1 Reply Latest reply on Mar 31, 2010 5:45 AM by Jeff Mesnil

    NPE causing authentication failure

    Jeff Mesnil Master

      re https://jira.jboss.org/jira/browse/SECURITY-484

       

      While running JMS tck tests, tests started to fail because of auth issue.

      The root cause seems to be a JNDI lookup failure:

      13:13:27,409 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Look up of JNDI for cts/mappingMgr failed with null

       

      Which then causes a NPE:

       

      13:13:27,410 TRACE [org.jboss.security.integration.JNDIBasedSecurityManagement] Exception in getting MappingManager: java.lang.NullPointerException
      at java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:881)
      at org.jboss.security.integration.JNDIBasedSecurityManagement.getMappingManager(JNDIBasedSecurityManagement.java:219)
      at org.jboss.security.plugins.JBossSecurityContext.getMappingManager(JBossSecurityContext.java:280)
      at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:406)
      at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:379)
      at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:185)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
      at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
      at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
      at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)

       

      After that exception, all subsequent tests fail because of auth issue.

      I need to restart the server for authentication to work again.

      I suppose we should check for a null mapping manager before putting it in the map.

        • 1. Re: NPE causing authentication failure
          Jeff Mesnil Master

          Thanks to the fix, the NPE no longer occurs.

          However, authentication still fails after some time running the TCK tests:

           

           

          11:32:58,049 TRACE [org.jboss.security.plugins.mapping.JBossMappingManager] Application Policy not found for domain=java:/jaas/cts.Mapping framework will use the default domain:other
           
          ...
           
          11:33:50,487 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] logout
          11:33:55,200 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(cts), size=15
          11:33:55,958 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(cts), authInfo=AppConfigurationEntry[]:
          [0]
          LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
          ControlFlag: LoginModuleControlFlag : required
          Options:
          name=usersProperties, value=cts-users.properties
          name=unauthenticatedIdentity, value=cts-user
          name=rolesProperties, value=cts-roles.properties
          name=password-stacking, value=useFirstPass
           
          11:34:06,984 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.cts] Login failure: javax.security.auth.login.LoginException: classe LoginModule introuvable : org.jboss.security.auth.spi.UsersRolesLoginModule
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
          at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUser(JBossASSecurityManager.java:81)
          at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:128)
          

           

          Now, when the java:/jaas/cts domain is not found, we use the default domain instead of throwing the NPE. Authentication will still fails later on.

           

          Are there other traces I can add in addition to org.jboss.security to help you track why the java:/jaas/cts stops to be found?