Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IllegalStateException is thrown when Liberty tries to update a readOnly subject #17489

Closed
una-tapa opened this issue Jun 9, 2021 · 2 comments · Fixed by #17586
Closed

IllegalStateException is thrown when Liberty tries to update a readOnly subject #17489

una-tapa opened this issue Jun 9, 2021 · 2 comments · Fixed by #17586
Assignees
@una-tapa
Labels
bug This bug is not present in a released version of Open Liberty release bug This bug is present in a released version of Open Liberty release:210010

Comments

@una-tapa
Copy link
Member

una-tapa commented Jun 9, 2021
edited
Loading

Describe the bug

The java.lang.IllegalStateException is thrown with the reason Subject is read-only. The error is thrown when TAI authenticator tries to check and remove an internal property that is no longer used.

Caused by: java.lang.IllegalStateException: Subject is read-only
        at javax.security.auth.Subject$SecureSet$1.remove(Subject.java:1297)
        at javax.security.auth.Subject$SecureSet.remove(Subject.java:1386)
        at java.util.Collections$SynchronizedCollection.remove(Collections.java:2051)
        at com.ibm.ws.webcontainer.security.internal.TAIAuthenticator.removeInternalProps(TAIAuthenticator.java:388)
        at com.ibm.ws.webcontainer.security.internal.TAIAuthenticator.authenticateWithSubject(TAIAuthenticator.java:374)
        at com.ibm.ws.webcontainer.security.internal.TAIAuthenticator.loginWithTAIUserName(TAIAuthenticator.java:351)
        at com.ibm.ws.webcontainer.security.internal.TAIAuthenticator.authenticateWithTAIResult(TAIAuthenticator.java:313)
        at com.ibm.ws.webcontainer.security.internal.TAIAuthenticator.handleTaiResult(TAIAuthenticator.java:252)
        at com.ibm.ws.webcontainer.security.internal.TAIAuthenticator.authenticate(TAIAuthenticator.java:167)
        at com.ibm.ws.webcontainer.security.WebProviderAuthenticatorProxy.handleTAI(WebProviderAuthenticatorProxy.java:337)
        at com.ibm.ws.webcontainer.security.WebProviderAuthenticatorProxy.authenticate(WebProviderAuthenticatorProxy.java:454)
        at com.ibm.ws.webcontainer.security.WebAuthenticatorProxy.authenticate(WebAuthenticatorProxy.java:68)
        at com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.authenticateRequest(WebAppSecurityCollaboratorImpl.java:1233)
        at com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.determineWebReply(WebAppSecurityCollaboratorImpl.java:989)
        at com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.performSecurityChecks(WebAppSecurityCollaboratorImpl.java:678)
        at com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.preInvoke(WebAppSecurityCollaboratorImpl.java:596)
        at com.ibm.wsspi.webcontainer.collaborator.CollaboratorHelper.preInvokeCollaborators(CollaboratorHelper.java:459)

Steps to Reproduce
Unfortunately, no recreation steps are found.

Expected behavior
Liberty should check isReadOnly() before accessing the Subject.

Diagnostic information:

  • OpenLiberty Version: 20.0.0.12
  • Java Version: The issue is irrelevant to the Java version. Reported on 8.0.6.25.
  • server.xml configuration The error is thrown from TAI related method. The TAI configuration looks like below.
 <trustAssociation id="myTrustAssociation" invokeForUnprotectedURI="false" failOverToAppAuthType="false">
   <interceptors id="myTAI" enabled="true" className="com.ibm.mysecurity.myTAI" invokeBeforeSSO="true" invokeAfterSSO="false" libraryRef="myLib">
   </interceptors>
 </trustAssociation>
@una-tapa una-tapa added the bug This bug is not present in a released version of Open Liberty label Jun 9, 2021
@una-tapa una-tapa self-assigned this Jun 9, 2021
This was referenced Jun 14, 2021
Closed
Merged
@una-tapa
Copy link
Member Author

I had the same fix and the same green build. Somehow I did not ask for review - closing. We will go with # 17586,

@mshah0722 mshah0722 added the release bug This bug is present in a released version of Open Liberty label Sep 2, 2021
@una-tapa una-tapa closed this as completed Sep 2, 2021
@mshah0722
Copy link
Contributor

Opening to link issue. Then closing right after.

@mshah0722 mshah0722 reopened this Sep 2, 2021
@mshah0722 mshah0722 linked a pull request Sep 2, 2021 that will close this issue
Check for subject is read only #17586
Merged
@una-tapa una-tapa mentioned this issue Jul 6, 2022
Closed
This was referenced Apr 19, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@una-tapa una-tapa

Labels
bug This bug is not present in a released version of Open Liberty release bug This bug is present in a released version of Open Liberty release:210010
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Check for subject is read only utle/open-liberty
3 participants
@una-tapa @LibbyBot @mshah0722