[jboss-jira] [JBoss JIRA] (ELY-1428) Elytron provider has to be installed manually in some client scenarios

Mon Oct 30 05:37:00 EDT 2017

Martin Choma created ELY-1428:
---------------------------------

             Summary: Elytron provider has to be installed manually in some client scenarios
                 Key: ELY-1428
                 URL: https://issues.jboss.org/browse/ELY-1428
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Martin Choma
            Assignee: Darran Lofthouse
            Priority: Critical


Not sure what are the exact scenarios when this is required, but in some cases, when using a client with {{wildfly-client.xml}}, I have to add the Elytron security provider manually using this:
{noformat}
Security.addProvider(new WildFlyElytronProvider());
{noformat}

Specifying this in {{wildfly-config.xml}} doesn't help:
{noformat}
<providers>
            <use-service-loader/>
</providers>
{noformat}

Example of {{wildfly-config.xml}} where I need this when using it with EJB client:
{noformat}
<configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="default"/>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="default">
                <credentials>
                    <key-store-reference key-store-name="client-keystore" alias="joe">
                        <key-store-clear-password password="abcdef"/>
                    </key-store-reference>
                </credentials>
            </configuration>
        </authentication-configurations>
        <key-stores>
            <key-store name="client-keystore" type="JKS">
                <file name="${keystore.path:src/main/resources/client.keystore}"/>
                <key-store-clear-password password="abcdef"/>
            </key-store>
            <key-store name="client-truststore" type="JKS">
                <file name="${truststore.path:src/main/resources/client.truststore}"/>
            </key-store>
        </key-stores>
        <ssl-contexts>
            <ssl-context name="client-ssl-context">
                <trust-store key-store-name="client-truststore"/>
                <key-store-ssl-certificate key-store-name="client-keystore" alias="joe">
                    <key-store-clear-password password="abcdef"/>
                </key-store-ssl-certificate>
            </ssl-context>
        </ssl-contexts>
        <ssl-context-rules>
            <rule use-ssl-context="client-ssl-context"/>
        </ssl-context-rules>
    </authentication-client>
</configuration>
{noformat}

Without installing the Elytron provider, the client will fail with this error:
{noformat}
Exception in thread "main" java.lang.ExceptionInInitializerError
	at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
	at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
	at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89)
	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87)
	at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
	at com.sun.proxy.$Proxy2.hello(Unknown Source)
	at client.Client.main(Client.java:21)
Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
	... 10 more
Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639)
	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337)
	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214)
	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175)
	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
	... 12 more
Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear"
	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376)
	... 24 more
{noformat}

.. but for example, this snippet DOES NOT require manually adding the provider even though it is using cleartext passwords (which looks like it's related to the aforementioned error):
{noformat}
<authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="default"/>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="default">
                <sasl-mechanism-selector selector="DIGEST-MD5"/>
                <set-user-name name="joe"/>
                <credentials>
                    <clear-password password="joeIsAwesome2013!"/>
                </credentials>
            </configuration>
        </authentication-configurations>
    </authentication-client>	
{noformat}


--
This message was sent by Atlassian JIRA
(v7.5.0#75005)