[jboss-jira] [JBoss JIRA] (ELY-1745) The AvailableRealmsCallback should not result in a NPE if there is no mechanism configuration.

Justin Cook (Jira) issues at jboss.org
Thu Feb 14 14:42:00 EST 2019 

    [ https://issues.jboss.org/browse/ELY-1745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13695687#comment-13695687 ] 

Justin Cook commented on ELY-1745:
----------------------------------

[~dlofthouse] Can you give me the steps to reproduce the problem? I tried running the Elytron web test with the mechanism configuration selector [1] stuff commented out and ran into an NPE [2] but it doesn't happen in the AvailableRealmsCallback, it happens before.
[1]
{noformat}
        ElytronAuthenticator elytronAuthenticator = ElytronAuthenticator.builder()
                .setSecurityDomain(securityDomain)
                //.setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(
                //        MechanismConfiguration.builder()
                //                .addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName("Elytron Realm").build())
                //                .build()))
                .setFactory(httpServerMechanismFactory)
                .build();
{noformat}
[2]
{noformat}
java.lang.NullPointerException
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1427)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.transition(ServerAuthenticationContext.java:1422)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.getMechanismConfiguration(ServerAuthenticationContext.java:1401)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1036)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:120)
	at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:97)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:84)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:232)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:211)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:95)
	at org.wildfly.elytron.web.jetty.server.ElytronAuthenticator.validateRequest(ElytronAuthenticator.java:95)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:483)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:531)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
	at java.base/java.lang.Thread.run(Thread.java:834)
{noformat}

> The AvailableRealmsCallback should not result in a NPE if there is no mechanism configuration.
> ----------------------------------------------------------------------------------------------
>
>                 Key: ELY-1745
>                 URL: https://issues.jboss.org/browse/ELY-1745
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: API / SPI
>            Reporter: Darran Lofthouse
>            Assignee: Justin Cook
>            Priority: Major
>             Fix For: 1.8.0.CR3
>
>
> The NPE is due to the following code: -
> {noformat}
>                 } else if (callback instanceof AvailableRealmsCallback) {
>                     Collection<String> names = stateRef.get().getMechanismConfiguration().getMechanismRealmNames();
>                     if (log.isTraceEnabled()) {
>                         log.tracef("Handling AvailableRealmsCallback: realms = [%s]", String.join(", ", names));
>                     }
>                     if (! names.isEmpty()) {
>                         ((AvailableRealmsCallback) callback).setRealmNames(names.toArray(new String[names.size()]));
>                     }
>                     handleOne(callbacks, idx + 1);
> {noformat}
> If mechanism configuration is mandatory this should report an appropriate error, if not it should fallback to specifying an empty list.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list