[JBoss JIRA] (SECURITY-897) Unable to authenticate in SPNEGO Login Module with NullPointerException

Monday, 29 June 2015



    [
https://issues.jboss.org/browse/SECURITY-897?page=com.atlassian.jira.plug...
] 

RH Bugzilla Integration commented on SECURITY-897:
--------------------------------------------------

Chao Wang <chaowan(a)redhat.com&gt; changed the Status of [bug
1236606|https://bugzilla.redhat.com/show_bug.cgi?id=1236606] from NEW to ASSIGNED

...
 Unable to authenticate in SPNEGO Login Module with
NullPointerException
 -----------------------------------------------------------------------

                 Key: SECURITY-897
                 URL: https://issues.jboss.org/browse/SECURITY-897
             Project: PicketBox 
          Issue Type: Bug
          Components: Negotiation
    Affects Versions: Negotiation_2_3_6_Final, Negotiation_2_3_3_Final
         Environment: Red Hat JBoss EAP 6.3.2
            Reporter: Kunjan Rathod
            Assignee: Darran Lofthouse
              Labels: jboss, jboss-as

 Description of problem:
 The configuration with SPNEGO works fine, however from time to time the authentication
fails with the following error:
 ERROR (HTTP-341)  [org.jboss.security.auth.spi.AbstractServerLoginModule] Unable to
authenticate: java.lang.NullPointerException
         at
org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:420)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.Subject.doAs(Subject.java:356)
 Version-Release number of selected component (if applicable):
 JBoss Security Negotiation 2.3.3.Final
 How reproducible:
 This happens very rarely (20 times in a day on a system where about 50 users are working)
and it is extremely hard to reproduce. 
 Additional info:
 At line 420 in [1], the GSSToken is null
 ~~~~
            if (respToken != null)
             {
                NegotiationMessage response;
                if (requestMessage instanceof KerberosMessage)
                {
                   response = new KerberosMessage(Constants.KERBEROS_V5, respToken);
                }
                else
                {
                   NegTokenTarg negTokenTarg = new NegTokenTarg();
                   negTokenTarg.setResponseToken(respToken);
                   response = negTokenTarg;
                }
 ~~~~
 It looks like a GSSToken can be or is null, check the line#344 as follows:-
 ~~~~~~~~~
 public Object run()
       {        
          try
          {
             // The message type will have already been checked before this point so we
know it is
             // a SPNEGO message.
             NegotiationMessage requestMessage = negotiationContext.getRequestMessage();
             // TODO - Ensure no way to fall through with gssToken still null.
             byte[] gssToken = null;
             if (requestMessage instanceof NegTokenInit)
             {
             ...
 ~~~~~~~~~
 [1] :
https://github.com/wildfly-security/jboss-negotiation/blob/2.3.3.Final/jb...


--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006