wildfly-security / elytron-web Goto Github PK

@pedroigor , commit [1] introduced occurence of OutOfMemoryError. Could you have a look, what could be a problem, please? For example On IBM java ClientCertAuthenticationTest could not be run until -Xmx1024 is configured in surefire plugin.

Is just setting enough of memory (let say -Xmx1024) proper solution here? And high memory consumption is just caused by 2 Undertow server started inside TS.

Or could be code somehow optimized? Could you review if committed changes are all right?

[1] 21e2241

org.wildfly.elytron.web.undertow.server.FormAuthenticationWithSessionReplicationTest-output.txt
org.wildfly.elytron.web.undertow.server.FormAuthenticationWithSessionReplicationTest.txt

org.wildfly.elytron.web.undertow.server.FormAuthenticationWithClusteredSSOTest-output.txt
org.wildfly.elytron.web.undertow.server.FormAuthenticationWithClusteredSSOTest.txt

Initial build is just Undertow focussed but at some point project will become multi-module.

Add a test for ClientCert - also any API/SPI adjustments required to achieve it.

We need to cover two modes:
-Authentication during SSL negotiation
-Authentication in the mechanism only.

FormAuthenticationWithSessionReplicationTest is currently ignored.
Once enabled I get test failure
FormAuthenticationWithSessionReplicationTest.testSessionInvalidation:115->AbstractHttpServerMechanismTest.assertSuccessfulResponse:82 expected:<1> but was:<0>

@pferraro ^^^

i.e. The login method of the SecurityContext API

java.security.NoSuchAlgorithmException: SunX509 TrustManagerFactory not available

It is probably enough to replace static algorithm specification with *ManagerFactory.getDefaultAlgorithm(). Will send PR in minute.

This can then be used for scenarios such as servlet run as handling where the SecurityIdentity needs a change of roles.

Running testsuite
mvn clean test -Dtest=FormAuthenticationWithClusteredSSOTest -Dmaven.test.redirectTestOutputToFile=false

There are 2 WARN log message at the end of log. However that does not cause tests failure.

09:50:37,997 WARN [org.wildfly.security] (XNIO-19 task-2) ELY06008: Failed to logout participant [http://localhost:7778/7778]: java.net.ConnectException: Connection refused

@pferraro ^^

During testsuite run
mvn clean test -Dmaven.test.redirectTestOutputToFile=false

there occures a lot of error messages:
ELY06013: Failed to invalidate local session: java.lang.IllegalStateException: ELY06012: Invalid logout message received for local session [MGgAaDPABGTDlU343a1FE8ophkLtEB8r7Gz16bPI]

@pferraro ^^

I wonder if it is possible to avoid use of Undertow API marked as deprecated.

If I try to build
[mchoma@localhost elytron-web]$ mvn test

I get:

• [WARNING] /elytron-web/undertow/src/main/java/org/wildfly/elytron/web/undertow/server/SecurityContextImpl.java:[101,28] getIdentityManager() in io.undertow.security.api.SecurityContext has been deprecated
• [WARNING] /elytron-web/undertow/src/main/java/org/wildfly/elytron/web/undertow/server/SecurityContextImpl.java:[93,42] getAuthenticationMechanisms() in io.undertow.security.api.SecurityContext has been deprecated
• [WARNING] /elytron-web/undertow/src/main/java/org/wildfly/elytron/web/undertow/server/SecurityContextImpl.java:[85,17] addAuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) in io.undertow.security.api.SecurityContext has been deprecated
• [WARNING] /elytron-web/undertow/src/main/java/org/wildfly/elytron/web/undertow/server/SecurityContextImpl.java:[67,21] setResponseCode(int) in io.undertow.server.HttpServerExchange has been deprecated
• [WARNING] /elytron-web/undertow/src/test/java/org/wildfly/elytron/web/undertow/server/DefaultServer.java:[141,32] ENABLE_CONNECTOR_STATISTICS in io.undertow.UndertowOptions has been deprecated

Running TS with java 9 there is error:
06:28:32,389 SEVERE [org.jgroups.blocks.RequestCorrelator] (remote-thread-c7f0b65b-9422-416a-be64-2f52f27391fb-p2-t1) JGRP000178: failed marshalling rsp (SuccessfulResponse{responseValue=StatusResponse{cacheJoinInfo=null, cacheTopology=CacheTopology{id=2, rebalanceId=2, currentCH=ReplicatedConsistentHash{ns = 256, owners = (1)[c7f0b65b-9422-416a-be64-2f52f27391fb-58994: 256]}, pendingCH=ReplicatedConsistentHash{ns = 256, owners = (2)[c7f0b65b-9422-416a-be64-2f52f27391fb-58994: 134, d80ec1f7-7b9f-4fcf-bf60-66e80e6f3cce-52682: 122]}, unionCH=null, actualMembers=[c7f0b65b-9422-416a-be64-2f52f27391fb-58994, d80ec1f7-7b9f-4fcf-bf60-66e80e6f3cce-52682]}, stableTopology=CacheTopology{id=1, rebalanceId=1, currentCH=ReplicatedConsistentHash{ns = 256, owners = (1)[c7f0b65b-9422-416a-be64-2f52f27391fb-58994: 256]}, pendingCH=null, unionCH=null, actualMembers=[c7f0b65b-9422-416a-be64-2f52f27391fb-58994]}}} ): java.lang.NoClassDefFoundError: Could not initialize class org.jboss.marshalling.reflect.SerializableClass

If a request comes in for a folder that contains a welcome page Undertow will automatically serve the welcome page to the user, to achieve this the welcome page is resolved internally.

The FORM authentication mechanism is mistakenly sending the resolved address instead of the original request received from the client in the redirect.