-
Bug
-
Resolution: Fixed
-
P4
-
None
-
6
-
x86
-
windows_xp
FULL PRODUCT VERSION :
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
The javax.security.auth.login.LoginContext class finds the login method of javax.security.auth.spi.LoginModule like this:
// find the requested method in the LoginModule
for (mIndex = 0; mIndex < methods.length; mIndex++) {
if (methods[mIndex].getName().equals(methodName))
break;
}
This does not work (or may not work) if the LoginModule implementation has different versions of login method. The code should also check the number and type of arguments and not assume that a method with the right name automatically has the right arguments.
The JAAS spec does not forbid login method overloading.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Implement a LoginModule with login method overloaded.
Implement a dummy CallbackHandler
Execute the following code:
LoginContext lc = new LoginContext("SessionComFactory.sessionSunSoap",
new SimpleCallbackHandler());
lc.login();
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
login method in the LoginModule should be called as long as the interface is correctly implemented.
ACTUAL -
java.lang.IllegalArgumentException: wrong number of arguments
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at alu.osp.io.test.JaasTestSoap.testLoginWithWrongCallbackHandler(JaasTestSoap.java:59)
REPRODUCIBILITY :
This bug can be reproduced often.
---------- BEGIN SOURCE ----------
// test class:
package test;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
public class Test {
public static void main(String[] args) throws LoginException {
System.setProperty("java.security.auth.login.config", "src/test/jaas.config");
LoginContext lc = new LoginContext("test", new test.SimpleCallbackHandler());
lc.login();
}
}
///////////////////////////////////////////////////////////
//callback:
package test;
import java.io.IOException;
import javax.security.auth.callback.*;
public class SimpleCallbackHandler implements CallbackHandler {
public SimpleCallbackHandler(){}
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
}
}
///////////////////////////////////////////////////////////
// module:
package test;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
public class TestLoginModule implements LoginModule {
public boolean abort() throws LoginException {
return true;
}
public boolean commit() throws LoginException {
return true;
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
}
public void login(String s){System.out.println(s);}
public void login(boolean s){System.out.println(s);}
public void login(int s){System.out.println(s);}
public boolean login() throws LoginException {
return true;
}
public boolean login(String a, String b, String c){
return false;
}
public void login(float s){System.out.println(s);}
public boolean logout() throws LoginException {
return true;
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
put overloaded methods in a class which inherits from the LoginModule implementation, rename the overloaded methods in the LoginModule implementation. Make the overloaded methods call the renamed methods.
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
The javax.security.auth.login.LoginContext class finds the login method of javax.security.auth.spi.LoginModule like this:
// find the requested method in the LoginModule
for (mIndex = 0; mIndex < methods.length; mIndex++) {
if (methods[mIndex].getName().equals(methodName))
break;
}
This does not work (or may not work) if the LoginModule implementation has different versions of login method. The code should also check the number and type of arguments and not assume that a method with the right name automatically has the right arguments.
The JAAS spec does not forbid login method overloading.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Implement a LoginModule with login method overloaded.
Implement a dummy CallbackHandler
Execute the following code:
LoginContext lc = new LoginContext("SessionComFactory.sessionSunSoap",
new SimpleCallbackHandler());
lc.login();
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
login method in the LoginModule should be called as long as the interface is correctly implemented.
ACTUAL -
java.lang.IllegalArgumentException: wrong number of arguments
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at alu.osp.io.test.JaasTestSoap.testLoginWithWrongCallbackHandler(JaasTestSoap.java:59)
REPRODUCIBILITY :
This bug can be reproduced often.
---------- BEGIN SOURCE ----------
// test class:
package test;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
public class Test {
public static void main(String[] args) throws LoginException {
System.setProperty("java.security.auth.login.config", "src/test/jaas.config");
LoginContext lc = new LoginContext("test", new test.SimpleCallbackHandler());
lc.login();
}
}
///////////////////////////////////////////////////////////
//callback:
package test;
import java.io.IOException;
import javax.security.auth.callback.*;
public class SimpleCallbackHandler implements CallbackHandler {
public SimpleCallbackHandler(){}
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
}
}
///////////////////////////////////////////////////////////
// module:
package test;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
public class TestLoginModule implements LoginModule {
public boolean abort() throws LoginException {
return true;
}
public boolean commit() throws LoginException {
return true;
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
}
public void login(String s){System.out.println(s);}
public void login(boolean s){System.out.println(s);}
public void login(int s){System.out.println(s);}
public boolean login() throws LoginException {
return true;
}
public boolean login(String a, String b, String c){
return false;
}
public void login(float s){System.out.println(s);}
public boolean logout() throws LoginException {
return true;
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
put overloaded methods in a class which inherits from the LoginModule implementation, rename the overloaded methods in the LoginModule implementation. Make the overloaded methods call the renamed methods.
- duplicates
-
JDK-8047789 auth.login.LoginContext needs to be updated to work with modules
-
- Closed
-