Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-20426

(7.3.z) ELY-2031 - NullPointerException when using CachingSecurityRealm with SCRAM algorithms

    XMLWordPrintable

Details

    Description

      When using a CachingSecurityRealm with identities with multiple SCRAM passwords, an NPE happens when attempting to obtain credentials for those identities.
      This is caused by the fact that IdentityCredentials.Many uses strict matching between algorithm requires a strict match between algorithmName and parameterSpec whereas One and Two accept "loose" matches when those are null.

      org.wildfly.security.auth.server.IdentityCredentials$Many.getCredential(IdentityCredentials.java:705
org.infinispan.server.security.realm.CachingSecurityRealm.getCredential(CachingSecurityRealm.java:154
org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.getCredential(ServerAuthenticationContext.java:1982
org.wildfly.security.auth.server.ServerAuthenticationContext.getCredential(ServerAuthenticationContext.java:660
org.wildfly.security.auth.server.ServerAuthenticationContext.handleOne(ServerAuthenticationContext.java:972
org.wildfly.security.auth.server.ServerAuthenticationContext.handle(ServerAuthenticationContext.java:867
org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer(TrustManagerSaslServerFactory.java:101
org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156
org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:83
org.wildfly.security.mechanism.scram.ScramServer.evaluateInitialResponse(ScramServer.java:207
org.wildfly.security.sasl.scram.ScramSaslServer.evaluateMessage(ScramSaslServer.java:84
org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219
org.wildfly.security.sasl.util.AbstractSaslServer.evaluateResponse(AbstractSaslServer.java:82
org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58
org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110
org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.evaluateResponse(SecurityIdentitySaslServerFactory.java:59
org.infinispan.server.core.security.SubjectSaslServer.evaluateResponse(SubjectSaslServer.java:39
org.infinispan.server.hotrod.Authentication.authInternal(Authentication.java:90
org.infinispan.server.hotrod.Authentication.lambda$auth(Authentication.java:77
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377
java.base/java.lang.Thread.run(Thread.java:83)

      Attachments

        Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. ELY-2031 NullPointerException when using CachingSecurityRealm with SCRAM algorithms

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component JBEAP-20376 (7.3.z) Upgrade WildFly Elytron from 1.10.9.Final-redhat-00001 to 1.10.10.Final-redhat

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: JBEAP

              People

                rhn-support-ivassile Ilia Vassilev
                rhn-support-ivassile Ilia Vassilev
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: