[infinispan-issues] [JBoss JIRA] (ISPN-4454) HR client SASL MD5 against LDAP fails
Tristan Tarrant (JIRA)
issues at jboss.org
Fri Jun 27 15:08:24 EDT 2014
[ https://issues.jboss.org/browse/ISPN-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12980057#comment-12980057 ]
Tristan Tarrant commented on ISPN-4454:
---------------------------------------
Using LDAP with DIGEST-MD5 requires WFLY-1217 to be fixed.
> HR client SASL MD5 against LDAP fails
> -------------------------------------
>
> Key: ISPN-4454
> URL: https://issues.jboss.org/browse/ISPN-4454
> Project: Infinispan
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Reporter: Vojtech Juranek
> Assignee: Tristan Tarrant
>
> When trying to authenticate HotRod client against LDAP using SASL DIGEST-MD5 auth, it fails with:
> {noformat}
> 31m18:21:40,265 ERROR [org.infinispan.server.hotrod.HotRodDecoder] (HotRodServerWorker-7-1) ISPN005009: Unexpected error before any request parameters read: io.netty.handler.codec.DecoderException: org.infinispan.server.hotrod.HotRodException: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
> at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:417) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at org.infinispan.server.core.AbstractProtocolDecoder.channelRead(AbstractProtocolDecoder.scala:471) [infinispan.jar:7.0.0-SNAPSHOT]
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:332) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:318) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:125) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:507) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:464) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
> Caused by: org.infinispan.server.hotrod.HotRodException: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
> at org.infinispan.server.hotrod.HotRodDecoder.createServerException(HotRodDecoder.scala:204) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:118) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.decode(AbstractProtocolDecoder.scala:59) [infinispan.jar:7.0.0-SNAPSHOT]
> at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:362) [netty-all-4.0.20.Final.jar:4.0.20.Final]
> ... 12 more
> Caused by: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
> at org.jboss.as.domain.management.security.SecurityRealmService.getCallbackHandlerService(SecurityRealmService.java:231) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> at org.jboss.as.domain.management.security.SecurityRealmService.getMechanismConfig(SecurityRealmService.java:128) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider.getCallbackHandler(EndpointServerAuthenticationProvider.java:54) [infinispan-server-endpoints-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:208) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:152) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:148) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:96) [infinispan.jar:7.0.0-SNAPSHOT]
> ... 14 more
> {noformat}
> When running same test, but using login/passwd store in properties file, everything works. Serve LDAP config:
> {noformat}
> <security-realms>
> <security-realm name="ApplicationRealm">
> <authentication>
> <ldap connection="ldap_connection" recursive="true" base-dn="ou=People,dc=infinispan,dc=org">
> <username-filter attribute="uid" />
> </ldap>
> </authentication>
> <authorization>
> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
> </authorization>
> </security-realm>
> </security-realms>
> <outbound-connections>
> <ldap name="ldap_connection" url="ldap://localhost:10389"/>
> </outbound-connections>
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the infinispan-issues
mailing list