[jboss-jira] [JBoss JIRA] (ELY-1203) Elytron AuthenticationConfiguration uses SASL mechanism from incorrect security Provider in some cases
Josef Cacek (JIRA)
issues at jboss.org
Tue Jun 6 04:07:01 EDT 2017
[ https://issues.jboss.org/browse/ELY-1203?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Josef Cacek updated ELY-1203:
-----------------------------
Description:
In our tests for PLAIN SASL mechanism in the AS testsuite we realized a wrong SaslClient implementation is used. Instead of the Elytron one, the JDK provided one is used ({{com.sun.security.sasl.PlainClient}}).
The Elytron client builds the AuthenticationContext and runs executed code in this way:
{code:java}
AuthenticationConfiguration authnCfg = AuthenticationConfiguration.EMPTY.allowSaslMechanisms(MECHANISM_PLAIN)
.useName(USERNAME).usePassword("wrongPassword")
.useDefaultProviders();
AuthenticationContext.empty().with(MatchRule.ALL, authnCfg).run(...)
{code}
It seems to be related to what's included on classpath. When we use the same code in [elytron-client-demo|https://github.com/jboss-security-qe/elytron-client-demo] the correct mechanism is used.
was:
In our tests for PLAIN SASL mechanism in the AS testsuite we realized a wrong SaslClient implementation is used. Instead of the Elytron one, the JDK provided one is used ({{com.sun.security.sasl.PlainClient}}).
The Elytron client builds the AuthenticationContext and runs executed code in this way:
{code:java}
AuthenticationConfiguration authnCfg = AuthenticationConfiguration.EMPTY.allowSaslMechanisms(MECHANISM_PLAIN)
.useName(USERNAME).usePassword("wrongPassword")
.useProviders(() -> new Provider[] { new WildFlyElytronProvider() });
AuthenticationContext.empty().with(MatchRule.ALL, authnCfg).run(...)
{code}
It seems to be related to what's included on classpath. When we use the same code in [elytron-client-demo|https://github.com/jboss-security-qe/elytron-client-demo] the correct mechanism is used.
> Elytron AuthenticationConfiguration uses SASL mechanism from incorrect security Provider in some cases
> ------------------------------------------------------------------------------------------------------
>
> Key: ELY-1203
> URL: https://issues.jboss.org/browse/ELY-1203
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Priority: Blocker
> Fix For: 1.1.0.Beta48
>
>
> In our tests for PLAIN SASL mechanism in the AS testsuite we realized a wrong SaslClient implementation is used. Instead of the Elytron one, the JDK provided one is used ({{com.sun.security.sasl.PlainClient}}).
> The Elytron client builds the AuthenticationContext and runs executed code in this way:
> {code:java}
> AuthenticationConfiguration authnCfg = AuthenticationConfiguration.EMPTY.allowSaslMechanisms(MECHANISM_PLAIN)
> .useName(USERNAME).usePassword("wrongPassword")
> .useDefaultProviders();
> AuthenticationContext.empty().with(MatchRule.ALL, authnCfg).run(...)
> {code}
> It seems to be related to what's included on classpath. When we use the same code in [elytron-client-demo|https://github.com/jboss-security-qe/elytron-client-demo] the correct mechanism is used.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list