Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11147

Elytron AuthenticationConfiguration uses SASL mechanism from incorrect security Provider in some cases

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER1
    • 7.1.0.DR18
    • Security
    • None
    • Hide

      Reproducer test code is available here: https://github.com/kwart/wildfly/blob/JBEAP-11147-reproducer/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/sasl/mgmt/ReproducerPlainClientClassTestCase.java

      Full steps to reproduce the issue:

      git clone -b JBEAP-11147-reproducer https://github.com/kwart/wildfly.git
      cd wildfly
      mvn clean install -DskipTests -Dcheckstyle.skip
      cd testsuite/integration/elytron/
      mvn clean test -Dcheckstyle.skip -Dtest=ReproducerPlainClientClassTestCase
      
      Show
      Reproducer test code is available here: https://github.com/kwart/wildfly/blob/JBEAP-11147-reproducer/testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/sasl/mgmt/ReproducerPlainClientClassTestCase.java Full steps to reproduce the issue: git clone -b JBEAP-11147-reproducer https: //github.com/kwart/wildfly.git cd wildfly mvn clean install -DskipTests -Dcheckstyle.skip cd testsuite/integration/elytron/ mvn clean test -Dcheckstyle.skip -Dtest=ReproducerPlainClientClassTestCase

      In our tests for PLAIN SASL mechanism in the AS testsuite we realized a wrong SaslClient implementation is used. Instead of the Elytron one, the JDK provided one is used (com.sun.security.sasl.PlainClient).

      The Elytron client builds the AuthenticationContext and runs executed code in this way:

      AuthenticationConfiguration authnCfg = AuthenticationConfiguration.EMPTY.allowSaslMechanisms(MECHANISM_PLAIN)
              .useName(USERNAME).usePassword("wrongPassword")
              .useDefaultProviders();
      AuthenticationContext.empty().with(MatchRule.ALL, authnCfg).run(...)
      

      It seems to be related to what's included on classpath. When we use the same code in elytron-client-demo the correct mechanism is used.

      Update:
      Remove following Assume row from AbstractMgmtSaslTestBase.java (currently in https://github.com/wildfly/wildfly-core/pull/2481) as part of the fix:

      Assume.assumeFalse("ELY-1203 - Skipping PLAIN mechanism.", "PLAIN".equals(mechanismName));
      

              darran.lofthouse@redhat.com Darran Lofthouse
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: