[jboss-jira] [JBoss JIRA] (ELY-1011) Failed validation in regex-validating-principal-transformer causes NPE for Elytron audit logging

Thu Mar 16 11:07:02 EDT 2017

Ondrej Lukas created ELY-1011:
---------------------------------

             Summary: Failed validation in regex-validating-principal-transformer causes NPE for Elytron audit logging
                 Key: ELY-1011
                 URL: https://issues.jboss.org/browse/ELY-1011
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Ondrej Lukas
            Assignee: Darran Lofthouse
            Priority: Critical

In case when validation in Elytron regex-validating-principal-transformer fails then following NPE occurs in server log:
{code}
ERROR [org.wildfly.security] (default task-2) ELY01094: An event handler threw an exception: java.lang.NullPointerException: Value in JsonObjects name/value pair cannot be null
	at org.glassfish.json.JsonObjectBuilderImpl.validateValue(JsonObjectBuilderImpl.java:164)
	at org.glassfish.json.JsonObjectBuilderImpl.add(JsonObjectBuilderImpl.java:74)
	at org.wildfly.security.audit.JsonSecurityEventFormatter.handleAuthenticationFailedEvent(JsonSecurityEventFormatter.java:99)
	at org.wildfly.security.audit.JsonSecurityEventFormatter.handleAuthenticationFailedEvent(JsonSecurityEventFormatter.java:93)
	at org.wildfly.security.audit.JsonSecurityEventFormatter.handleAuthenticationFailedEvent(JsonSecurityEventFormatter.java:43)
	at org.wildfly.security.auth.server.event.SecurityAuthenticationFailedEvent.accept(SecurityAuthenticationFailedEvent.java:49)
	at org.wildfly.extension.elytron.AuditResourceDefinitions$1.lambda$null$1(AuditResourceDefinitions.java:156)
	at org.wildfly.security.audit.AuditLogger.accept(AuditLogger.java:56)
	at org.wildfly.security.audit.AuditLogger.accept(AuditLogger.java:35)
	at org.wildfly.security.auth.server.SecurityDomain.handleSecurityEvent(SecurityDomain.java:680)
	at org.wildfly.security.auth.server.SecurityDomain.safeHandleSecurityEvent(SecurityDomain.java:687)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.fail(ServerAuthenticationContext.java:1793)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.fail(ServerAuthenticationContext.java:433)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:865)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:728)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.fail(UsernamePasswordAuthenticationMechanism.java:107)
	at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:170)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:110)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:97)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:46)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
{code}

It happens only in case when Elytron audit log is enabled. It happens in case when match attribute is set to true and principal name does not match given pattern as well as in case when match attribute is set to false and principal name matches given pattern.

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)