Elytron support in webservices security after upgrade EAP to 7.4.11
Hello there :),
I would ask you about supporting elytron in ws-security. We have a webservice configured like this:
@WebService @SOAPBinding(parameterStyle = ParameterStyle.BARE) @HandlerChain(file = "handler-chains.xml") @Policies({ @Policy(uri = "classpath:/META-INF/wsdl/UserNameTokenPolicy.xml", placement = Policy.Placement.BINDING, includeInWSDL = true) }) @EndpointProperties({ @EndpointProperty(key = "ws-security.validate.token", value = "false") }) @InInterceptors(interceptors = { "org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor" }) @SecurityDomain("ws-domain") public class CommonDataWebServiceBean extends ReadBean { }
Security domain is configured like this:
/subsystem=ejb3/application-security-domain=ws-domain:add(security-domain=c-ldap-domain)
And is pointing to elytron ldap backed domain:
/subsystem=elytron/dir-context=ldap-dc:add(url="$LDAP_URL", principal="$LDAP_PRINCIPAL", credential-reference=.... /subsystem=elytron/ldap-realm=c-ldap-realm:add(dir-context=ldap-dc.... /subsystem=elytron/security-domain=c-ldap-domain:add(realms=[{realm=c-ldap-realm...
FORM authentication using the same elytron security domain is working on web app without issues and authentication in webservices is working on EAP 7.4.9.
But after patch 7.4.11 we have following exception:
2023-07-05 17:52:49,147 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Interceptor for {http://cdata.webservice.example.com/}CommonDataWebServiceBeanService has thrown exception, unwinding now: java.lang.SecurityException: JBWS024057: Failed Authentication : Subject has not been created at org.jboss.ws.cxf.jbossws-cxf-server@5.4.8.Final-redhat-00001//org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:133) at org.jboss.ws.cxf.jbossws-cxf-server@5.4.8.Final-redhat-00001//org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.handleMessage(SubjectCreatingPolicyInterceptor.java:106) at org.apache.cxf@3.4.10.redhat-00001//org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf@3.4.10.redhat-00001//org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.impl//org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265) at org.jboss.ws.cxf.jbossws-cxf-server@5.4.8.Final-redhat-00001//org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110) at org.jboss.ws.cxf.jbossws-cxf-server@5.4.8.Final-redhat-00001//org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134) at org.jboss.ws.cxf.jbossws-cxf-server@5.4.8.Final-redhat-00001//org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88) at org.apache.cxf.impl//org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304) at org.apache.cxf.impl//org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217) at javax.servlet.api@2.0.0.Final-redhat-00001//javax.servlet.http.HttpServlet.service(HttpServlet.java:523) at org.jboss.ws.cxf.jbossws-cxf-server@5.4.8.Final-redhat-00001//org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136) at org.jboss.ws.spi@3.4.0.Final-redhat-00001//org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) at javax.servlet.api@2.0.0.Final-redhat-00001//javax.servlet.http.HttpServlet.service(HttpServlet.java:590) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) at org.wildfly.extension.undertow@7.4.11.GA-redhat-00002//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52) at io.undertow.core@2.2.24.SP1-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow@7.4.11.GA-redhat-00002//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1555) at org.wildfly.extension.undertow@7.4.11.GA-redhat-00002//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1555) at org.wildfly.extension.undertow@7.4.11.GA-redhat-00002//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1555) at org.wildfly.extension.undertow@7.4.11.GA-redhat-00002//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1555) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79) at io.undertow.servlet@2.2.24.SP1-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100) at io.undertow.core@2.2.24.SP1-redhat-00001//io.undertow.server.Connectors.executeRootHandler(Connectors.java:393) at io.undertow.core@2.2.24.SP1-redhat-00001//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at org.jboss.xnio@3.8.9.Final-redhat-00001//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282) at java.base/java.lang.Thread.run(Thread.java:833) Caused by: java.lang.NullPointerException: Cannot invoke "org.wildfly.security.credential.PasswordCredential.getPassword(java.lang.Class)" because the return value of "org.wildfly.security.auth.server.RealmIdentity.getCredential(java.lang.Class)" is null at org.jboss.ws.cxf.jbossws-cxf-server@5.4.8.Final-redhat-00001//org.jboss.wsf.stack.cxf.security.authentication.SubjectCreator.createSubject(SubjectCreator.java:178) at org.jboss.ws.cxf.jbossws-cxf-server@5.4.8.Final-redhat-00001//org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:129) ... 41 more
Is elytron supported in ws-security? And above is a proper way to configure ws-security in JBoss?
Thank you for your help.
Responses