Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-921

Elytron FORM authentication failing if TRACE is enabled.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 1.1.0.Beta22
    • Fix Version/s: 1.1.0.Beta24
    • Component/s: HTTP
    • Labels:
      None
    • Steps to Reproduce:
      Hide
      1. Run ./standalone.xml
      2. Configure EAP:
        /subsystem=undertow/application-security-domain=ApplicationSecurityDomain:add(http-authentication-factory=application-http-authentication)
        /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL)
        /subsystem=logging/logger=org.wildfly.security:add(level=ALL)
        
      1. Deploy secured-webapp.war from attachment
      2. Access http://localhost:8080/secured-webapp/
      Show
      Run ./standalone.xml Configure EAP: /subsystem=undertow/application-security-domain=ApplicationSecurityDomain:add(http-authentication-factory=application-http-authentication) /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL) /subsystem=logging/logger=org.wildfly.security:add(level=ALL) Deploy secured-webapp.war from attachment Access http://localhost:8080/secured-webapp/

      Description

      NPE occures during FORM authentication when TRACE logging is enabled.

      11:02:55,488 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /secured-webapp/: java.lang.NullPointerException
      	at org.wildfly.elytron.web.undertow.server.ElytronHttpExchange$4.getID(ElytronHttpExchange.java:401)
      	at org.wildfly.security.http.impl.FormAuthenticationMechanism.attemptReAuthentication(FormAuthenticationMechanism.java:228)
      	at org.wildfly.security.http.impl.FormAuthenticationMechanism.evaluateRequest(FormAuthenticationMechanism.java:99)
      	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115)
      	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
      	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:106)
      	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:90)
      	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:74)
      	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:82)
      	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
      	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
      	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:46)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
      	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
      	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
      	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
      	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1696)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1696)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1696)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1696)
      	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
      	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:210)
      	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      
      FormAuthenticationMechanism.java
              if (log.isTraceEnabled()) {
                  if (getSessionScope(request, false) != null) {
                      log.tracef("Trying to re-authenticate session %s using FormAuthenticationMechanism. Request URI: [%s], Context path: [%s]",
                              getSessionScope(request, false).getID(), request.getRequestURI(), this.contextPath);
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dlofthouse Darran Lofthouse
              Reporter:
              mchoma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: