NullPointerException in wildfly 21, can't get host address?
119 views
Skip to first unread message
Claudio Weiler
Apr 26, 2021, 1:11:26 PM4/26/21
to WildFly
There are changes introduced to ServerAutenticationContext, in this commit https://github.com/wildfly-security/wildfly-elytron/commit/052e0155aad5ec8000a829690b878feb92fa0c85#diff-1bf178017e7692c1cde7e5dfea3cd412987eae5be73487521d85c168f95b5ad2
Particularly, in new lines 1058-1060.
We have a setup that is throwing NPE on line 1059. It appears that the server can't get host address, but I'm not sure of this.
We have a setup that is throwing NPE on line 1059. It appears that the server can't get host address, but I'm not sure of this.
It works on Wildfly 17, as this lines do not exists, and, ind Wildfly 21, it works if the server is reached through internal LAN, but fails when server is reached through DMZ.
This is possible a bug? Or it is a wrong DMZ setup?
Farah Juma
Apr 26, 2021, 2:51:49 PM4/26/21
to WildFly
The changes introduced in that commit make it possible to make use of the IP address of the client that's connecting to the server to determine what roles should be assigned to the client.
The new lines (1058-1060) in ServerAuthenticationContext are used to inform the server of the client's IP address.
An NPE occurring on line 1059 would mean that the IP address of the client that's connecting to the server could not be determined.
I've created ELY-2120 to make sure that we avoid an NPE there if the client's IP address could not be determined.
Claudio Weiler
Apr 26, 2021, 3:00:59 PM4/26/21
to WildFly
Thanks Farah.
Additionally, this is probably because of missing X-Forwarded-For header?
Additionally, this is probably because of missing X-Forwarded-For header?
Farah Juma
Apr 26, 2021, 3:23:54 PM4/26/21
to WildFly
The HttpServerExchange#getSourceAddress method is what's used to determine the client's IP address and populate the value that will be returned by SocketAddressCallback.getAddress():
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/HttpServerExchange.java#L985-L995
I don't think that makes use of the X-Forwarded-For header.
Claudio Weiler
Apr 26, 2021, 4:49:53 PM4/26/21
to WildFly
Ok Farah,
I follow your reference to java.nio.channels.SocketChannel.getInetAddress(). It can return null, but I can't find any clues why.
I found this: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4720952, but it is already corrected on Java 8.
I found this: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4720952, but it is already corrected on Java 8.
I'm trying to figure out why our DMZ setup is raising this problem.
Thank you!
Reply all
Reply to author
Forward
0 new messages