Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10614

Elytron, all http mechanisms handled on each request.

    XMLWordPrintable

Details

    • Hide
      • Secure management interface with Elytron 
        /core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory, value=management-http-authentication)
reload
      • Turn on TRACE logging 
        /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL)
/subsystem=logging/logger=org.wildfly.security:add(level=ALL)
      • access web console http://localhost:9990/console/
      • In log there is a lot of messages like Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost' protocol='http'
      Show
      Secure management interface with Elytron /core-service=management/management- interface =http- interface :write-attribute(name=http-authentication-factory, value=management-http-authentication) reload Turn on TRACE logging /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL) /subsystem=logging/logger=org.wildfly.security:add(level=ALL) access web console http://localhost:9990/console/ In log there is a lot of messages like Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost' protocol='http'

    Description

      Following steps from reproducer, accessing management console produces logs, which indicates all http mechanism are somehow handled on each request. Isn't that performance waste?

      Shouldn't mechanism-configuration section served as filter for mechanisms I am really interested in?

      <http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain">
    <mechanism-configuration>
        <mechanism mechanism-name="DIGEST">
            <mechanism-realm realm-name="ManagementRealm"/>
        </mechanism>
    </mechanism-configuration>
</http-authentication-factory>
      Unable to find source-code formatter for language: server.log. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      10:08:56,997 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost' protocol='http'
10:08:56,998 TRACE [org.wildfly.security] (management task-5) BASIC: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BASIC', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BASIC', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

10:08:56,998 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='CLIENT_CERT' host-name='localhost' protocol='http'
10:08:56,998 TRACE [org.wildfly.security] (management task-5) CLIENT_CERT: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

10:08:56,998 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='DIGEST' host-name='localhost' protocol='http'
10:08:56,998 TRACE [org.wildfly.security] (management task-5) Handling AvailableRealmsCallback: realms = [ManagementRealm]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Nonce AAAABAAAB0I1ZcY0ZQR/ksqHzqEZtz+a1664s92seND27/HjphfbBJBaL8I= rejected as previously used.
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling AvailableRealmsCallback: realms = [ManagementRealm]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling AvailableRealmsCallback: realms = [ManagementRealm]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling RealmCallback: selected = [ManagementRealm]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling NameCallback: authenticationName = admin
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Principal assigning: [admin], pre-realm rewritten: [admin], realm name: [ManagementRealm], post realm rewritten: [admin], realm rewritten: [admin]
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling CredentialCallback: obtained credential for correct realm "ManagementRealm"
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling CredentialCallback: obtained credential: org.wildfly.security.credential.PasswordCredential@b2b93fa5
10:08:56,999 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
10:08:56,999 TRACE [org.wildfly.security] (management task-5) FORM: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

10:08:57,000 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost' protocol='http'
10:08:57,000 TRACE [org.wildfly.security] (management task-5) SPNEGO: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='SPNEGO', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='SPNEGO', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

10:08:57,000 TRACE [org.wildfly.security] (management task-5) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost' protocol='http'
10:08:57,000 TRACE [org.wildfly.security] (management task-5) BEARER_TOKEN: org.wildfly.security.http.HttpAuthenticationException: ELY05172: Unable to locate MechanismConfiguration for mechanism.
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:111)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:924)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:87)
	... 11 more
Caused by: java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost', protocol='http'.
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.selectMechanismConfiguration(ServerAuthenticationContext.java:1280)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$InactiveState.setMechanismInformation(ServerAuthenticationContext.java:1169)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.setMechanismInformation(ServerAuthenticationContext.java:316)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:922)
	... 14 more

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9030 JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              mchoma@redhat.com Martin Choma
              Jan Kalina (Inactive)
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: