[jboss-jira] [JBoss JIRA] Updated: (SECURITY-484) NPE causing authentication failure
Jeff Mesnil (JIRA)
jira-events at lists.jboss.org
Thu Mar 25 10:21:37 EDT 2010
[ https://jira.jboss.org/jira/browse/SECURITY-484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Mesnil updated SECURITY-484:
---------------------------------
Description:
when running TCK jms tests, tests starts to fail with authentication error.
The failing tests are doing nothing fancy with security, just authenticating JMS user.
I have 300+ tests with the same security settings which pass and then the following tests start to fail because the JMS user can no longer be authenticated.
I enabled jboss security traces and got a NPE just before tests start to fail:
13:13:27,409 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Look up of JNDI for cts/mappingMgr failed with null
13:13:27,410 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Exception in getting MappingManager: java.lang.NullPointerException
at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:881)
at org.jboss.security.integration.JNDIBasedSecurityManagement.getMappingManager(JNDIBasedSecurityManagement.java:219)
at org.jboss.security.plugins.JBossSecurityContext.getMappingManager(JBossSecurityContext.java:280)
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:406)
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
...
13:13:27,414 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught unexpected exception: java.lang.NullPointerException
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:407)
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
...
13:13:57,453 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] logout
13:13:57,454 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(cts), size=15
13:13:57,454 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(cts), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=usersProperties, value=cts-users.properties
name=unauthenticatedIdentity, value=cts-user
name=rolesProperties, value=cts-roles.properties
name=password-stacking, value=useFirstPass
13:13:57,456 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.cts] Login failure: javax.security.auth.login.LoginException: classe LoginModule introuvable : org.jboss.security.auth.spi.UsersRolesLoginModule
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUser(JBossASSecurityManager.java:81)
at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:128)
...
This occurs only when I ran the full tests (which takes several hours).
Restarting the AS and running again the failing tests did not show the authentication error.
I enabled traces for org.jboss.security. Tell me if you need more info
was:
when running TCK jms tests, tests starts to fail with authentication error.
The failing tests are doing nothing fancy with security, just authenticating JMS user.
I have 300+ tests with the same security settings which pass and then the following tests start to fail because the JMS user can no longer be authenticated.
I enabled jboss security traces and got a NPE just before tests start to fail:
13:13:27,409 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Look up of JNDI for cts/mappingMgr failed with null
13:13:27,410 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Exception in getting MappingManager: java.lang.NullPointerException
at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:881)
at org.jboss.security.integration.JNDIBasedSecurityManagement.getMappingManager(JNDIBasedSecurityManagement.java:219)
at org.jboss.security.plugins.JBossSecurityContext.getMappingManager(JBossSecurityContext.java:280)
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:406)
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
...
13:13:27,414 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught unexpected exception: java.lang.NullPointerException
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:407)
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
...
13:13:57,453 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] logout
13:13:57,454 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(cts), size=15
13:13:57,454 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(cts), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=usersProperties, value=cts-users.properties
name=unauthenticatedIdentity, value=cts-user
name=rolesProperties, value=cts-roles.properties
name=password-stacking, value=useFirstPass
13:13:57,456 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.cts] Login failure: javax.security.auth.login.LoginException: classe LoginModule introuvable : org.jboss.security.auth.spi.UsersRolesLoginModule
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUser(JBossASSecurityManager.java:81)
at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:128)
...
This occurs only when I ran the full tests (which takes several hours).
Running again the failing tests did not show the authentication error.
I enabled traces for org.jboss.security. Tell me if you need more info
> NPE causing authentication failure
> ----------------------------------
>
> Key: SECURITY-484
> URL: https://jira.jboss.org/jira/browse/SECURITY-484
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Environment: JBoss AS trunk
> Reporter: Jeff Mesnil
> Assignee: Anil Saldhana
>
> when running TCK jms tests, tests starts to fail with authentication error.
> The failing tests are doing nothing fancy with security, just authenticating JMS user.
> I have 300+ tests with the same security settings which pass and then the following tests start to fail because the JMS user can no longer be authenticated.
> I enabled jboss security traces and got a NPE just before tests start to fail:
> 13:13:27,409 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Look up of JNDI for cts/mappingMgr failed with null
> 13:13:27,410 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Exception in getting MappingManager: java.lang.NullPointerException
> at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:881)
> at org.jboss.security.integration.JNDIBasedSecurityManagement.getMappingManager(JNDIBasedSecurityManagement.java:219)
> at org.jboss.security.plugins.JBossSecurityContext.getMappingManager(JBossSecurityContext.java:280)
> at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:406)
> at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
> at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
> at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
> at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
> at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
> at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
> ...
> 13:13:27,414 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught unexpected exception: java.lang.NullPointerException
> at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:407)
> at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
> at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
> at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
> at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
> at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
> at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
> ...
> 13:13:57,453 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] logout
> 13:13:57,454 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(cts), size=15
> 13:13:57,454 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(cts), authInfo=AppConfigurationEntry[]:
> [0]
> LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
> ControlFlag: LoginModuleControlFlag : required
> Options:
> name=usersProperties, value=cts-users.properties
> name=unauthenticatedIdentity, value=cts-user
> name=rolesProperties, value=cts-roles.properties
> name=password-stacking, value=useFirstPass
> 13:13:57,456 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.cts] Login failure: javax.security.auth.login.LoginException: classe LoginModule introuvable : org.jboss.security.auth.spi.UsersRolesLoginModule
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
> at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
> at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
> at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
> at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUser(JBossASSecurityManager.java:81)
> at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:128)
> ...
> This occurs only when I ran the full tests (which takes several hours).
> Restarting the AS and running again the failing tests did not show the authentication error.
> I enabled traces for org.jboss.security. Tell me if you need more info
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list