[jboss-jira] [JBoss JIRA] (ELY-702) configurable-sasl-server-factory cannot set mechanism information

Jan Kalina (JIRA) issues at jboss.org
Mon Oct 31 10:23:01 EDT 2016 

     [ https://issues.jboss.org/browse/ELY-702?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina moved WFLY-7429 to ELY-702:
--------------------------------------

        Project: WildFly Elytron  (was: WildFly)
            Key: ELY-702  (was: WFLY-7429)
    Component/s: Authentication Client
                     (was: Security)


> configurable-sasl-server-factory cannot set mechanism information
> -----------------------------------------------------------------
>
>                 Key: ELY-702
>                 URL: https://issues.jboss.org/browse/ELY-702
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Authentication Client
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>
> sasl-authentication-factory and sasl-server-factory creates chain of SaslServerFactories - for example ServerNameSaslServerFactory only delegates creating to following factory in chain but with rewriting of the server name.
> In this chain is also *SetMechanismInformationSaslServerFactory*, which call callback handler to send MechanismInformation into ServerAuthenticationContext - there it will cause state change from InactiveState to InitialState.
> *The problem is,* if the configurable-sasl-server-factory is used, the *SetMechanismInformationSaslServerFactory* is in chain twice. The first occurence (by sasl-authentication-factory) will cause change state to InitialState, but before the serverName+protocol is overriden by SaslServerFactories following in chain. The second occurence (by configurable-sasl-server-factory) already have serverName+protocol set, but because the ServerAuthenticationContext is already in InitialState, the exception "Too late to set" is thrown and createSaslServer returns null - fail completely.
> The chain of SaslServerFactories:
> {code:java}
> AuthenticationTimeoutSSF
> TrustManagerSSF
> AuthenticationCompleteSSF
> SetMechanismInformationSSF => cbh => InactiveState -> InitialState(undefined, null)
> ServerNameSSF
> ProtocolSSF
> SetMechanismInformationSSF => cbh => "Too late to set" => return null
> SecurityProviderSSF
> {code}
> Will have to discuss yet how to correctly solve this... (maybe consider allowing of multiple MechanismInformation setting? In current design the sasl-authentication-factory cannot detect the configurable-sasl-server-factory WILL change the MechanismInformation yet...)



--
This message was sent by Atlassian JIRA
(v7.2.2#72004)

More information about the jboss-jira mailing list