Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11110

Elytron - failed OAUTHBEARER authentication doesn't close connection

XMLWordPrintable

    • Hide 
      git clone -b JBEAP-11110-reproducer https://github.com/kwart/wildfly.git
cd wildfly
mvn clean install -DskipTests -Dcheckstyle.skip
cd testsuite/integration/elytron/
mvn clean test -Dcheckstyle.skip -Dtest=OauthbearerMgmtSaslTestCase

      Following token causes the problem for instance:

          /**
     * Expired token
     * 
     * <pre>
     * {
     *   "iss": "issuer.wildfly.org",
     *   "sub": "elytron@wildfly.org",
     *   "exp": 1136073599,  // 20051231235959Z
     *   "iat": 1104537599,  // 20041231235959Z
     *   "aud": "jwt"
     * }
     * </pre>
     */
    protected static final String TOKEN_EXPIRED = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1ZXIud2lsZGZseS5vcmciLCJzdWIiOiJlbHl0cm9uQHdpbGRmbHkub3JnIiwiZXhwIjoxMTM2MDczNTk5LCJpYXQiOjExMDQ1Mzc1OTksImF1ZCI6Imp3dCJ9.cQmi4smytz15Yd1UIkkaLZPbw5f3p-o_MZpVxTJoDYo";
      Show
      git clone -b JBEAP-11110-reproducer https: //github.com/kwart/wildfly.git cd wildfly mvn clean install -DskipTests -Dcheckstyle.skip cd testsuite/integration/elytron/ mvn clean test -Dcheckstyle.skip -Dtest=OauthbearerMgmtSaslTestCase Following token causes the problem for instance: /** * Expired token * * <pre> * { * "iss" : "issuer.wildfly.org" , * "sub" : "elytron@wildfly.org" , * "exp" : 1136073599, // 20051231235959Z * "iat" : 1104537599, // 20041231235959Z * "aud" : "jwt" * } * </pre> */ protected static final String TOKEN_EXPIRED = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1ZXIud2lsZGZseS5vcmciLCJzdWIiOiJlbHl0cm9uQHdpbGRmbHkub3JnIiwiZXhwIjoxMTM2MDczNTk5LCJpYXQiOjExMDQ1Mzc1OTksImF1ZCI6Imp3dCJ9.cQmi4smytz15Yd1UIkkaLZPbw5f3p-o_MZpVxTJoDYo" ;

      When token verification in OAUTHBEARER SASL mechanism fails (e.g. token is already expired), the connection remain open and it hangs (until it timeouts).

      More info:

      • OAuth2Client goes into handleServerResponse() with {"status":"invalid_token"}

        and generates finalMessage = 37, 120, 48, 49

      • OAuth2SaslClient sends it and goes into FAILED_STATE
      • remoting EndpointImpl get stuck in receiveAuthReject()

        1. server.log
          687 kB
        2. standalone-full.xml
          34 kB

            jkalina@redhat.com Jan Kalina (Inactive)
            josef.cacek@gmail.com Josef Cacek (Inactive)
            Ondrej Kotek Ondrej Kotek
            Ondrej Kotek Ondrej Kotek
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: