[jboss-jira] [JBoss JIRA] (ELY-1371) NullPointerException within DigestSaslClient if username is null.
Darran Lofthouse (JIRA)
issues at jboss.org
Thu Sep 21 08:22:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated ELY-1371:
----------------------------------
Description:
When running an EJB client which uses scoped context or legacy jboss-remote-naming API to invoke secured EJBs, a NPE occurs.
Additionally, in the case with jboss-remote-naming legacy API, after this exception is logged, the client thread freezes (in the scoped context case, the exception propagates to the client thread).
Full stack trace for the case of scoped context:
{noformat}
Suppressed: java.lang.NullPointerException
at java.nio.charset.CharsetEncoder.canEncode(CharsetEncoder.java:984)
at org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest(DigestUtil.java:209)
at org.wildfly.security.sasl.digest.AbstractDigestMechanism.getSaltedPasswordFromTwoWay(AbstractDigestMechanism.java:539)
at org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:231)
at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:364)
at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:349)
at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54)
at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55)
at java.security.AccessController.doPrivileged(Native Method)
at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650)
at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
{noformat}
was:
When running an EJB client which uses scoped context or legacy jboss-remote-naming API to invoke secured EJBs, a NPE occurs.
Additionally, in the case with jboss-remote-naming legacy API, after this exception is logged, the client thread freezes (in the scoped context case, the exception propagates to the client thread).
This is a regression in 7.1.0.CR2. Reproducer attached.
Full stack trace for the case of scoped context:
{noformat}
Exception in thread "main" org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:568)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:115)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:76)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:86)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:916)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:165)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
at com.sun.proxy.$Proxy2.hello(Unknown Source)
at client.Client.main(Client.java:30)
Suppressed: org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
DIGEST-MD5: java.lang.NullPointerException
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:98)
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:71)
at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215)
at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720)
at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
DIGEST-MD5: java.lang.NullPointerException
at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:446)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:536)
at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83)
at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56)
at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:487)
at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433)
at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51)
at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122)
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.lambda$getConnection$1(RemoteEJBReceiver.java:174)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.getConnection(RemoteEJBReceiver.java:174)
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.processInvocation(RemoteEJBReceiver.java:125)
at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:455)
at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocation(RemotingEJBClientInterceptor.java:51)
at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467)
at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:87)
at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467)
at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:64)
at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467)
at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:81)
at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467)
at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203)
at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:303)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:161)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
at com.sun.proxy.$Proxy2.hello(Unknown Source)
at client.Client.main(Client.java:30)
Suppressed: java.lang.NullPointerException
at java.nio.charset.CharsetEncoder.canEncode(CharsetEncoder.java:984)
at org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest(DigestUtil.java:209)
at org.wildfly.security.sasl.digest.AbstractDigestMechanism.getSaltedPasswordFromTwoWay(AbstractDigestMechanism.java:539)
at org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:231)
at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:364)
at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:349)
at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54)
at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55)
at java.security.AccessController.doPrivileged(Native Method)
at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650)
at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
{noformat}
> NullPointerException within DigestSaslClient if username is null.
> -----------------------------------------------------------------
>
> Key: ELY-1371
> URL: https://issues.jboss.org/browse/ELY-1371
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Affects Versions: 1.1.2.Final
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> When running an EJB client which uses scoped context or legacy jboss-remote-naming API to invoke secured EJBs, a NPE occurs.
> Additionally, in the case with jboss-remote-naming legacy API, after this exception is logged, the client thread freezes (in the scoped context case, the exception propagates to the client thread).
> Full stack trace for the case of scoped context:
> {noformat}
> Suppressed: java.lang.NullPointerException
> at java.nio.charset.CharsetEncoder.canEncode(CharsetEncoder.java:984)
> at org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest(DigestUtil.java:209)
> at org.wildfly.security.sasl.digest.AbstractDigestMechanism.getSaltedPasswordFromTwoWay(AbstractDigestMechanism.java:539)
> at org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:231)
> at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:364)
> at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
> at org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:349)
> at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54)
> at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55)
> at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650)
> at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list