Strange authorization failure on WildFly 18.0.1 with JavaEE security api (JSR-375).
Hello, I've been trying to setup web service authentication and authorization with JSR-375 security api on WildFly 18.0.1 but ran into strange problem.
Everything seem to work for some hundreds of requests, but then suddenly it doesn't and I get:
Authentication error:: java.lang.IllegalStateException: java.io.IOException: org.wildfly.security.authz.AuthorizationFailureException: ELY01088: Attempting to run as "com.raikiri.general.security.GeneralPrincipal@113e8f56" authorization operation failed
at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.jaspic.Jaspic.handleCallbacks(Jaspic.java:205)
at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.jaspic.Jaspic.notifyContainerAboutLogin(Jaspic.java:178)
at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.HttpMessageContextImpl.notifyContainerAboutLogin(HttpMessageContextImpl.java:285)
at deployment.general.war//com.raikiri.general.security.JwtAuthenticationMechanism.validateToken(JwtAuthenticationMechanism.java:46)
at deployment.general.war//com.raikiri.general.security.JwtAuthenticationMechanism.validateRequest(JwtAuthenticationMechanism.java:33)
at deployment.general.war//com.raikiri.general.security.JwtAuthenticationMechanism$Proxy$_$$_WeldClientProxy.validateRequest(Unknown Source)
at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.jaspic.HttpBridgeServerAuthModule.validateRequest(HttpBridgeServerAuthModule.java:114)
at org.glassfish.soteria@1.0//org.glassfish.soteria.mechanisms.jaspic.DefaultServerAuthContext.validateRequest(DefaultServerAuthContext.java:76)
And it doesn't make any sense since prior dozen or hundred of requests have worked just fine.
GeneralPrincipal is an implementation of java.security.Principal;
I tried it on WildFly 19 beta 1, number of processed requests before failure is higher, but I still were able to trigger AuthorizationFailureException.
So I'm pretty much lost, what can be done about it?
Full stacktrace while running with JDK8:
Authentication error:: java.lang.IllegalStateException: java.io.IOException: org.wildfly.security.authz.AuthorizationFailureException: ELY01088: Attempting to run as "com.raikiri.general.security.GeneralPrincipal@7291b3e5" authorization operation failed
at org.glassfish.soteria.mechanisms.jaspic.Jaspic.handleCallbacks(Jaspic.java:205)
at org.glassfish.soteria.mechanisms.jaspic.Jaspic.notifyContainerAboutLogin(Jaspic.java:178)
at org.glassfish.soteria.mechanisms.HttpMessageContextImpl.notifyContainerAboutLogin(HttpMessageContextImpl.java:285)
at com.raikiri.general.security.JwtAuthenticationMechanism.validateToken(JwtAuthenticationMechanism.java:46)
at com.raikiri.general.security.JwtAuthenticationMechanism.validateRequest(JwtAuthenticationMechanism.java:33)
at com.raikiri.general.security.JwtAuthenticationMechanism$Proxy$_$$_WeldClientProxy.validateRequest(Unknown Source)
at org.glassfish.soteria.mechanisms.jaspic.HttpBridgeServerAuthModule.validateRequest(HttpBridgeServerAuthModule.java:114)
at org.glassfish.soteria.mechanisms.jaspic.DefaultServerAuthContext.validateRequest(DefaultServerAuthContext.java:76)
at org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl.authenticate(ServletSecurityContextImpl.java:177)
at org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl.authenticate(ServletSecurityContextImpl.java:97)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: org.wildfly.security.authz.AuthorizationFailureException: ELY01088: Attempting to run as "com.raikiri.general.security.GeneralPrincipal@7291b3e5" authorization operation failed
at org.wildfly.security.auth.jaspi.impl.JaspiAuthenticationContext$1.handle(JaspiAuthenticationContext.java:111)
at org.glassfish.soteria.mechanisms.jaspic.Jaspic.handleCallbacks(Jaspic.java:199)
... 41 more
Caused by: org.wildfly.security.authz.AuthorizationFailureException: ELY01088: Attempting to run as "com.raikiri.general.security.GeneralPrincipal@7291b3e5" authorization operation failed
at org.wildfly.security.auth.server.SecurityIdentity.createRunAsIdentity(SecurityIdentity.java:735)
at org.wildfly.security.auth.jaspi.impl.JaspiAuthenticationContext$1.handleOne(JaspiAuthenticationContext.java:151)
at org.wildfly.security.auth.jaspi.impl.JaspiAuthenticationContext$1.lambda$handle$0(JaspiAuthenticationContext.java:100)
at org.wildfly.security.auth.jaspi.impl.SecurityActions.doPrivileged(SecurityActions.java:39)
at org.wildfly.security.auth.jaspi.impl.JaspiAuthenticationContext$1.handle(JaspiAuthenticationContext.java:99)
... 42 more