Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.0.0.DR11
Affects Version/s: 7.0.0.DR10
Component/s: Security, Undertow
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.0.GA
Steps to Reproduce:
Hide

Configure following security domain (and reconfigure logging) by using CLI:

/subsystem=security/security-domain=web-tests:add /subsystem=security/security-domain=web-tests/authentication=classic:add {allow-resource-service-restart=true} /subsystem=security/security-domain=web-tests/authentication=classic/login-module=UsersRoles:add( \ code=UsersRoles, flag=required, module-options=[ \ ("hashAlgorithm"=>"MD5"), \ ("hashEncoding"=>"RFC2617"), \ ("hashUserPassword"=>"false"), \ ("hashStorePassword"=>"true"), \ ("passwordIsA1Hash"=>"false"), \ ("storeDigestCallback"=>"org.jboss.security.auth.callback.RFC2617Digest") \ ]) {allow-resource-service-restart=true} /subsystem=logging/logger=org.jboss.security:add(level=ALL) /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL)

Deploy attached secured-webapp.war application. It has the DIGEST configured in web.xml. The application references the security domain created in the first step.

Open http://127.0.0.1:8080/secured-webapp/ in a browser and login with admin/admin credentials

User will not be logged into the app (in EAP 7) and the exception occurs in the server log.
Show
Configure following security domain (and reconfigure logging) by using CLI: /subsystem=security/security-domain=web-tests:add /subsystem=security/security-domain=web-tests/authentication=classic:add {allow-resource-service-restart= true } /subsystem=security/security-domain=web-tests/authentication=classic/login-module=UsersRoles:add( \ code=UsersRoles, flag=required, module-options=[ \ ( "hashAlgorithm" => "MD5" ), \ ( "hashEncoding" => "RFC2617" ), \ ( "hashUserPassword" => " false " ), \ ( "hashStorePassword" => " true " ), \ ( "passwordIsA1Hash" => " false " ), \ ( "storeDigestCallback" => "org.jboss.security.auth.callback.RFC2617Digest" ) \ ]) {allow-resource-service-restart= true } /subsystem=logging/logger=org.jboss.security:add(level=ALL) /subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=ALL) Deploy attached secured-webapp.war application. It has the DIGEST configured in web.xml . The application references the security domain created in the first step. Open http://127.0.0.1:8080/secured-webapp/ in a browser and login with admin/admin credentials User will not be logged into the app (in EAP 7) and the exception occurs in the server log.

SFDC Cases Counter:
SFDC Cases Links:

The callback org.jboss.security.auth.callback.RFC2617Digest is used as a login module option in security domain if the user uses DIGEST authentication method. It's not working in EAP 7 - an exception is thrown during authentication from the login module(s) when this callback is used.

09:56:06,141 DEBUG [org.jboss.security] (default task-2) PBOX00206: Login failure: javax.security.auth.login.LoginException: PBOX00055: Failed to invoke CallbackHandler
	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:446)
	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:282)
	at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:171)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
	at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406)
	at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345)
	at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333)
	at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146)
	at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)
	at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:77)
	at io.undertow.security.impl.DigestAuthenticationMechanism.handleDigestHeader(DigestAuthenticationMechanism.java:278)
	at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:162)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
	at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
	at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
	at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
	at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:198)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:784)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.auth.callback.UnsupportedCallbackException: PBOX00014: org.jboss.security.auth.callback.JBossCallbackHandler does not handle a callback of type org.jboss.security.auth.callback.MapCallback
	at org.jboss.security.auth.callback.JBossCallbackHandler.handleCallBack(JBossCallbackHandler.java:138)
	at org.jboss.security.auth.callback.JBossCallbackHandler.handle(JBossCallbackHandler.java:87)
	at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:939)
	at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:936)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:936)
	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:436)
	... 51 more

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

secured-webapp.war
3 kB
2015/09/18 5:10 AM

is related to

WFLY-3659 DIGEST authentication method throws javax.security.auth.callback.UnsupportedCallbackException

Closed

Assignee:: Darran Lofthouse

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2015/09/18 5:14 AM

Updated:: 2016/06/14 7:37 AM

Resolved:: 2015/09/30 6:15 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates