[jboss-jira] [JBoss JIRA] (WFLY-7268) Elytron jdbc-realm *-index attributes validation

Thu Oct 6 08:06:00 EDT 2016

     [ https://issues.jboss.org/browse/WFLY-7268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ilia Vassilev reassigned WFLY-7268:
-----------------------------------

    Assignee: Ilia Vassilev


> Elytron jdbc-realm *-index attributes validation
> ------------------------------------------------
>
>                 Key: WFLY-7268
>                 URL: https://issues.jboss.org/browse/WFLY-7268
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Assignee: Ilia Vassilev
>            Priority: Minor
>
> If I try to set any of password mapper (e.g. {{clear-password-mapper}}) and any of *-index attribute (e.g. {{password-index}}) with 0 value I get error from elytron
> {code}
> [standalone at localhost:9990 /] /subsystem=elytron/jdbc-realm=d:add(principal-query=[{sql="a",data-source="ExampleDS", bcrypt-mapper={password-index=0, salt-index=1, iteration-count-index=2}}])
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException: COM00001: Parameter 'hashColumn' must not be less than 1",
>     "rolled-back" => true
> }
> {code}
> and exception in server log
> {code}
> 07:16:47,608 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 8) WFLYCTL0013: Operation ("add") failed - address: ([
>     ("subsystem" => "elytron"),
>     ("jdbc-realm" => "b")
> ]): java.lang.IllegalArgumentException: COM00001: Parameter 'hashColumn' must not be less than 1
> 	at org.wildfly.common.Assert.checkMinimumParameter(Assert.java:132)
> 	at org.wildfly.security.auth.realm.jdbc.mapper.PasswordKeyMapper.<init>(PasswordKeyMapper.java:63)
> 	at org.wildfly.security.auth.realm.jdbc.mapper.PasswordKeyMapper$Builder.build(PasswordKeyMapper.java:389)
> 	at org.wildfly.extension.elytron.JdbcRealmDefinition$ClearPasswordObjectDefinition.toPasswordKeyMapper(JdbcRealmDefinition.java:133)
> 	at org.wildfly.extension.elytron.JdbcRealmDefinition$RealmAddHandler.resolveKeyMappers(JdbcRealmDefinition.java:571)
> 	at org.wildfly.extension.elytron.JdbcRealmDefinition$RealmAddHandler.performRuntime(JdbcRealmDefinition.java:534)
> 	at org.jboss.as.controller.AbstractAddStepHandler.performRuntime(AbstractAddStepHandler.java:337)
> 	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151)
> 	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:940)
> 	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:683)
> 	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382)
> 	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363)
> 	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410)
> 	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:422)
> 	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
> 	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
> 	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> 	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> {code}
> Could that be validated in subsystem? There would be 2 benefits:
> * no exception is thrown in log. Exception seems like something suprised us.
> * message contains more proper attribute name, e.g. hashColumn -> password-index.


--
This message was sent by Atlassian JIRA
(v6.4.11#64026)