Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2031

NullPointerException when using CachingSecurityRealm with SCRAM algorithms

XMLWordPrintable

      When using a CachingSecurityRealm with identities with multiple SCRAM passwords, an NPE happens when attempting to obtain credentials for those identities.
      This is caused by the fact that IdentityCredentials.Many uses strict matching between algorithm requires a strict match between algorithmName and parameterSpec whereas One and Two accept "loose" matches when those are null.

      org.wildfly.security.auth.server.IdentityCredentials$Many.getCredential(IdentityCredentials.java:705
      org.infinispan.server.security.realm.CachingSecurityRealm$1.getCredential(CachingSecurityRealm.java:154
      org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.getCredential(ServerAuthenticationContext.java:1982
      org.wildfly.security.auth.server.ServerAuthenticationContext.getCredential(ServerAuthenticationContext.java:660
      org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:972
      org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:867
      org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:101
      org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156
      org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:83
      org.wildfly.security.mechanism.scram.ScramServer.evaluateInitialResponse(ScramServer.java:207
      org.wildfly.security.sasl.scram.ScramSaslServer.evaluateMessage(ScramSaslServer.java:84
      org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219
      org.wildfly.security.sasl.util.AbstractSaslServer.evaluateResponse(AbstractSaslServer.java:82
      org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58
      org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110
      org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59
      org.infinispan.server.core.security.SubjectSaslServer.evaluateResponse(SubjectSaslServer.java:39
      org.infinispan.server.hotrod.Authentication.authInternal(Authentication.java:90
      org.infinispan.server.hotrod.Authentication.lambda$auth$0(Authentication.java:77
      org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35
      org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982
      org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486
      org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377
      java.base/java.lang.Thread.run(Thread.java:83)
      

              ttarrant@redhat.com Tristan Tarrant
              ttarrant@redhat.com Tristan Tarrant
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: