Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8880

Auth token properties are not applied to legacy AUTH configuration

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Beta1
    • No Release
    • Clustering
    • None
    • Hide 
      keytool -genkeypair -alias alias -keypass password -storepass password -storetype jks -keystore key3.keystore -keyalg RSA

      /subsystem=jgroups/stack=udp/protocol=AUTH:add(add-index=8,properties={auth_class=org.jgroups.auth.X509Token,keystore_type=JKS,keystore_path="/tmp/key3.keystore",keystore_password=password,cert_alias=alias,cert_password=password,auth_value=shared-password,cipher_type=RSA})
reload
      Show
      keytool -genkeypair -alias alias -keypass password -storepass password -storetype jks -keystore key3.keystore -keyalg RSA /subsystem=jgroups/stack=udp/protocol=AUTH:add(add-index=8,properties={auth_class=org.jgroups.auth.X509Token,keystore_type=JKS,keystore_path="/tmp/key3.keystore",keystore_password=password,cert_alias=alias,cert_password=password,auth_value=shared-password,cipher_type=RSA}) reload
    • Hide

      use .../protocol=AUTH/token=cipher:add() instead

      Show
      use .../protocol=AUTH/token=cipher:add() instead

    Description

      This is related to the discussion that rhn-support-lakagwu started on JBEAP-10285. I reproduced the NPE he was getting, went through the stacktrace, and I think it's a bug.

      08:53:37,361 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 67) MSC000001: Failed to start service org.wildfly.clustering.jgroups.channel.ee: org.jboss.msc.service.StartException in service org.wildfly.clustering.jgroups.channel.ee: java.lang.NullPointerException
	at org.jboss.as.clustering.jgroups.subsystem.ChannelBuilder.start(ChannelBuilder.java:104)
	at org.wildfly.clustering.service.AsynchronousServiceBuilder.lambda$start$0(AsynchronousServiceBuilder.java:99)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: java.lang.NullPointerException
	at org.jboss.modules.ConcurrentClassLoader.getResourceAsStream(ConcurrentClassLoader.java:366)
	at org.jgroups.auth.X509Token.setCertificate(X509Token.java:180)
	at org.jgroups.protocols.AUTH.init(AUTH.java:101)
	at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:861)
	at org.jgroups.stack.ProtocolStack.init(ProtocolStack.java:831)
	at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:108)
	at org.jboss.as.clustering.jgroups.subsystem.ChannelBuilder.start(ChannelBuilder.java:102)
	... 5 more

      It looks like the only reason ConcurrentClassLoader would throw an NPE instead of returning null in getResourceAsStream is that the name (in this case keystore_path) is null. That means the keystore_path is not propagated from EAP configuration to JGroups when the protocol stack is being created.

      The getResourceAsStream is still expected to fail, as the keystore is not on the classpath, but it should be found after that via the FileInputStream check that JGroups does.

      Attachments

        Issue Links

          causes

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10285 AUTH fails to validate AuthHeader

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11298 keystore_path is not propagated into X509Token when creating protocol stack

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              pferraro@redhat.com Paul Ferraro
              pferraro@redhat.com Paul Ferraro
              Richard Janik Richard Janik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: