Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3416

NPE in Undertow Extension if login module doesn't set Principal

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 8.1.0.CR2
    • Web (Undertow)
    • None
    • Hide

      Use following LoginModule

      import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

public class EmptyLoginModule implements LoginModule {

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
    }

    public boolean login() throws LoginException {
        return true;
    }

    public boolean commit() throws LoginException {
        return true;
    }

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        return true;
    }
}

      and security domain configuration:

      <security-domain name="testdomain">
  <authentication>
    <login-module 
      code="org.jboss.as.test.integration.security.jaas.EmptyLoginModule" 
      flag="required"/>
  </authentication>
</security-domain>
      Show
      Use following LoginModule import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; public class EmptyLoginModule implements LoginModule { public void initialize(Subject subject, CallbackHandler callbackHandler, Map< String , ?> sharedState, Map< String , ?> options) { } public boolean login() throws LoginException { return true ; } public boolean commit() throws LoginException { return true ; } public boolean abort() throws LoginException { return true ; } public boolean logout() throws LoginException { return true ; } } and security domain configuration: <security-domain name= "testdomain" > <authentication> <login-module code= "org.jboss.as.test.integration.security.jaas.EmptyLoginModule" flag= "required" /> </authentication> </security-domain>

      NPE is thrown during authentication if a LoginModule doesn't set any principal to the Subject.

      The problem comes from org.wildfly.extension.undertow.security.AccountImpl constructor call principal.getName().

      Caused by: java.lang.NullPointerException
at org.wildfly.extension.undertow.security.AccountImpl.<init>(AccountImpl.java:61)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:123)
...

            Unassigned Unassigned
            josef.cacek@gmail.com Josef Cacek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: