Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-897

Unable to authenticate in SPNEGO Login Module with NullPointerException

    Details

    • Steps to Reproduce:
      Hide

      This happens very rarely (20 times in a day on a system where about 50 users are working) and it is extremely hard to reproduce.

      Show
      This happens very rarely (20 times in a day on a system where about 50 users are working) and it is extremely hard to reproduce.

      Description

      Description of problem:

      The configuration with SPNEGO works fine, however from time to time the authentication fails with the following error:

      ERROR (HTTP-341) [org.jboss.security.auth.spi.AbstractServerLoginModule] Unable to authenticate: java.lang.NullPointerException
      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:420)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Subject.java:356)

      Version-Release number of selected component (if applicable):

      JBoss Security Negotiation 2.3.3.Final

      How reproducible:
      This happens very rarely (20 times in a day on a system where about 50 users are working) and it is extremely hard to reproduce.

      Additional info:

      At line 420 in [1], the GSSToken is null
      ~~~~
      if (respToken != null)
      {
      NegotiationMessage response;
      if (requestMessage instanceof KerberosMessage)

      { response = new KerberosMessage(Constants.KERBEROS_V5, respToken); }

      else

      { NegTokenTarg negTokenTarg = new NegTokenTarg(); negTokenTarg.setResponseToken(respToken); response = negTokenTarg; }

      ~~~~

      It looks like a GSSToken can be or is null, check the line#344 as follows:-
      ~~~~~~~~~
      public Object run()
      {
      try
      {
      // The message type will have already been checked before this point so we know it is
      // a SPNEGO message.
      NegotiationMessage requestMessage = negotiationContext.getRequestMessage();

      // TODO - Ensure no way to fall through with gssToken still null.
      byte[] gssToken = null;
      if (requestMessage instanceof NegTokenInit)
      {
      ...
      ~~~~~~~~~

      [1] : https://github.com/wildfly-security/jboss-negotiation/blob/2.3.3.Final/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                soul2zimate Chao Wang
                Reporter:
                krathod Kunjan Rathod
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: