[teiid-issues] [JBoss JIRA] (TEIID-5312) NullPointerException thrown when the second time login via GSS API
Steven Hawkins (JIRA)
issues at jboss.org
Wed Apr 11 09:40:00 EDT 2018
[ https://issues.jboss.org/browse/TEIID-5312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13559568#comment-13559568 ]
Steven Hawkins commented on TEIID-5312:
---------------------------------------
> I believe delegation credential is used for re-auth into a different server with same Kerberos server, but I could be wrong
That that is correct and we need to re-obtain in the case of a cached isValid check.
> I am not sure what is mechanism just validating the existing auth on the authenticated server
The picketbox caching logic does not directly consult the login module, it is looking only at contexts and the values passed into isValid.
> Maybe we can check with Keycloak team on what is to be expected?
The official docs for red hat show cache-type="default": https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/7.0/how-to-set-up-sso-with-kerberos/chapter-2-how-to-set-up-sso-for-jboss-eap-with-kerberos
> NullPointerException thrown when the second time login via GSS API
> ------------------------------------------------------------------
>
> Key: TEIID-5312
> URL: https://issues.jboss.org/browse/TEIID-5312
> Project: Teiid
> Issue Type: Bug
> Components: Server
> Affects Versions: 8.12.12.6_3
> Reporter: Yuming Zhu
> Assignee: Steven Hawkins
> Fix For: 10.3
>
>
> The error was thrown when trying to login at the second time
> ODBC:
> {code}
> 09 Apr 2018 09:14:39,941 ERROR [org.teiid.ODBC] (New I/O worker #31) TEIID40015 Unexpected error occurred: java.lang.NullPointerException
> at org.teiid.jboss.JBossSecurityHelper.buildGSSResult(JBossSecurityHelper.java:211) [teiid-jboss-integration-8.12.12.6_3-redhat-1.jar:8.12.12.6_3-redhat-1]
> at org.teiid.jboss.JBossSecurityHelper.negotiateGssLogin(JBossSecurityHelper.java:186) [teiid-jboss-integration-8.12.12.6_3-redhat-1.jar:8.12.12.6_3-redhat-1]
> at org.teiid.services.SessionServiceImpl.neogitiateGssLogin(SessionServiceImpl.java:560) [teiid-runtime-8.12.12.6_3-redhat-1.jar:8.12.12.6_3-redhat-1]
> at org.teiid.transport.LogonImpl.neogitiateGssLogin(LogonImpl.java:207) [teiid-runtime-8.12.12.6_3-redhat-1.jar:8.12.12.6_3-redhat-1]
> at org.teiid.odbc.ODBCServerRemoteImpl.logon(ODBCServerRemoteImpl.java:249) [teiid-runtime-8.12.12.6_3-redhat-1.jar:8.12.12.6_3-redhat-1]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_161]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_161]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_161]
> at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_161]
> at org.teiid.transport.ODBCClientInstance.processMessage(ODBCClientInstance.java:127) [teiid-runtime-8.12.12.6_3-redhat-1.jar:8.12.12.6_3-redhat-1]
> at org.teiid.transport.ODBCClientInstance.receivedMessage(ODBCClientInstance.java:116) [teiid-runtime-8.12.12.6_3-redhat-1.jar:8.12.12.6_3-redhat-1]
> at org.teiid.transport.SSLAwareChannelHandler.messageReceived(SSLAwareChannelHandler.java:216) [teiid-runtime-8.12.12.6_3-redhat-1.jar:8.12.12.6_3-redhat-1]
> at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:328) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_161]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_161]
> at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_161]
> {code}
> JDBC:
> {code}
> 2018-04-09 09:43:06,333 INFO [org.teiid.SECURITY] (New I/O worker #13:) TEIID40017 Unexpected exception for session null: java.lang.NullPointerException
> at org.teiid.jboss.JBossSecurityHelper.buildGSSResult(JBossSecurityHelper.java:211)
> at org.teiid.jboss.JBossSecurityHelper.negotiateGssLogin(JBossSecurityHelper.java:186)
> at org.teiid.services.SessionServiceImpl.neogitiateGssLogin(SessionServiceImpl.java:560)
> at org.teiid.transport.LogonImpl.neogitiateGssLogin(LogonImpl.java:207)
