2 Replies Latest reply on May 24, 2018 7:49 AM by alessandromoscatelli

Wildfly 13.0.0.Beta1 - Soteria - Jaspic - Error getting ServerAuthContext

alessandromoscatelli May 21, 2018 12:07 PM

Hi there,

I am testing the new Wildfly release and the new Java EE8 Security API.
I noticed this serious (I truly believe) bug, and it also accours almost randomly.

The deployed application is an EAR.

If I deploy the EAR with a started Wildfly 13.0.0.Beta1 everything is fine.
Then if I stop and start / restart the application server, I can see the startup and the EAR is redeployed but sometimes (like 50% of time) the bug/error accours.
Usually after a couple of times (stop/start/restart) I can reproduce the situation.

Before the bug accours every call to pages and APIs works correctly. After the bug accours every call triggers the AuthException.

After the bug accours, if I redeploy the SAME EAR everything is fine again 100% of times.
This seems like Wildfly does something different when redeploying an application on startup and when being already startup up and then processing an application deploy.

I can provide my EAR if you want, but I would prefer not to if this is not necessary.

The security domain as defined as suggested :

                <security-domain name="auth" cache-type="default">
                    <authentication-jaspi>
                        <login-module-stack name="dummy">
                            <login-module code="Dummy" flag="optional"/>
                        </login-module-stack>
                        <auth-module code="Dummy"/>
                    </authentication-jaspi>
                </security-domain>

META-INF/jboss-app.xml inside the EAR :

<?xml version="1.0" encoding="UTF-8"?>
<jboss-app>
    <security-domain>auth</security-domain>
</jboss-app>

META-INF/jboss-web.xml inside the WAR inside the EAR :

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>auth</security-domain>
</jboss-web>

Log :

17:04:18,556 ERROR [org.jboss.security] (default task-1) PBOX00374: Error getting ServerAuthContext for authContextId default-host /optoplus-services-web and security domain auth: javax.security.auth.message.AuthException
 at org.jboss.security.auth.message.config.JBossServerAuthConfig.getAuthContext(JBossServerAuthConfig.java:187)
 at org.jboss.security.plugins.auth.JASPIServerAuthenticationManager.isValid(JASPIServerAuthenticationManager.java:99)
 at org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism.authenticate(JASPICAuthenticationMechanism.java:123)
 at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245)
 at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231)
 at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)
 at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
 at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
 at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
 at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
 at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
 at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
 at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
 at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
 at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
 at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
 at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
 at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
 at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
 at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at org.wildfly.extension.undertow.security.jaspi.JASPICSecureResponseHandler.handleRequest(JASPICSecureResponseHandler.java:48)
 at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
 at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
 at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
 at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
 at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
 at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
 at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
 at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
 at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
 at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
 at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
 at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
 at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
 at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
 at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
 at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
 at java.lang.Thread.run(Thread.java:748)

1. Re: Wildfly 13.0.0.Beta1 - Soteria - Jaspic - Error getting ServerAuthContext

alessandromoscatelli May 21, 2018 12:17 PM (in response to alessandromoscatelli)

I also created a bug on JIRA :

[WFLY-10417] Security API - Soteria - Jaspic - Error getting ServerAuthContext - JBoss Issue Tracker
Actions
2. Re: Wildfly 13.0.0.Beta1 - Soteria - Jaspic - Error getting ServerAuthContext

alessandromoscatelli May 24, 2018 7:49 AM (in response to alessandromoscatelli)

I got it, the problem is related to multiple WARs/Contexts being secured by Soteria after a reboot.
I updated the Issue with a sample project you can use to reproduce the issue and detailed steps.
Actions

Go to original post