-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
7u80
Submitter has an OSB Proxy secured using the OWSM policy
"oracle/wss11_kerberos_token_with_message_protection_basic128_service_policy".
Accessing the Proxy works fine under
JDK 1.7.0_21 but under JDK 1.7.0_80 it raises a NullPointerException:
java.lang.NullPointerException
at oracle.wsm.security.policy.scenario.processor.KerberosAuthenticator.<init>(Ker๐ berosAuthenticator.java:83)
at oracle.wsm.security.policy.scenario.processor.KerberosTokenProcessor.verify(Ke๐ rberosTokenProcessor.java:402)
at oracle.wsm.security.policy.scenario.executor.KerberosSecurityScenarioExecutor$1.run(KerberosSecurityScenarioExecutor.java:346)
at oracle.wsm.security.policy.scenario.executor.KerberosSecurityScenarioExecutor$1.run(KerberosSecurityScenarioExecutor.java:344)
at java.security.AccessController.doPrivileged(Native Method)
Submitter feels that this is related to a change made forJDK-8004488. This removes the following code lines from the commit method of the
Krb5LoginModule.
Krb5LoginModule.java (JDK 1.7.0_21)
1061: // Compatibility; also add keys to privCredSet
1062: for (KerberosKey key: ktab.getKeys(kerbClientPrinc)) {
1063: privCredSet.add(new Krb5Util.KeysFromKeyTab(key));
1064: }
"oracle/wss11_kerberos_token_with_message_protection_basic128_service_policy".
Accessing the Proxy works fine under
JDK 1.7.0_21 but under JDK 1.7.0_80 it raises a NullPointerException:
java.lang.NullPointerException
at oracle.wsm.security.policy.scenario.processor.KerberosAuthenticator.<init>(Ker๐ berosAuthenticator.java:83)
at oracle.wsm.security.policy.scenario.processor.KerberosTokenProcessor.verify(Ke๐ rberosTokenProcessor.java:402)
at oracle.wsm.security.policy.scenario.executor.KerberosSecurityScenarioExecutor$1.run(KerberosSecurityScenarioExecutor.java:346)
at oracle.wsm.security.policy.scenario.executor.KerberosSecurityScenarioExecutor$1.run(KerberosSecurityScenarioExecutor.java:344)
at java.security.AccessController.doPrivileged(Native Method)
Submitter feels that this is related to a change made for
Krb5LoginModule.
Krb5LoginModule.java (JDK 1.7.0_21)
1061: // Compatibility; also add keys to privCredSet
1062: for (KerberosKey key: ktab.getKeys(kerbClientPrinc)) {
1063: privCredSet.add(new Krb5Util.KeysFromKeyTab(key));
1064: }
- relates to
-
JDK-8004488 wrong permissions checked in krb5
- Closed