Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11725

ElytronAuthenticator.getPasswordAuthentication() cannot obtain PasswordFactory for Elytron algorithms

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER2
    • 7.1.0.ER1
    • Security
    • None

      ElytronAuthenticator.getPasswordAuthentication() cannot obtain PasswordFactory for Elytron related algorithms. It is caused by missing WildFlyElytronProvider (since Security::getProviders is used for obtaining providers) for PasswordFactory.getInstance in [1].

      It results to hidden NoSuchAlgorithmException with message ELY08028: Invalid algorithm "clear" and stacktrace:

      org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
org.wildfly.security.auth.util.ElytronAuthenticator.getPasswordAuthentication(ElytronAuthenticator.java:92)
java.net.Authenticator.requestPasswordAuthentication(Authenticator.java:317)
...

      It causes that even if element net-authenticator from Elytron client configuration file correctly sets ElytronAuthenticator as default Authenticator, it is not able to work with Elytron related algorithms which means it breaks feature from RFE7-567 - Client Side Security (Elytron Client) => we request blocker flag.

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/4df6f4726b7cf070c4a49d0f05f115760132fe11/src/main/java/org/wildfly/security/auth/util/ElytronAuthenticator.java#L92

              psilva@redhat.com Pedro Igor Craveiro
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: