[jboss-jira] [JBoss JIRA] (ELY-1011) Failed validation in regex-validating-principal-transformer causes NPE for Elytron audit logging

Jan Kalina (JIRA) issues at jboss.org
Wed Apr 12 09:42:00 EDT 2017 

     [ https://issues.jboss.org/browse/ELY-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina reassigned ELY-1011:
-------------------------------

    Assignee: Jan Kalina  (was: Darran Lofthouse)


> Failed validation in regex-validating-principal-transformer causes NPE for Elytron audit logging
> ------------------------------------------------------------------------------------------------
>
>                 Key: ELY-1011
>                 URL: https://issues.jboss.org/browse/ELY-1011
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Ondrej Lukas
>            Assignee: Jan Kalina
>            Priority: Critical
>
> In case when validation in Elytron regex-validating-principal-transformer fails then following NPE occurs in server log:
> {code}
> ERROR [org.wildfly.security] (default task-2) ELY01094: An event handler threw an exception: java.lang.NullPointerException: Value in JsonObjects name/value pair cannot be null
> 	at org.glassfish.json.JsonObjectBuilderImpl.validateValue(JsonObjectBuilderImpl.java:164)
> 	at org.glassfish.json.JsonObjectBuilderImpl.add(JsonObjectBuilderImpl.java:74)
> 	at org.wildfly.security.audit.JsonSecurityEventFormatter.handleAuthenticationFailedEvent(JsonSecurityEventFormatter.java:99)
> 	at org.wildfly.security.audit.JsonSecurityEventFormatter.handleAuthenticationFailedEvent(JsonSecurityEventFormatter.java:93)
> 	at org.wildfly.security.audit.JsonSecurityEventFormatter.handleAuthenticationFailedEvent(JsonSecurityEventFormatter.java:43)
> 	at org.wildfly.security.auth.server.event.SecurityAuthenticationFailedEvent.accept(SecurityAuthenticationFailedEvent.java:49)
> 	at org.wildfly.extension.elytron.AuditResourceDefinitions$1.lambda$null$1(AuditResourceDefinitions.java:156)
> 	at org.wildfly.security.audit.AuditLogger.accept(AuditLogger.java:56)
> 	at org.wildfly.security.audit.AuditLogger.accept(AuditLogger.java:35)
> 	at org.wildfly.security.auth.server.SecurityDomain.handleSecurityEvent(SecurityDomain.java:680)
> 	at org.wildfly.security.auth.server.SecurityDomain.safeHandleSecurityEvent(SecurityDomain.java:687)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.fail(ServerAuthenticationContext.java:1793)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext.fail(ServerAuthenticationContext.java:433)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:865)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:728)
> 	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
> 	at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.fail(UsernamePasswordAuthenticationMechanism.java:107)
> 	at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:170)
> 	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115)
> 	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
> 	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:110)
> 	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
> 	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
> 	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:97)
> 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
> 	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> 	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:46)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> 	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> 	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> 	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> {code}
> It happens only in case when Elytron audit log is enabled. It happens in case when match attribute is set to true and principal name does not match given pattern as well as in case when match attribute is set to false and principal name matches given pattern.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list