism [SPNEGO] 09:21:05,673 TRACE [org.wildfly.security] (management task-7) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@739e6b09] for mechanism [BEARER_TOKEN] 09:21:05,673 TRACE [org.wildfly.security] (management task-7) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@4f50422a] for mechanism [DIGEST] 09:21:05,673 TRACE [org.wildfly.security] (management task-7) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@29292309] for mechanism [FORM] 09:21:05,674 TRACE [org.wildfly.security] (management task-7) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@675f3b19] for mechanism [BASIC] 09:21:05,674 TRACE [org.wildfly.security] (management task-7) Handling MechanismInformationCallback type='HTTP' name='CLIENT_CERT' host-name='localhost.localdomain' protocol='http' 09:21:05,674 TRACE [org.wildfly.security] (management task-7) CLIENT_CERT: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism. at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1061) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87) ... 11 more Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1425) at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1325) at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:324) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1058) ... 14 more 09:21:05,675 TRACE [org.wildfly.security] (management task-7) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http' 09:21:05,675 TRACE [org.wildfly.security] (management task-7) SPNEGO: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism. at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='SPNEGO', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1061) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87) ... 11 more Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='SPNEGO', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1425) at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1325) at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:324) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1058) ... 14 more 09:21:05,676 TRACE [org.wildfly.security] (management task-7) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost.localdomain' protocol='http' 09:21:05,676 TRACE [org.wildfly.security] (management task-7) BEARER_TOKEN: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism. at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.... at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1061) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87) ... 11 more Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1425) at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1325) at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:324) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1058) ... 14 more 09:21:05,676 TRACE [org.wildfly.security] (management task-7) Handling MechanismInformationCallback type='HTTP' name='DIGEST' host-name='localhost.localdomain' protocol='http' 09:21:05,676 TRACE [org.wildfly.security] (management task-7) DIGEST: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism. at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='DIGEST', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1061) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87) ... 11 more Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='DIGEST', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1425) at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1325) at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:324) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1058) ... 14 more 09:21:05,677 TRACE [org.wildfly.security] (management task-7) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost.localdomain' protocol='http' 09:21:05,677 TRACE [org.wildfly.security] (management task-7) FORM: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism. at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1061) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87) ... 11 more Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1425) at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1325) at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:324) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1058) ... 14 more 09:21:05,677 TRACE [org.wildfly.security] (management task-7) Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost.localdomain' protocol='http' 09:21:05,677 TRACE [org.wildfly.security] (management task-7) BASIC: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism. at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BASIC', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1061) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87) ... 11 more Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BASIC', hostName='localhost.localdomain', protocol='http'. at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1425) at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1325) at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:324) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1058) ... 14 more 09:21:05,678 TRACE [org.wildfly.security.http] (management task-7) Authentication failed.: org.wildfly.security.http.HttpAuthenticationException: ELY06016: HTTP authentication failed validating request, no mechanisms remain to continue authentication. at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:162) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) {code} Is it possible to handle this somehow: * Do not allow to create empty http-authentication-factory. Or is there any usage for empty http-authentication-factory? * Do not try any mechanism if no mechanism configuration is set * If no mechanism configuration is in place provide some default empty configuration Note, if only one mechanism is configured in http-authentication-factory only that one mechanism is tried during authentication. Problem here is only empty http-authentication-factory.