[jboss-jira] [JBoss JIRA] (SECURITY-897) Unable to authenticate in SPNEGO Login Module with NullPointerException
RH Bugzilla Integration (JIRA)
issues at jboss.org
Sun Aug 16 19:36:26 EDT 2015
[ https://issues.jboss.org/browse/SECURITY-897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13098731#comment-13098731 ]
RH Bugzilla Integration commented on SECURITY-897:
--------------------------------------------------
Chao Wang <chaowan at redhat.com> changed the Status of [bug 1236606|https://bugzilla.redhat.com/show_bug.cgi?id=1236606] from ASSIGNED to NEW
> Unable to authenticate in SPNEGO Login Module with NullPointerException
> -----------------------------------------------------------------------
>
> Key: SECURITY-897
> URL: https://issues.jboss.org/browse/SECURITY-897
> Project: PicketBox
> Issue Type: Bug
> Components: Negotiation
> Affects Versions: Negotiation_2_3_6_Final, Negotiation_2_3_3_Final
> Environment: Red Hat JBoss EAP 6.3.2
> Reporter: Kunjan Rathod
> Assignee: Darran Lofthouse
> Labels: jboss, jboss-as
>
> Description of problem:
> The configuration with SPNEGO works fine, however from time to time the authentication fails with the following error:
> ERROR (HTTP-341) [org.jboss.security.auth.spi.AbstractServerLoginModule] Unable to authenticate: java.lang.NullPointerException
> at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:420)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:356)
> Version-Release number of selected component (if applicable):
> JBoss Security Negotiation 2.3.3.Final
> How reproducible:
> This happens very rarely (20 times in a day on a system where about 50 users are working) and it is extremely hard to reproduce.
> Additional info:
> At line 420 in [1], the GSSToken is null
> ~~~~
> if (respToken != null)
> {
> NegotiationMessage response;
> if (requestMessage instanceof KerberosMessage)
> {
> response = new KerberosMessage(Constants.KERBEROS_V5, respToken);
> }
> else
> {
> NegTokenTarg negTokenTarg = new NegTokenTarg();
> negTokenTarg.setResponseToken(respToken);
> response = negTokenTarg;
> }
> ~~~~
> It looks like a GSSToken can be or is null, check the line#344 as follows:-
> ~~~~~~~~~
> public Object run()
> {
> try
> {
> // The message type will have already been checked before this point so we know it is
> // a SPNEGO message.
> NegotiationMessage requestMessage = negotiationContext.getRequestMessage();
> // TODO - Ensure no way to fall through with gssToken still null.
> byte[] gssToken = null;
> if (requestMessage instanceof NegTokenInit)
> {
> ...
> ~~~~~~~~~
> [1] : https://github.com/wildfly-security/jboss-negotiation/blob/2.3.3.Final/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list