> at org.teiid.transport.LogonImpl.neogitiateGssLogin(LogonImpl.java:181)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.teiid.transport.ServerWorkItem.run(ServerWorkItem.java:87)
> at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:284)
> at org.teiid.transport.SocketClientInstance.processMessagePacket(SocketClientInstance.java:231)
> at org.teiid.transport.SocketClientInstance.receivedMessage(SocketClientInstance.java:217)
> at org.teiid.transport.SSLAwareChannelHandler.messageReceived(SSLAwareChannelHandler.java:216)
> at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
> at org.jboss.netty.handler.stream.ChunkedWriteHandler.handleUpstream(ChunkedWriteHandler.java:142)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
> at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
> at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:310)
> at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
> at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
> at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109)
> at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:328)
> at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90)
> at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
> at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
> at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> {code}
> security-domain config:
> {code:xml}
> <security-domain name="REDHAT.COM" cache-type="default">
> <authentication>
> <login-module code="SPNEGO" flag="requisite">
> <module-option name="password-stacking" value="useFirstPass" />
> <module-option name="serverSecurityDomain" value="host" />
> <module-option name="removeRealmFromPrincipal" value="true"/>
> </login-module>
> <login-module code="LdapExtended" flag="optional">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
> <module-option name="java.naming.provider.url" value="ldap://ldap.corp.redhat.com:389/"/>
> <module-option name="java.naming.security.authentication" value="none"/>
> <module-option name="baseCtxDN" value="ou=Users,dc=redhat,dc=com"/>
> <module-option name="baseFilter" value="(&(objectClass=person)(uid={0}))"/>
> <module-option name="rolesCtxDN" value="ou=Groups,dc=redhat,dc=com"/>
> <module-option name="roleFilter" value="(&(objectClass=posixGroup)(memberUid={0}))"/>
> <module-option name="roleAttributeID" value="cn"/>
> <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
> </login-module>
> <login-module code="RoleMapping" flag="optional">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="rolesProperties" value="file:/opt/jboss-eap/standalone/configuration/redhat-mapping-roles.properties"/>
> </login-module>
> <login-module code="UsersRoles" flag="required">
> <module-option name="password-stacking" value="useFirstPass" />
> <module-option name="usersProperties" value="file:/opt/jboss-eap/standalone/configuration/redhat-users.properties" />
> <module-option name="rolesProperties" value="file:/opt/jboss-eap/standalone/configuration/redhat-roles.properties" />
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="host" cache-type="default">
> <authentication>
> <login-module code="Kerberos" flag="required">
> <module-option name="storeKey" value="true" />
> <module-option name="useKeyTab" value="true" />
> <module-option name="principal" value="postgres/teiid.host.dev.eng.pek2.redhat.com at REDHAT.COM" />
> <module-option name="keyTab" value="/opt/jboss-eap/standalone/configuration/postgres.keytab" />
> <module-option name="doNotPrompt" value="true" />
> </login-module>
> </authentication>
> </security-domain>
> {code}
> transport:
> {code:xml}
> <transport name="jdbc-gssapi" socket-binding="teiid-jdbc-gssapi" protocol="teiid">
> <authentication security-domain="REDHAT.COM" type="GSS" />
> <ssl mode="enabled" ssl-protocol="TLSv1" keymanagement-algorithm="SunX509">
> <keystore name="/opt/jboss-eap/standalone/jboss.keystore" password="xxxxxx" key-alias="teiid.host.dev.eng.pek2.redhat.com"/>
> </ssl>
> </transport>
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the teiid-issues
mailing list