Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-779

Interaction with WS throws NPE when running with security manager and IBM JDK 8 SR5 FP10

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None
    • None
    • None
    • Hide

      It can be reproduces with JBoss EAP 7.1.0.GA with IBM JDK 8 SR5 FP10. You can use jboss-eap-7.1.0-maven-repository.zip as maven repository.

      git clone git@gitlab.mw.lab.eng.bos.redhat.com:jbossqe-eap/tests-picketlink.git
cd tests-picketlink
mvn clean test -Deap -Djboss.dist.zip=/PATH/TO/jboss-eap-7.1.0.zip -Dversion.jboss.bom=7.1.0.GA -DskipTests -Dmaven.repo.local=/PATH/TO/maven-repository

mvn test -Deap -Djboss.init.skip -Dversion.jboss.bom=7.1.0.GA -fae -Dmaven.test.failure.ignore=true -Dignore.known.issues=true -Dtest=EjbAsWsAuthorizationTestCase -P secmgr-test-cases -Dmaven.repo.local=/PATH/TO/maven-repository
      Show
      It can be reproduces with JBoss EAP 7.1.0.GA with IBM JDK 8 SR5 FP10. You can use jboss-eap-7.1.0-maven-repository.zip as maven repository. git clone git@gitlab.mw.lab.eng.bos.redhat.com:jbossqe-eap/tests-picketlink.git cd tests-picketlink mvn clean test -Deap -Djboss.dist.zip=/PATH/TO/jboss-eap-7.1.0.zip -Dversion.jboss.bom=7.1.0.GA -DskipTests -Dmaven.repo.local=/PATH/TO/maven-repository mvn test -Deap -Djboss.init.skip -Dversion.jboss.bom=7.1.0.GA -fae -Dmaven.test.failure.ignore= true -Dignore.known.issues= true -Dtest=EjbAsWsAuthorizationTestCase -P secmgr-test-cases -Dmaven.repo.local=/PATH/TO/maven-repository

    Description

      Interaction with WS when running with security manager throws following NPE:

      Interceptor for {http://org.picketlink.trust/sts/}PicketLinkSTS#{http://cxf.apache.org/jaxws/dispatch}Invoke has thrown exception, unwinding now: java.lang.NullPointerException
	at org.wildfly.security.manager.WildFlySecurityManager.findAccessDenial(WildFlySecurityManager.java:221)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:293)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
	at java.lang.SecurityManager.checkConnect(SecurityManager.java:1064)
	at org.wildfly.security.manager.WildFlySecurityManager.checkConnect(WildFlySecurityManager.java:390)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:572)
	at sun.net.www.http.HttpClient.<init>(HttpClient.java:256)
	at sun.net.www.http.HttpClient.New(HttpClient.java:360)
	at sun.net.www.http.HttpClient.New(HttpClient.java:378)
	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1232)
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1211)
	at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1052)
	at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1050)
	at java.security.AccessController.doPrivileged(AccessController.java:901)
	at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:942)
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1049)
	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:996)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1346)
	at sun.net.www.protocol.http.HttpURLConnection.access$100(HttpURLConnection.java:103)
	at sun.net.www.protocol.http.HttpURLConnection$8.run(HttpURLConnection.java:1313)
	at sun.net.www.protocol.http.HttpURLConnection$8.run(HttpURLConnection.java:1311)
	at java.security.AccessController.doPrivileged(AccessController.java:901)
	at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:942)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1310)
	at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream$1.run(URLConnectionHTTPConduit.java:268)
	at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream$1.run(URLConnectionHTTPConduit.java:265)
	at java.security.AccessController.doPrivileged(AccessController.java:694)
	at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:265)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1330)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1291)
	at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:307)
	at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
	at org.apache.cxf.io.AbstractThresholdOutputStream.unBuffer(AbstractThresholdOutputStream.java:89)
	at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:63)
	at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)
	at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:242)
	at com.ctc.wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:215)
	at com.ctc.wstx.sw.BaseStreamWriter._finishDocument(BaseStreamWriter.java:1466)
	at com.ctc.wstx.sw.BaseStreamWriter.writeEndDocument(BaseStreamWriter.java:552)
	at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor.handleMessage(SoapOutInterceptor.java:307)
	at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor.handleMessage(SoapOutInterceptor.java:294)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:442)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
	at org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:331)
	at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:321)
	at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:240)
	at org.picketlink.identity.federation.core.wstrust.STSClient.validateToken(STSClient.java:412)
	at org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule.login(SAML2STSCommonLoginModule.java:362)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
	at java.lang.reflect.Method.invoke(Method.java:508)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
	at java.security.AccessController.doPrivileged(AccessController.java:694)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
	at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406)
	at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345)
	at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323)
	at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146)
	at org.picketlink.trust.jbossws.handler.AbstractWSAuthenticationHandler.handleInbound(AbstractWSAuthenticationHandler.java:83)
	at org.picketlink.trust.jbossws.handler.AbstractPicketLinkTrustHandler.handleMessage(AbstractPicketLinkTrustHandler.java:259)
	at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(HandlerChainInvoker.java:359)
	at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(HandlerChainInvoker.java:255)
	at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(HandlerChainInvoker.java:132)
	at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInternal(SOAPHandlerInterceptor.java:166)
	at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:121)
	at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:70)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
	at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:109)
	at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)
	at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
	at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
	at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:67)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$926.00000000105031D0.call(Unknown Source)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$927.0000000010402F20.call(Unknown Source)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$927.0000000010402F20.call(Unknown Source)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$927.0000000010402F20.call(Unknown Source)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$927.0000000010402F20.call(Unknown Source)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
	at java.security.AccessController.doPrivileged(AccessController.java:694)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
	at java.lang.Thread.run(Thread.java:811)

      This happens only with IBM JDK 8 SR5 FP10:

      java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 8.0.5.10 - pxa6480sr5fp10-20180214_01(SR5 FP10))
IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64 Compressed References 20180208_378436 (JIT enabled, AOT enabled)
OpenJ9   - 39bb844
OMR      - c04ccb2
IBM      - 2321a81)
JCL - 20180209_01 based on Oracle jdk8u161-b12

      This issue affects also JBoss EAP 7.1.0.GA (when IBM JDK 8 SR5 FP10 is used). EAP 7.1.0.GA was certified with IBM JDK 8 SR4 FP6 where this issue does not exist.

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            olukas Ondrej Lukas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: