Loading...

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR18, 7.1.0.ER1
Affects Version/s: 7.1.0.DR17
Component/s: Security
Labels:
- eap71_priority

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

Secure management interface with Elytron

/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory, value=management-http-authentication) reload

Turn on TRACE logging

/subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL) /subsystem=logging/logger=org.wildfly.security:add(level=ALL)

access web console http://localhost:9990/console/

In log there is a lot of messages like Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost' protocol='http'
Show
Secure management interface with Elytron /core-service=management/management- interface =http- interface :write-attribute(name=http-authentication-factory, value=management-http-authentication) reload Turn on TRACE logging /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL) /subsystem=logging/logger=org.wildfly.security:add(level=ALL) access web console http://localhost:9990/console/ In log there is a lot of messages like Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost' protocol='http'

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Following steps from reproducer, accessing management console produces logs, which indicates all http mechanism are somehow handled on each request. Isn't that performance waste?

Shouldn't mechanism-configuration section served as filter for mechanisms I am really interested in?

<http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain">
    <mechanism-configuration>
        <mechanism mechanism-name="DIGEST">
            <mechanism-realm realm-name="ManagementRealm"/>
        </mechanism>
    </mechanism-configuration>
</http-authentication-factory>

Unable to find source-code formatter for language: server.log. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml

10:08:56,997 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost' protocol='http'
10:08:56,998 TRACE [org.wildfly.security] (management task-5) BASIC: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BASIC', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BASIC', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

10:08:56,998 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='CLIENT_CERT' host-name='localhost' protocol='http'
10:08:56,998 TRACE [org.wildfly.security] (management task-5) CLIENT_CERT: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

10:08:56,998 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='DIGEST' host-name='localhost' protocol='http'
10:08:56,998 TRACE [org.wildfly.security] (management task-5) Handling AvailableRealmsCallback: realms = [ManagementRealm]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Nonce AAAABAAAB0I1ZcY0ZQR/ksqHzqEZtz+a1664s92seND27/HjphfbBJBaL8I= rejected as previously used.
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling AvailableRealmsCallback: realms = [ManagementRealm]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling AvailableRealmsCallback: realms = [ManagementRealm]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling RealmCallback: selected = [ManagementRealm]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling NameCallback: authenticationName = admin
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Principal assigning: [admin], pre-realm rewritten: [admin], realm name: [ManagementRealm], post realm rewritten: [admin], realm rewritten: [admin]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling CredentialCallback: obtained credential for correct realm "ManagementRealm"
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling CredentialCallback: obtained credential: org.wildfly.security.credential.PasswordCredential@b2b93fa5
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
10:08:56,999 TRACE [org.wildfly.security] (management task-5) FORM: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

10:08:57,000 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost' protocol='http'
10:08:57,000 TRACE [org.wildfly.security] (management task-5) SPNEGO: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='SPNEGO', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='SPNEGO', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

10:08:57,000 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost' protocol='http'
10:08:57,000 TRACE [org.wildfly.security] (management task-5) BEARER_TOKEN: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

relates to

JBEAP-9030 JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism

Closed

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates