New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

This fixes a few issues with JASPI: #5558

Closed
wants to merge 7 commits into
base: master
from

Conversation

Projects
None yet
9 participants
@stoty
Contributor

stoty commented Dec 2, 2013

  • Pre-emptive authetication (AUTH_SUCCESS & null UserPrinciplal
    handling) (spec 3.8.3.1)
  • Always call secureResponse (spec 2.5.1.2 Point(3))
  • Properly fill org.jboss.security.SecurityContext by using
    org.jboss.security.auth.callback.JASPICallbackHandler, so that EJB
    propgation has a chance to work
This fixes a few issues with JASPI:
* Pre-emptive authetication (AUTH_SUCCESS & null UserPrinciplal
handling) (spec 3.8.3.1)
* Always call secureResponse (spec 2.5.1.2 Point(3))
* Properly fill org.jboss.security.SecurityContext by using
org.jboss.security.auth.callback.JASPICallbackHandler, so that EJB
propgation has a chance to work
@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 2, 2013

Can one of the admins verify this patch?

wildfly-ci commented Dec 2, 2013

Can one of the admins verify this patch?

@ctomc

This comment has been minimized.

Show comment
Hide comment
@ctomc

ctomc Dec 2, 2013

Contributor

this is ok to test

Contributor

ctomc commented Dec 2, 2013

this is ok to test

@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 2, 2013

Build 1822 is now running using a merge of 2e3b833

wildfly-ci commented Dec 2, 2013

Build 1822 is now running using a merge of 2e3b833

@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 2, 2013

Build 1822 outcome was FAILURE using a merge of 2e3b833
Summary: Tests failed: 2 (2 new), passed: 5519, ignored: 79 Build time: 1:53:57

Build problems:

Failed tests detected

javax.ejb.EJBException: java.io.IOException: Channel Channel ID cb3027b5 (outbound) of Remoting connection 000b18a8 to build26-linux-x64.ci.local/127.0.0.1:8080 has been closed
javax.ejb.EJBException: java.io.IOException: Channel Channel ID cb3027b5 (outbound) of Remoting connection 000b18a8 to build26-linux-x64.ci.local/127.0.0.1:8080 has been closed
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:236)
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181)
    at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144)
    at com.sun.proxy.$Proxy28.increment(Unknown Source)
    at org.jboss.as.test.clustering.cluster.ejb.remote.RemoteFailoverTestCase.testStatelessFailover(RemoteFailoverTestCase.java:126)
    at org.jboss.as.test.clustering.cluster.ejb.remote.RemoteFailoverTestCase.testStatelessDDFailover(RemoteFailoverTestCase.java:108)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
    at org.jboss.arquillian.junit.Arquillian$6$1.invoke(Arquillian.java:270)
    at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
    at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
    at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:135)
    at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:115)
    at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
    at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53)
    at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
    at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
    at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129)
    at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:89)
    at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:75)
    at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source ...
java.lang.AssertionError: [node-1/server] expected:<2> but was:<1>
java.lang.AssertionError: [node-1/server] expected:<2> but was:<1>
    at org.junit.Assert.fail(Assert.java:88)
    at org.junit.Assert.failNotEquals(Assert.java:743)
    at org.junit.Assert.assertEquals(Assert.java:118)
    at org.junit.Assert.assertEquals(Assert.java:555)
    at org.jboss.as.test.clustering.cluster.dispatcher.CommandDispatcherTestCase.test(CommandDispatcherTestCase.java:117)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
    at org.jboss.arquillian.junit.Arquillian$6$1.invoke(Arquillian.java:270)
    at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
    at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
    at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:135)
    at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:115)
    at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
    at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53)
    at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
    at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
    at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129)
    at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:89)
    at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:75)
    at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.crea ...

Failed tests

org.jboss.as.test.clustering.cluster.ejb.remote.RemoteFailoverTestCase(SYNC-tcp).testStatelessDDFailover: javax.ejb.EJBException: java.io.IOException: Channel Channel ID cb3027b5 (outbound) of Remoting connection 000b18a8 to build26-linux-x64.ci.local/127.0.0.1:8080 has been closed
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:236)
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181)

org.jboss.as.test.clustering.cluster.dispatcher.CommandDispatcherTestCase(SYNC-tcp).test: java.lang.AssertionError: [node-1/server] expected:<2> but was:<1>
    at org.junit.Assert.fail(Assert.java:88)
    at org.junit.Assert.failNotEquals(Assert.java:743)

wildfly-ci commented Dec 2, 2013

Build 1822 outcome was FAILURE using a merge of 2e3b833
Summary: Tests failed: 2 (2 new), passed: 5519, ignored: 79 Build time: 1:53:57

Build problems:

Failed tests detected

javax.ejb.EJBException: java.io.IOException: Channel Channel ID cb3027b5 (outbound) of Remoting connection 000b18a8 to build26-linux-x64.ci.local/127.0.0.1:8080 has been closed
javax.ejb.EJBException: java.io.IOException: Channel Channel ID cb3027b5 (outbound) of Remoting connection 000b18a8 to build26-linux-x64.ci.local/127.0.0.1:8080 has been closed
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:236)
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181)
    at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144)
    at com.sun.proxy.$Proxy28.increment(Unknown Source)
    at org.jboss.as.test.clustering.cluster.ejb.remote.RemoteFailoverTestCase.testStatelessFailover(RemoteFailoverTestCase.java:126)
    at org.jboss.as.test.clustering.cluster.ejb.remote.RemoteFailoverTestCase.testStatelessDDFailover(RemoteFailoverTestCase.java:108)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
    at org.jboss.arquillian.junit.Arquillian$6$1.invoke(Arquillian.java:270)
    at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
    at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
    at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:135)
    at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:115)
    at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
    at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53)
    at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
    at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
    at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129)
    at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:89)
    at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:75)
    at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source ...
java.lang.AssertionError: [node-1/server] expected:<2> but was:<1>
java.lang.AssertionError: [node-1/server] expected:<2> but was:<1>
    at org.junit.Assert.fail(Assert.java:88)
    at org.junit.Assert.failNotEquals(Assert.java:743)
    at org.junit.Assert.assertEquals(Assert.java:118)
    at org.junit.Assert.assertEquals(Assert.java:555)
    at org.jboss.as.test.clustering.cluster.dispatcher.CommandDispatcherTestCase.test(CommandDispatcherTestCase.java:117)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
    at org.jboss.arquillian.junit.Arquillian$6$1.invoke(Arquillian.java:270)
    at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
    at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
    at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:135)
    at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:115)
    at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
    at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53)
    at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
    at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
    at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129)
    at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:89)
    at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:75)
    at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
    at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
    at org.jboss.arquillian.test.impl.TestContextHandler.crea ...

Failed tests

org.jboss.as.test.clustering.cluster.ejb.remote.RemoteFailoverTestCase(SYNC-tcp).testStatelessDDFailover: javax.ejb.EJBException: java.io.IOException: Channel Channel ID cb3027b5 (outbound) of Remoting connection 000b18a8 to build26-linux-x64.ci.local/127.0.0.1:8080 has been closed
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:236)
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181)

org.jboss.as.test.clustering.cluster.dispatcher.CommandDispatcherTestCase(SYNC-tcp).test: java.lang.AssertionError: [node-1/server] expected:<2> but was:<1>
    at org.junit.Assert.fail(Assert.java:88)
    at org.junit.Assert.failNotEquals(Assert.java:743)

@stoty

This comment has been minimized.

Show comment
Hide comment
@stoty

stoty Dec 3, 2013

Contributor

Googling these errors, it seems that they are known intermittent problems, and are not in fact related to my changes.
Please let me know if I'm wrong, and I need to investigate them further.

Contributor

stoty commented Dec 3, 2013

Googling these errors, it seems that they are known intermittent problems, and are not in fact related to my changes.
Please let me know if I'm wrong, and I need to investigate them further.

@ctomc

This comment has been minimized.

Show comment
Hide comment
@ctomc

ctomc Dec 3, 2013

Contributor

noting wrong with your PR, we just have some intermittent clustering issues in our testsuite.

Contributor

ctomc commented Dec 3, 2013

noting wrong with your PR, we just have some intermittent clustering issues in our testsuite.

add Principal to subject
Principal is only added to subject if we use RemotingConnectionCredential or when there is no Principal at all.
If we have valid principal we forget about it.

This causes org.jboss.security.auth.spi.RoleMappingLoginModule to be broken.
I'm not sure if this fix is correct (we can always get Principal from callbackHandler in LoginModule).

Another question what to do with roles? (JbossCallbackHandler don't contain this information) and what to do with roles added in LoginModule
@wojtask9

This comment has been minimized.

Show comment
Hide comment
@wojtask9

wojtask9 Dec 6, 2013

Contributor

I can confirm that this patch works.
Principal and Roles are propagated to EJB. I hope this patch will be merged soon

Contributor

wojtask9 commented Dec 6, 2013

I can confirm that this patch works.
Principal and Roles are propagated to EJB. I hope this patch will be merged soon

*/
public static SecurityContext getSecurityContext() {
if (WildFlySecurityManager.isChecking()) {
return WildFlySecurityManager.doUnchecked(new PrivilegedAction<SecurityContext>() {

This comment has been minimized.

@darranl

darranl Dec 6, 2013

Contributor

Can probably just use a single instance of this class.

@darranl

darranl Dec 6, 2013

Contributor

Can probably just use a single instance of this class.

@@ -179,6 +173,7 @@ public void exchangeEvent(final HttpServerExchange exchange, final NextListener
* @param attachment
* @return
*/
// This information is already present in (undertow) SecurityContext, but there is no getter for it, so we cannot reuse it

This comment has been minimized.

@darranl

darranl Dec 6, 2013

Contributor

If we have something missing from the SecurityContext we can consider adding it - at the moment the API is still open to being expanded if additional methods are needed.

@darranl

darranl Dec 6, 2013

Contributor

If we have something missing from the SecurityContext we can consider adding it - at the moment the API is still open to being expanded if additional methods are needed.

outcome = AuthenticationMechanismOutcome.AUTHENTICATED;
securityContext.authenticationComplete(account, MECHANISM_NAME, false);
} else if (isValid && account == null && !isMandatory(requestContext)) {
outcome = AuthenticationMechanismOutcome.NOT_ATTEMPTED;

This comment has been minimized.

@darranl

darranl Dec 6, 2013

Contributor

I think we may have something missing here, an individual mechanism should not be making decisions about if authentication is mandatory, is there any additional reason why the mandatory check is being pulled into here?

In general Undertow will call each authentication mechanism in turn and if no mechanisms authenticate the request but authentication is required Undertow will take care of turning the call around and sending the challenged.

@darranl

darranl Dec 6, 2013

Contributor

I think we may have something missing here, an individual mechanism should not be making decisions about if authentication is mandatory, is there any additional reason why the mandatory check is being pulled into here?

In general Undertow will call each authentication mechanism in turn and if no mechanisms authenticate the request but authentication is required Undertow will take care of turning the call around and sending the challenged.

This comment has been minimized.

@sguilhen

sguilhen Dec 6, 2013

Contributor

IIRC we need to establish if auth is mandatory in order to set the javax.security.auth.message.MessagePolicy.isMandatory property that is set into the JASPI MessageInfo. Need to check the spec to see if this property MUST always be set or not but I believe it does.

@sguilhen

sguilhen Dec 6, 2013

Contributor

IIRC we need to establish if auth is mandatory in order to set the javax.security.auth.message.MessagePolicy.isMandatory property that is set into the JASPI MessageInfo. Need to check the spec to see if this property MUST always be set or not but I believe it does.

This comment has been minimized.

@stoty

stoty Dec 7, 2013

Contributor

Spec 3.8.1.1 seems pretty unambigious to me on setting the property.
It is worth noting, that there are actually two different isMandatory flags in play:
The one passed in the MessageInfo arguement to SAM.validateRequest tells if this particular request is accessing a protected resource, while the other is passed to SAM.initialize in the requestPolicy argument, that is analogous to the JAAS auth module required/optional flag.

@stoty

stoty Dec 7, 2013

Contributor

Spec 3.8.1.1 seems pretty unambigious to me on setting the property.
It is worth noting, that there are actually two different isMandatory flags in play:
The one passed in the MessageInfo arguement to SAM.validateRequest tells if this particular request is accessing a protected resource, while the other is passed to SAM.initialize in the requestPolicy argument, that is analogous to the JAAS auth module required/optional flag.

This comment has been minimized.

@darranl

darranl Dec 9, 2013

Contributor

What I am feeling here is that JASPI is more than just an authentication mechanism, the mandatory checking may be needed but that placing it in the mechanism itself may not be correct.

@darranl

darranl Dec 9, 2013

Contributor

What I am feeling here is that JASPI is more than just an authentication mechanism, the mandatory checking may be needed but that placing it in the mechanism itself may not be correct.

This comment has been minimized.

@stoty

stoty Dec 9, 2013

Contributor

The isMandatroy check in line 77 is really NOT needed, as soon as I can persuade git to cooperate, I will update the PR.

The spec says that the SAM may return SUCCESS for the check, but set an Unauthenticatated principal.
I figured that NOT_ATTEMPTED is the right way to map this to undertow, but obviously I am not the undertow security expert here, so there may be a better way, like

  • Returning AUTHENTICATED, without calling authenticationComplete -- I am not sure this would legal.
  • Returning AUTHENTICATED, and calling authenticationComplete with a null account -- again, I'm not sure it wouldn't break stuff.
@stoty

stoty Dec 9, 2013

Contributor

The isMandatroy check in line 77 is really NOT needed, as soon as I can persuade git to cooperate, I will update the PR.

The spec says that the SAM may return SUCCESS for the check, but set an Unauthenticatated principal.
I figured that NOT_ATTEMPTED is the right way to map this to undertow, but obviously I am not the undertow security expert here, so there may be a better way, like

  • Returning AUTHENTICATED, without calling authenticationComplete -- I am not sure this would legal.
  • Returning AUTHENTICATED, and calling authenticationComplete with a null account -- again, I'm not sure it wouldn't break stuff.

This comment has been minimized.

@stuartwdouglas

stuartwdouglas Dec 11, 2013

Contributor

I'm not sure if you saw, but I added a special hook for JASPI in Undertow Beta26 that basically allows it to take over the running of authentication mechanisms, to make this sort of scenario work ok.

@stuartwdouglas

stuartwdouglas Dec 11, 2013

Contributor

I'm not sure if you saw, but I added a special hook for JASPI in Undertow Beta26 that basically allows it to take over the running of authentication mechanisms, to make this sort of scenario work ok.

This comment has been minimized.

@stoty

stoty Dec 14, 2013

Contributor

I'll check. Unfortunately I do not expect to have too much time until after the holidays.

@stoty

stoty Dec 14, 2013

Contributor

I'll check. Unfortunately I do not expect to have too much time until after the holidays.

n1hility added some commits Dec 7, 2013

Revert "Merge commit 'refs/pull/5460/head' of github.com:wildfly/wild…
…fly"

This reverts commit eab9553, reversing
changes made to 3259a05.
Merge pull request #5577 from jamezp/WFLY-2616
[WFLY-2616] Add SEVERE logging level to the valid list of levels.
if (isValid && account != null) {
outcome = AuthenticationMechanismOutcome.AUTHENTICATED;
securityContext.authenticationComplete(account, MECHANISM_NAME, false);
} else if (isValid && account == null && !isMandatory(requestContext)) {

This comment has been minimized.

