0 Replies Latest reply on Feb 14, 2020 9:53 AM by vladimir.novoseltsev

    Strange authorization failure on WildFly 18.0.1 with JavaEE security api (JSR-375).

    vladimir.novoseltsev

      Hello, I've been trying to setup web service authentication and authorization with JSR-375 security api on WildFly 18.0.1 but ran into strange problem.

      Everything seem to work for some hundreds of requests, but then suddenly it doesn't and I get:

      Authentication error:: java.lang.IllegalStateException: java.io.IOException: org.wildfly.security.authz.AuthorizationFailureException: ELY01088: Attempting to run as "com.raikiri.general.security.GeneralPrincipal@113e8f56" authorization operation failed

          at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.jaspic.Jaspic.handleCallbacks(Jaspic.java:205)

          at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.jaspic.Jaspic.notifyContainerAboutLogin(Jaspic.java:178)

          at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.HttpMessageContextImpl.notifyContainerAboutLogin(HttpMessageContextImpl.java:285)

          at deployment.general.war//com.raikiri.general.security.JwtAuthenticationMechanism.validateToken(JwtAuthenticationMechanism.java:46)

          at deployment.general.war//com.raikiri.general.security.JwtAuthenticationMechanism.validateRequest(JwtAuthenticationMechanism.java:33)

          at deployment.general.war//com.raikiri.general.security.JwtAuthenticationMechanism$Proxy$_$$_WeldClientProxy.validateRequest(Unknown Source)

          at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.jaspic.HttpBridgeServerAuthModule.validateRequest(HttpBridgeServerAuthModule.java:114)

          at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.jaspic.DefaultServerAuthContext.validateRequest(DefaultServerAuthContext.java:76)

       

      And it doesn't make any sense since prior dozen or hundred of requests have worked just fine.

      GeneralPrincipal is an implementation of java.security.Principal;

      I tried it on WildFly 19 beta 1, number of processed requests before failure is higher, but I still were able to trigger AuthorizationFailureException.

      So I'm pretty much lost, what can be done about it?

       

      Full stacktrace while running with JDK8:

      Authentication error:: java.lang.IllegalStateException: java.io.IOException: org.wildfly.security.authz.AuthorizationFailureException: ELY01088: Attempting to run as "com.raikiri.general.security.GeneralPrincipal@7291b3e5" authorization operation failed

          at org.glassfish.soteria.mechanisms.jaspic.Jaspic.handleCallbacks(Jaspic.java:205)

          at org.glassfish.soteria.mechanisms.jaspic.Jaspic.notifyContainerAboutLogin(Jaspic.java:178)

          at org.glassfish.soteria.mechanisms.HttpMessageContextImpl.notifyContainerAboutLogin(HttpMessageContextImpl.java:285)

          at com.raikiri.general.security.JwtAuthenticationMechanism.validateToken(JwtAuthenticationMechanism.java:46)

          at com.raikiri.general.security.JwtAuthenticationMechanism.validateRequest(JwtAuthenticationMechanism.java:33)

          at com.raikiri.general.security.JwtAuthenticationMechanism$Proxy$_$$_WeldClientProxy.validateRequest(Unknown Source)

          at org.glassfish.soteria.mechanisms.jaspic.HttpBridgeServerAuthModule.validateRequest(HttpBridgeServerAuthModule.java:114)

          at org.glassfish.soteria.mechanisms.jaspic.DefaultServerAuthContext.validateRequest(DefaultServerAuthContext.java:76)

          at org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl.authenticate(ServletSecurityContextImpl.java:177)

          at org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl.authenticate(ServletSecurityContextImpl.java:97)

          at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)

          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

          at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

          at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

          at org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)

          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

          at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

          at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

          at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

          at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

          at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

          at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

          at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

          at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

          at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)

          at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)

          at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

          at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)

          at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)

          at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)

          at java.lang.Thread.run(Thread.java:748)

      Caused by: java.io.IOException: org.wildfly.security.authz.AuthorizationFailureException: ELY01088: Attempting to run as "com.raikiri.general.security.GeneralPrincipal@7291b3e5" authorization operation failed

          at org.wildfly.security.auth.jaspi.impl.JaspiAuthenticationContext$1.handle(JaspiAuthenticationContext.java:111)

          at org.glassfish.soteria.mechanisms.jaspic.Jaspic.handleCallbacks(Jaspic.java:199)

          ... 41 more

      Caused by: org.wildfly.security.authz.AuthorizationFailureException: ELY01088: Attempting to run as "com.raikiri.general.security.GeneralPrincipal@7291b3e5" authorization operation failed

          at org.wildfly.security.auth.server.SecurityIdentity.createRunAsIdentity(SecurityIdentity.java:735)

          at org.wildfly.security.auth.jaspi.impl.JaspiAuthenticationContext$1.handleOne(JaspiAuthenticationContext.java:151)

          at org.wildfly.security.auth.jaspi.impl.JaspiAuthenticationContext$1.lambda$handle$0(JaspiAuthenticationContext.java:100)

          at org.wildfly.security.auth.jaspi.impl.SecurityActions.doPrivileged(SecurityActions.java:39)

          at org.wildfly.security.auth.jaspi.impl.JaspiAuthenticationContext$1.handle(JaspiAuthenticationContext.java:99)

          ... 42 more