Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
The SaslAuthenticationFactory sublcass of AbstractMechanismAuthenticationFactory is using org.wildfly.security.sasl.util.SaslMechanismInformation#getSupportedServerCredentialTypes() to determine what credentials are available. But, that method returns null if nothing is known about that mechanism name. AbstractMechanismAuthenticationFactory doesn't check for null in the returned collection, and so NPE results which is uncaught and can cause hangs and other problems.