[ELY-1745] The AvailableRealmsCallback should not result in a NPE if …

…there is no mechanism configuration
wildfly-security · Mar 6, 2024 · 52a92a4 · 52a92a4
1 parent b80aa6a
commit 52a92a4
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 2 deletions.
diff --git a/...rver/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java b/...rver/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java
@@ -30,6 +30,7 @@
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
@@ -1083,7 +1084,8 @@ private void handleOne(final Callback[] callbacks, final int idx) throws IOExcep
                     ((SecurityIdentityCallback) callback).setSecurityIdentity(identity);
                     handleOne(callbacks, idx + 1);
                 } else if (callback instanceof AvailableRealmsCallback) {
-                    Collection<String> names = stateRef.get().getMechanismConfiguration().getMechanismRealmNames();
+                    MechanismConfiguration mechanismConfiguration = stateRef.get().getMechanismConfiguration();
+                    Collection<String> names = mechanismConfiguration != null ? mechanismConfiguration.getMechanismRealmNames() : Collections.emptyList();
                     if (log.isTraceEnabled()) {
                         log.tracef("Handling AvailableRealmsCallback: realms = [%s]", String.join(", ", names));
                     }
@@ -1403,7 +1405,7 @@ public InactiveState(SecurityIdentity capturedIdentity, MechanismConfigurationSe
         public InactiveState(SecurityIdentity capturedIdentity, MechanismConfigurationSelector mechanismConfigurationSelector,
                              MechanismInformation mechanismInformation, IdentityCredentials privateCredentials, IdentityCredentials publicCredentials, Attributes runtimeAttributes) {
             this.capturedIdentity = capturedIdentity;
-            this.mechanismConfigurationSelector = mechanismConfigurationSelector;
+            this.mechanismConfigurationSelector = mechanismConfigurationSelector != null ? mechanismConfigurationSelector : MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY);
             this.mechanismInformation = checkNotNullParam("mechanismInformation", mechanismInformation);
             this.privateCredentials = privateCredentials;
             this.publicCredentials = publicCredentials;

diff --git a/auth/server/base/src/test/java/org/wildfly/security/server/AvailableRealmsCallbackTest.java b/auth/server/base/src/test/java/org/wildfly/security/server/AvailableRealmsCallbackTest.java
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2023 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.wildfly.security.server;
+
+import org.junit.Test;
+import org.wildfly.security.auth.server.MechanismConfiguration;
+import org.wildfly.security.auth.server.MechanismConfigurationSelector;
+import org.wildfly.security.auth.server.RealmUnavailableException;
+import org.wildfly.security.auth.server.SecurityDomain;
+import org.wildfly.security.auth.server.ServerAuthenticationContext;
+
+import java.io.IOException;
+
+public class AvailableRealmsCallbackTest {
+
+    @Test
+    public void testNullMechanismConfigurationSelector() throws RealmUnavailableException {
+        SecurityDomain securityDomain = SecurityDomain.builder().build();
+        ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext(null);
+        sac.setAuthenticationName("user");
+    }
+
+    @Test
+    public void testEmptyMechanismConfiguration() throws IOException {
+        SecurityDomain securityDomain = SecurityDomain.builder().build();
+        MechanismConfigurationSelector mechanismConfigurationSelector = MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY);
+        ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext(mechanismConfigurationSelector);
+        sac.setAuthenticationName("user");
+    }
+}
+