[jboss-jira] [JBoss JIRA] (WFCORE-2853) Referral mode 'throw' for searching groups in legacy LDAP realm causes NPE

Mon Aug 28 08:12:00 EDT 2017

     [ https://issues.jboss.org/browse/WFCORE-2853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jiri Ondrusek reassigned WFCORE-2853:
-------------------------------------

    Assignee: Jiri Ondrusek


> Referral mode 'throw' for searching groups in legacy LDAP realm causes NPE
> --------------------------------------------------------------------------
>
>                 Key: WFCORE-2853
>                 URL: https://issues.jboss.org/browse/WFCORE-2853
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management, Security
>    Affects Versions: 3.0.0.Beta21
>            Reporter: Ondrej Lukas
>            Assignee: Jiri Ondrusek
>
> When referral mode 'throw' is configured for LDAP outbound connection which is used by legacy LDAP security realm and its groups are assigned through principal-to-group LDAP authorization then it finishes with NPE. It causes that Management Console returns status 500 when referral mode 'throw' is used for group searching user includes referral role.
> It can be reproduced by using configuration from [1] with referral mode 'throw'.
> Thrown exception on trace level:
> {code}
> TRACE [org.wildfly.security] (management task-1) BASIC: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
> 	at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:176)
> 	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114)
> 	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
> 	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
> 	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
> 	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
> 	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
> 	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
> 	at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:98)
> 	at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:154)
> 	... 12 more
> Caused by: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
> 	at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:336)
> 	at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getAuthorizationIdentity(LdapSubjectSupplementalService.java:319)
> 	at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.getAuthorizationIdentity(AggregateSecurityRealm.java:157)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1797)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1826)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:477)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:472)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:757)
> 	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:735)
> 	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
> 	at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:92)
> 	... 13 more
> Caused by: java.io.IOException: java.lang.NullPointerException
> 	at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:203)
> 	at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:334)
> 	... 23 more
> Caused by: java.lang.NullPointerException
> 	at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:315)
> 	at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:221)
> 	at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225)
> 	at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroupEntries(LdapSubjectSupplementalService.java:250)
> 	at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:227)
> 	at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:220)
> 	at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:194)
> 	... 24 more
> {code}
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1417272#c1


--
This message was sent by Atlassian JIRA
(v7.2.3#72005)