Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2545

Principal with null name causes hidden NPE for chained-principal-transformer

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 3.0.0.Beta29
    • None
    • Security
    • None

      In case when Principal with null name is used in chain of org.wildfly.extension.elytron.capabilities.PrincipalTransformer then this method throw NullPointerException which is hidden to user due to JBEAP-9625.

      This issue can be simply reproduced by using regex-validating-principal-transformer and user which does not match given pattern. Then Principal name is set to null which results to following NPE:

      java.lang.NullPointerException:
        java.util.regex.Matcher.getTextLength(Matcher.java:1283)
        java.util.regex.Matcher.reset(Matcher.java:309)
        java.util.regex.Matcher.<init>(Matcher.java:229)
        java.util.regex.Pattern.matcher(Pattern.java:1093)
        org.wildfly.security.auth.util.RegexNameRewriter.rewriteName(RegexNameRewriter.java:55)
        org.wildfly.security.auth.server.NameRewriter.lambda$asPrincipalRewriter$1(NameRewriter.java:63)
        org.wildfly.extension.elytron.capabilities.PrincipalTransformer.lambda$chain$1(PrincipalTransformer.java:64)
        ...
      

      Since there is no related documentation or javadoc it is also possible that issue is rather in regex-validating-principal-transformer which could set Principal to null instead of Principal name to null. It must be clarified by engineering.

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: