Details

    • Target Release:
    • Steps to Reproduce:
      Hide
      git clone -b JBEAP-11110-reproducer https://github.com/kwart/wildfly.git
      cd wildfly
      mvn clean install -DskipTests -Dcheckstyle.skip
      cd testsuite/integration/elytron/
      mvn clean test -Dcheckstyle.skip -Dtest=OauthbearerMgmtSaslTestCase
      

      Following token causes the problem for instance:

          /**
           * Expired token
           * 
           * <pre>
           * {
           *   "iss": "issuer.wildfly.org",
           *   "sub": "elytron@wildfly.org",
           *   "exp": 1136073599,  // 20051231235959Z
           *   "iat": 1104537599,  // 20041231235959Z
           *   "aud": "jwt"
           * }
           * </pre>
           */
          protected static final String TOKEN_EXPIRED = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1ZXIud2lsZGZseS5vcmciLCJzdWIiOiJlbHl0cm9uQHdpbGRmbHkub3JnIiwiZXhwIjoxMTM2MDczNTk5LCJpYXQiOjExMDQ1Mzc1OTksImF1ZCI6Imp3dCJ9.cQmi4smytz15Yd1UIkkaLZPbw5f3p-o_MZpVxTJoDYo";
      
      Show
      git clone -b JBEAP-11110-reproducer https: //github.com/kwart/wildfly.git cd wildfly mvn clean install -DskipTests -Dcheckstyle.skip cd testsuite/integration/elytron/ mvn clean test -Dcheckstyle.skip -Dtest=OauthbearerMgmtSaslTestCase Following token causes the problem for instance: /** * Expired token * * <pre> * { * "iss" : "issuer.wildfly.org" , * "sub" : "elytron@wildfly.org" , * "exp" : 1136073599, // 20051231235959Z * "iat" : 1104537599, // 20041231235959Z * "aud" : "jwt" * } * </pre> */ protected static final String TOKEN_EXPIRED = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1ZXIud2lsZGZseS5vcmciLCJzdWIiOiJlbHl0cm9uQHdpbGRmbHkub3JnIiwiZXhwIjoxMTM2MDczNTk5LCJpYXQiOjExMDQ1Mzc1OTksImF1ZCI6Imp3dCJ9.cQmi4smytz15Yd1UIkkaLZPbw5f3p-o_MZpVxTJoDYo" ;

      Description

      When token verification in OAUTHBEARER SASL mechanism fails (e.g. token is already expired), the connection remain open and it hangs (until it timeouts).

      More info:

      • OAuth2Client goes into handleServerResponse() with {"status":"invalid_token"}

        and generates finalMessage = 37, 120, 48, 49

      • OAuth2SaslClient sends it and goes into FAILED_STATE
      • remoting EndpointImpl get stuck in receiveAuthReject()

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  honza889 Jan Kalina
                  Reporter:
                  jcacek Josef Cacek
                  Tester:
                  Ondrej Kotek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: