-
Bug
-
Resolution: Done
-
Major
-
1.13.1.Final
When using a CachingSecurityRealm with identities with multiple SCRAM passwords, an NPE happens when attempting to obtain credentials for those identities.
This is caused by the fact that IdentityCredentials.Many uses strict matching between algorithm requires a strict match between algorithmName and parameterSpec whereas One and Two accept "loose" matches when those are null.
org.wildfly.security.auth.server.IdentityCredentials$Many.getCredential(IdentityCredentials.java:705 org.infinispan.server.security.realm.CachingSecurityRealm$1.getCredential(CachingSecurityRealm.java:154 org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.getCredential(ServerAuthenticationContext.java:1982 org.wildfly.security.auth.server.ServerAuthenticationContext.getCredential(ServerAuthenticationContext.java:660 org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:972 org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:867 org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:101 org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156 org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:83 org.wildfly.security.mechanism.scram.ScramServer.evaluateInitialResponse(ScramServer.java:207 org.wildfly.security.sasl.scram.ScramSaslServer.evaluateMessage(ScramSaslServer.java:84 org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219 org.wildfly.security.sasl.util.AbstractSaslServer.evaluateResponse(AbstractSaslServer.java:82 org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58 org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110 org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59 org.infinispan.server.core.security.SubjectSaslServer.evaluateResponse(SubjectSaslServer.java:39 org.infinispan.server.hotrod.Authentication.authInternal(Authentication.java:90 org.infinispan.server.hotrod.Authentication.lambda$auth$0(Authentication.java:77 org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35 org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982 org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486 org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377 java.base/java.lang.Thread.run(Thread.java:83)
- blocks
-
ISPN-12156 Add caching to the server security realm
- Closed
- is cloned by
-
JBEAP-20426 (7.3.z) ELY-2031 - NullPointerException when using CachingSecurityRealm with SCRAM algorithms
- Closed