@stoty

stoty Dec 7, 2013

Contributor

The "&& !isMandatory(requestContext)" part is really not needed here, it's possible for the SAM to set a Success/Unauthenticated response even for a protected resource. I'll update the PR.

@stoty

stoty Dec 7, 2013

Contributor

The "&& !isMandatory(requestContext)" part is really not needed here, it's possible for the SAM to set a Success/Unauthenticated response even for a protected resource. I'll update the PR.

stoty added some commits Nov 30, 2013

This fixes a few issues with JASPI:
* Pre-emptive authetication (AUTH_SUCCESS & null UserPrinciplal
handling) (spec 3.8.3.1)
* Always call secureResponse (spec 2.5.1.2 Point(3))
* Properly fill org.jboss.security.SecurityContext by using
org.jboss.security.auth.callback.JASPICallbackHandler, so that EJB
propgation has a chance to work
@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 8, 2013

Build 1887 is now running using a merge of ef6617d

wildfly-ci commented Dec 8, 2013

Build 1887 is now running using a merge of ef6617d

@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 8, 2013

Build 1887 outcome was FAILURE using a merge of ef6617d
Summary: Tests passed: 9989, ignored: 22; exit code 1 (new) Build time: 1:43:36

Build problems:

Process exited with code 1

Failed to execute goal org.apache.maven.plugins:maven-clean-plugin:2.5:clean (default-clean) on project wildfly-ts-integ-basic: Failed to clean project: Failed to delete /opt/buildAgent/work/340a2b56aab3b1db/testsuite/integration/basic/target/jbossas/standalone/configuration/standalone_xml_history/current/standalone-full.v5.xml
Step Build & test (Maven) failed

wildfly-ci commented Dec 8, 2013

Build 1887 outcome was FAILURE using a merge of ef6617d
Summary: Tests passed: 9989, ignored: 22; exit code 1 (new) Build time: 1:43:36

Build problems:

Process exited with code 1

Failed to execute goal org.apache.maven.plugins:maven-clean-plugin:2.5:clean (default-clean) on project wildfly-ts-integ-basic: Failed to clean project: Failed to delete /opt/buildAgent/work/340a2b56aab3b1db/testsuite/integration/basic/target/jbossas/standalone/configuration/standalone_xml_history/current/standalone-full.v5.xml
Step Build & test (Maven) failed
@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 9, 2013

Build 1895 is now running using a merge of ef6617d

wildfly-ci commented Dec 9, 2013

Build 1895 is now running using a merge of ef6617d

@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 9, 2013

Build 1899 is now running using a merge of ef6617d

wildfly-ci commented Dec 9, 2013

Build 1899 is now running using a merge of ef6617d

@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 9, 2013

Build 1902 is now running using a merge of ef6617d

wildfly-ci commented Dec 9, 2013

Build 1902 is now running using a merge of ef6617d

@wildfly-ci

This comment has been minimized.

Show comment
Hide comment
@wildfly-ci

wildfly-ci Dec 9, 2013

Build 1902 outcome was SUCCESS using a merge of ef6617d
Summary: Tests passed: 11701, ignored: 73 Build time: 2:32:21

wildfly-ci commented Dec 9, 2013

Build 1902 outcome was SUCCESS using a merge of ef6617d
Summary: Tests passed: 11701, ignored: 73 Build time: 2:32:21

@n1hility

This comment has been minimized.

Show comment
Hide comment
@n1hility

n1hility Dec 19, 2013

Contributor

�This change needs to be rebased. It is currently pulling in a merge commit which is undoing other unrelated changes

Contributor

n1hility commented Dec 19, 2013

�This change needs to be rebased. It is currently pulling in a merge commit which is undoing other unrelated changes

@bstansberry

This comment has been minimized.

Show comment
Hide comment
@bstansberry

bstansberry Dec 19, 2013

Contributor

Closing, as #5638 was merged, which was this fix with the merge commit issue fixed.

Thanks!

Contributor

bstansberry commented Dec 19, 2013

Closing, as #5638 was merged, which was this fix with the merge commit issue fixed.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment