Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-12410

Elytron AuthenticationConfiguration leaks between EJB client calls

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.CR1
    • 7.1.0.ER3
    • EJB, Remoting, Security
    • None
    • Hide

      Reproducer test code is available here: https://github.com/kwart/wildfly/blob/JBEAP-12410-reproducer/testsuite/integration/manualmode/src/test/java/org/wildfly/test/manual/elytron/seccontext/SaslConfigLeaksTestCase.java

      Full steps to reproduce the issue:

      git clone -b JBEAP-12410-reproducer https://github.com/kwart/wildfly.git
cd wildfly
mvn clean install -DskipTests -Dcheckstyle.skip -Denforcer.skip
cd testsuite/integration/manualmode
mvn clean test -Dcheckstyle.skip -Dcheckstyle.skip -Denforcer.skip -DtestLogToFile=false -Dtest=SaslConfigLeaksTestCase

      The testcase contains 2 tests (test1, test2) each in 2 variants (+ test1WithReload,test2WithReload). The *WithReload test methods are passing - they reload server1 at some point. The test methods without reload fail.

      Show
      Reproducer test code is available here: https://github.com/kwart/wildfly/blob/JBEAP-12410-reproducer/testsuite/integration/manualmode/src/test/java/org/wildfly/test/manual/elytron/seccontext/SaslConfigLeaksTestCase.java Full steps to reproduce the issue: git clone -b JBEAP-12410-reproducer https: //github.com/kwart/wildfly.git cd wildfly mvn clean install -DskipTests -Dcheckstyle.skip -Denforcer.skip cd testsuite/integration/manualmode mvn clean test -Dcheckstyle.skip -Dcheckstyle.skip -Denforcer.skip -DtestLogToFile= false -Dtest=SaslConfigLeaksTestCase The testcase contains 2 tests (test1, test2) each in 2 variants (+ test1WithReload,test2WithReload). The *WithReload test methods are passing - they reload server1 at some point. The test methods without reload fail.

    Description

      Authentication (or SASL configuration?) seems to be leaking between EJB remote calls.
      It causes authentication failures in subsequent calls.

      I have following scenario:

      EJB Client  --> EntryBean on server1  --> WhoAmIBean on server2

      Both the EJB Client and the EntryBean use Elytron API (AuthenticationContext+AuthenticationConfiguration) to provide valid authentication configuration.

      The full scenario (including bean lookups) is repeated several times with different Elytron AuthenticationConfigurations used (always a valid one).

      When scenarios run isolated (reload server between runs) they pass. Nevertheless when they run in sequence without reloads, then some combination fails.

      Attachments

        Issue Links

          is caused by

          Bug - A problem that impairs or prevents the functions of the product. REM3-296 Ensure that a SASL mechanism that failed when establishing the initial connection doesn't get excluded in subsequent shared-connection authentication attempts

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-12582 Upgrade to jboss-remoting 5.0.0.Final

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              fjuma1@redhat.com Farah Juma
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: