2 Replies Latest reply on Feb 28, 2006 4:58 PM by Clebert Suconic

    Failure of security tests in 4.0.x branch testsuite

    Anil Saldanha Master

      There are loads of testsuite failures in the security related tests with an error "Invalid Password". The reason is that in the SecurityAssociationHandler (the default callback handler for the JaasSecurityManagerService), the password is of type org.jboss.invocation.MarshalledValue (when it should be String) and the following bit of code fails.

      org.jboss.security.auth.callback.SecurityAssociationHandler
      private char[] getPassword()
       {
       char[] password = null;
       if (credential instanceof char[])
       {
       password = (char[]) credential;
       }
       else if (credential instanceof String)
       {
       String s = (String) credential;
       password = s.toCharArray();
       }
       else
       {
       try
       {
       Class[] types = {};
       Method m = credential.getClass().getMethod("toCharArray", types);
       Object[] args = {};
       password = (char[]) m.invoke(credential, args);
       }
       catch (Exception e)
       {
       if (credential != null)
       {
       String s = credential.toString();
       password = s.toCharArray();
       }
       }
       }
       return password;
       }
      

      The MarshalledValue object does not have a method "toCharArray". The password should be a derivative of String.

      Reference:

      http://cruisecontrol.jboss.com/cc/artifacts/jboss-4.0-testsuite/20060227234415/results/org/jboss/test/security/test/package-summary.html

      JIRA issue:
      http://jira.jboss.com/jira/browse/JBSER-46