[jboss-jira] [JBoss JIRA] (ELY-283) Investigate Elytron and gssproxy interoperability
Jan Kalina (JIRA)
issues at jboss.org
Thu Dec 14 11:08:00 EST 2017
[ https://issues.jboss.org/browse/ELY-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13505594#comment-13505594 ]
Jan Kalina commented on ELY-283:
--------------------------------
Problem above was resolved, but currently there is JDK bug which looks currently prevents to use native GSS:
In a lot of places in JDK there is *SunNativeProvider.INSTANCE* used, but it is initialized incorrectly - before list of supported GSS mechs is generated, so using this instance will raise exception - not existing mechanism:
{code}
GSSException: Provider SunNativeGSS does not support mechanism 1.2.840.113554.1.2.2
at java.security.jgss/sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:253)
at java.security.jgss/sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:209)
at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:234)
at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:337)
at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:302)
{code}
It would be sufficient to change order of SunNativeProvider initializers, but it needs JDK patch.
Reported to security-dev at openjdk.java.net list and will try to find workaround without JDK modification...
> Investigate Elytron and gssproxy interoperability
> -------------------------------------------------
>
> Key: ELY-283
> URL: https://issues.jboss.org/browse/ELY-283
> Project: WildFly Elytron
> Issue Type: Task
> Components: SASL
> Reporter: Peter Skopek
> Assignee: Jan Kalina
> Fix For: 2.0.0.Alpha1
>
>
> Investigate Elytron and gssproxy interoperability.
> https://fedorahosted.org/gss-proxy/
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list