[infinispan-issues] [JBoss JIRA] (ISPN-4454) HR client SASL MD5 against LDAP fails

Vojtech Juranek (JIRA) issues at jboss.org
Fri Jun 27 12:26:24 EDT 2014 

Vojtech Juranek created ISPN-4454:
-------------------------------------

             Summary: HR client SASL MD5 against LDAP fails
                 Key: ISPN-4454
                 URL: https://issues.jboss.org/browse/ISPN-4454
             Project: Infinispan
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Security
            Reporter: Vojtech Juranek
            Assignee: Tristan Tarrant


When trying to authenticate HotRod client against LDAP using SASL DIGEST-MD5 auth, it fails with:
{noformat}
31m18:21:40,265 ERROR [org.infinispan.server.hotrod.HotRodDecoder] (HotRodServerWorker-7-1) ISPN005009: Unexpected error before any request parameters read: io.netty.handler.codec.DecoderException: org.infinispan.server.hotrod.HotRodException: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
        at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:417) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at org.infinispan.server.core.AbstractProtocolDecoder.channelRead(AbstractProtocolDecoder.scala:471) [infinispan.jar:7.0.0-SNAPSHOT]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:332) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:318) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:125) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:507) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:464) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
Caused by: org.infinispan.server.hotrod.HotRodException: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
        at org.infinispan.server.hotrod.HotRodDecoder.createServerException(HotRodDecoder.scala:204) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:118) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.core.AbstractProtocolDecoder.decode(AbstractProtocolDecoder.scala:59) [infinispan.jar:7.0.0-SNAPSHOT]
        at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:362) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        ... 12 more
Caused by: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
        at org.jboss.as.domain.management.security.SecurityRealmService.getCallbackHandlerService(SecurityRealmService.java:231) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
        at org.jboss.as.domain.management.security.SecurityRealmService.getMechanismConfig(SecurityRealmService.java:128) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
        at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider.getCallbackHandler(EndpointServerAuthenticationProvider.java:54) [infinispan-server-endpoints-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:208) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:152) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:148) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:96) [infinispan.jar:7.0.0-SNAPSHOT]
        ... 14 more

{noformat}
When running same test, but using login/passwd store in properties file, everything works. Serve LDAP config:
{noformat}
<security-realms>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <ldap connection="ldap_connection" recursive="true" base-dn="ou=People,dc=infinispan,dc=org">
                        <username-filter attribute="uid" />
                    </ldap>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
        </security-realms>
        <outbound-connections>
            <ldap name="ldap_connection" url="ldap://localhost:10389"/>
        </outbound-connections>
{noformat}



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the infinispan-issues mailing list