Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
0
Description
Suggested Release Note:
It is now possible to authenticate over secure connections even if the JVM does not support the SASL PLAIN authentication mechanisms.
The SDK relies on the JVM to provide an implementation of SaslClient that supports the PLAIN auth mechanism.
Some JVMs in certain security modes refuse to return a client for PLAIN. This leads to an exception during auth:
2023-01-04T14:06:39,301-08:00 WARN [com.couchbase.io:462] [com.couchbase.io][GenericFailureDetectedEvent] Detected Exception in IO Layer: Cannot invoke "javax.security.sasl.SaslClient.getMechanismName()" because "this.saslClient" is null, Cause: (none) {"coreId":"0xd7c5f54500000001","local":"/127.0.0.1:57006","remote":"127.0.0.1/127.0.0.1:11210"}java.lang.NullPointerException: Cannot invoke "javax.security.sasl.SaslClient.getMechanismName()" because "this.saslClient" is null at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.startAuthSequence(SaslAuthenticationHandler.java:201) ~[classes/:?] at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.channelActive(SaslAuthenticationHandler.java:188) ~[classes/:?]
|
To avoid this situation, we could provide our own SaslClient that implements PLAIN.
Attachments
Gerrit Reviews
For Gerrit Dashboard: JVMCBC-1181 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
184622,1 | JVMCBC-1181 Auth fails if TLS is enabled and Sasl.createSaslClient() does not support PLAIN | master | couchbase-jvm-clients | Status: NEW | 0 | +1 |
185810,3 | JVMCBC-1181 Auth fails if TLS is enabled and Sasl.createSaslClient() does not support PLAIN | master | couchbase-jvm-clients | Status: MERGED | +2 | +1 |