Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-12968

SecurityDomainContextRealm is not caching passwords correctly

XMLWordPrintable

    • Hide

      Configure a mixed scenario similar to the elytron example but with cache configured to default, and check the password is never found in the cache and a normal login is executed:

      2020-01-15 08:48:57,882 TRACE [org.jboss.security] (default task-1) PBOX00204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@d3d5823, credential class: class [C
2020-01-15 08:48:57,883 TRACE [org.jboss.security] (default task-1) PBOX00205: End validateCache, result = false
      Show
      Configure a mixed scenario similar to the elytron example but with cache configured to default, and check the password is never found in the cache and a normal login is executed: 2020-01-15 08:48:57,882 TRACE [org.jboss.security] (default task-1) PBOX00204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@d3d5823, credential class: class [C 2020-01-15 08:48:57,883 TRACE [org.jboss.security] (default task-1) PBOX00205: End validateCache, result = false

      The SecurityDomainContextRealm realm used in elytron mixed scenarios is not taken advantage of the cache if the underlying security-domain is configured with default cache (cache-type="default"). The problem is similar to what is commented in the JAASIdentityManagerImpl, the evidence reset the password and then the cache is useless. The solution can also be cloning the password char[] before, this way the cache is OK and the array can be compared correctly.

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-rmartinc Ricardo Martin Camarero
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: