Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8880

Auth token properties are not applied to legacy AUTH configuration

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide
      keytool -genkeypair -alias alias -keypass password -storepass password -storetype jks -keystore key3.keystore -keyalg RSA
      
      /subsystem=jgroups/stack=udp/protocol=AUTH:add(add-index=8,properties={auth_class=org.jgroups.auth.X509Token,keystore_type=JKS,keystore_path="/tmp/key3.keystore",keystore_password=password,cert_alias=alias,cert_password=password,auth_value=shared-password,cipher_type=RSA})
      reload
      
      Show
      keytool -genkeypair -alias alias -keypass password -storepass password -storetype jks -keystore key3.keystore -keyalg RSA /subsystem=jgroups/stack=udp/protocol=AUTH:add(add-index=8,properties={auth_class=org.jgroups.auth.X509Token,keystore_type=JKS,keystore_path="/tmp/key3.keystore",keystore_password=password,cert_alias=alias,cert_password=password,auth_value=shared-password,cipher_type=RSA}) reload
    • Workaround Description:
      Hide

      use .../protocol=AUTH/token=cipher:add() instead

      Show
      use .../protocol=AUTH/token=cipher:add() instead

      Description

      This is related to the discussion that Lami Akagwu started on JBEAP-10285. I reproduced the NPE he was getting, went through the stacktrace, and I think it's a bug.

      08:53:37,361 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 67) MSC000001: Failed to start service org.wildfly.clustering.jgroups.channel.ee: org.jboss.msc.service.StartException in service org.wildfly.clustering.jgroups.channel.ee: java.lang.NullPointerException
      	at org.jboss.as.clustering.jgroups.subsystem.ChannelBuilder.start(ChannelBuilder.java:104)
      	at org.wildfly.clustering.service.AsynchronousServiceBuilder.lambda$start$0(AsynchronousServiceBuilder.java:99)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:748)
      	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
      Caused by: java.lang.NullPointerException
      	at org.jboss.modules.ConcurrentClassLoader.getResourceAsStream(ConcurrentClassLoader.java:366)
      	at org.jgroups.auth.X509Token.setCertificate(X509Token.java:180)
      	at org.jgroups.protocols.AUTH.init(AUTH.java:101)
      	at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:861)
      	at org.jgroups.stack.ProtocolStack.init(ProtocolStack.java:831)
      	at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:108)
      	at org.jboss.as.clustering.jgroups.subsystem.ChannelBuilder.start(ChannelBuilder.java:102)
      	... 5 more
      

      It looks like the only reason ConcurrentClassLoader would throw an NPE instead of returning null in getResourceAsStream is that the name (in this case keystore_path) is null. That means the keystore_path is not propagated from EAP configuration to JGroups when the protocol stack is being created.

      The getResourceAsStream is still expected to fail, as the keystore is not on the classpath, but it should be found after that via the FileInputStream check that JGroups does.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pferraro Paul Ferraro
              Reporter:
              pferraro Paul Ferraro
              Tester:
              Richard Janik Richard Janik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: