Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-12968

SecurityDomainContextRealm is not caching passwords correctly

    XMLWordPrintable

Details

    • Hide

      Configure a mixed scenario similar to the elytron example but with cache configured to default, and check the password is never found in the cache and a normal login is executed:

      2020-01-15 08:48:57,882 TRACE [org.jboss.security] (default task-1) PBOX00204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@d3d5823, credential class: class [C
2020-01-15 08:48:57,883 TRACE [org.jboss.security] (default task-1) PBOX00205: End validateCache, result = false
      Show
      Configure a mixed scenario similar to the elytron example but with cache configured to default, and check the password is never found in the cache and a normal login is executed: 2020-01-15 08:48:57,882 TRACE [org.jboss.security] (default task-1) PBOX00204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@d3d5823, credential class: class [C 2020-01-15 08:48:57,883 TRACE [org.jboss.security] (default task-1) PBOX00205: End validateCache, result = false

    Description

      The SecurityDomainContextRealm realm used in elytron mixed scenarios is not taken advantage of the cache if the underlying security-domain is configured with default cache (cache-type="default"). The problem is similar to what is commented in the JAASIdentityManagerImpl, the evidence reset the password and then the cache is useless. The solution can also be cloning the password char[] before, this way the cache is OK and the array can be compared correctly.

      Attachments

        Issue Links

          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-18738 [GSS](7.3.z) SecurityDomainContextRealm is not caching passwords correctly

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-rmartinc Ricardo Martin Camarero
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: