Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7224

Missing validation check for simple-regex-realm-mapper and mapped-regex-realm-mapper in Elytron subsystem

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Alpha1
    • 11.0.0.Alpha1
    • Security
    • None
    • Hide 
      /subsystem=elytron/simple-regex-realm-mapper=SomeRealmMapper:add(pattern=somePattern)
/subsystem=elytron/security-domain=SomeSecurityDomain:add(default-realm=ManagementRealm,realms=[{realm=ManagementRealm}],realm-mapper=SomeRealmMapper)
{
    "outcome" => "failed",
    "failure-description" => {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined},
    "rolled-back" => true
}
      Show
      /subsystem=elytron/simple-regex-realm-mapper=SomeRealmMapper:add(pattern=somePattern) /subsystem=elytron/security-domain=SomeSecurityDomain:add( default -realm=ManagementRealm,realms=[{realm=ManagementRealm}],realm-mapper=SomeRealmMapper) { "outcome" => "failed" , "failure-description" => { "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}, "rolled-back" => true }

    Description

      Elytron subsystem allows to add realm mapper (e.g. simple-regex-realm-mapper) with pattern which does not include a capture group. In case when this realm mapper is used in add operation for security domain through CLI then operation fails with incomprehensible log:

      {
    "outcome" => "failed",
    "failure-description" => {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined},
    "rolled-back" => true
}

      Exception in server log:

      ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.security.realm-mapper.SomeRealmMapper: org.jboss.msc.service.StartException in service org.wildfly.security.realm-mapper.SomeRealmMapper: Failed to start service
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: ELY01065: Pattern requires a capture group
	at org.wildfly.security.auth.util.SimpleRegexRealmMapper.<init>(SimpleRegexRealmMapper.java:64)
	at org.wildfly.security.auth.util.SimpleRegexRealmMapper.<init>(SimpleRegexRealmMapper.java:49)
	at org.wildfly.extension.elytron.RealmMapperDefinitions$SimpleRegexRealmMapperAddHandler.lambda$performRuntime$0(RealmMapperDefinitions.java:157)
	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
	... 3 more

      The same happens for mapped-regex-realm-mapper.

      Point here is that we allow to successfully add wrong realm mapper (without capture group) but we check whether it is wrong later in security domain. This check should be done during adding wrong realm mapper to avoid following incomprehensible CLI log and exception in server log.

      Attachments

        Issue Links

          causes

          Bug - A problem that impairs or prevents the functions of the product. WFLY-7225 Writing wrong realm-mapper to security-domain causes failures after reload

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6214 Missing validation check for simple-regex-realm-mapper and mapped-regex-realm-mapper in Elytron subsystem

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFLY-7246 Upgrade to version 1.0.0.Alpha11 of the Elytron Subsystem

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: