Custom authentication mechanism results in NPE on EAP for request URI containing special characters

Solution Unverified - Updated -

Issue

  • We've set up a custom authentication mechanism on JBoss EAP. This works fine unless the request contains some special characters like square brackets ([ or ]) in the request URI, in which case, we see a NullPointerException like below:
Raw
ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /http-custom-mechanism-webapp/secured/foobar[: java.lang.NullPointerException: Cannot invoke "java.net.URI.toString()" because the return value of "org.wildfly.security.http.HttpServerRequest.getRequestURI()" is null
    at org.wildfly.extension.elytron@21.0.10.Final-redhat-00001//org.wildfly.extension.elytron.HttpServerDefinitions.lambda$getRequestInformationHashMap$0(HttpServerDefinitions.java:257)
    at org.wildfly.security.elytron-base@2.2.6.Final-redhat-00001//org.wildfly.security.http.util.SetRequestInformationCallbackMechanismFactory$1.evaluateRequest(SetRequestInformationCallbackMechanismFactory.java:77)
    at org.wildfly.security.elytron-base@2.2.6.Final-redhat-00001//org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:85)
    at org.wildfly.security.elytron-base@2.2.6.Final-redhat-00001//org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:326)
    at org.wildfly.security.elytron-base@2.2.6.Final-redhat-00001//org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:296)
    at org.wildfly.security.elytron-base@2.2.6.Final-redhat-00001//org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:93)
    at org.wildfly.security.elytron-web.undertow-server@4.0.1.Final-redhat-00001//org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:107)
    at org.wildfly.security.elytron-web.undertow-server-servlet@4.0.1.Final-redhat-00001//org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl.authenticate(ServletSecurityContextImpl.java:117)
    at io.undertow.servlet@2.3.14.SP2-redhat-00001//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 7.x
    • 8.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content