10:09 a.m.
[
https://issues.jboss.org/browse/ISPN-4669?page=com.atlassian.jira.plugin....
]
RH Bugzilla Integration commented on ISPN-4669:
-----------------------------------------------
Tristan Tarrant <ttarrant(a)redhat.com> changed the Status of [bug
1134085|https://bugzilla.redhat.com/show_bug.cgi?id=1134085] from NEW to POST
Loading LDAP roles fails when some principal hasn't LDAP record
---------------------------------------------------------------
Key: ISPN-4669
URL: https://issues.jboss.org/browse/ISPN-4669
Project: Infinispan
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Server
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
Fix For: 7.0.0.Beta2, 7.0.0.Final
In server mode, when loading the roles from LDAP (e.g. scenario GSSAPI authentization and
authorization is delegate to LDAP), it fails with following exception when some principal
(typically {{InetAddressPrincipal}}) hasn't a record in LDAP:
{noformat}
Caused by: java.lang.SecurityException: JDGS010022: Cannot retrieve authorization
information for user admin(a)INFINISPAN.ORG
at
org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider$GSSAPIEndpointAuthorizingCallbackHandler.getSubjectUserInfo(EndpointServerAuthenticationProvider.java:96)
[infinispan-server-endpoints-7.0.0-SNAPSHOT.
jar:7.0.0-SNAPSHOT]
at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:238)
[infinispan.jar:7.0.0-SNAPSHOT]
at
org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:152)
[infinispan.jar:7.0.0-SNAPSHOT]
at
org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:148)
[infinispan.jar:7.0.0-SNAPSHOT]
at
org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:96)
[infinispan.jar:7.0.0-SNAPSHOT]
... 14 more
Caused by: java.io.IOException: javax.naming.NamingException: JBAS015231: User
'127.0.0.1' not found in directory.
at
org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:171)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at
org.jboss.as.domain.management.security.SecurityRealmService$1.createSubjectUserInfo(SecurityRealmService.java:200)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at
org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider$GSSAPIEndpointAuthorizingCallbackHandler.getSubjectUserInfo(EndpointServerAuthenticationProvider.java:94)
[infinispan-server-endpoints-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
... 18 more
Caused by: javax.naming.NamingException: JBAS015231: User '127.0.0.1' not found
in directory.
at
org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:130)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at
org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:67)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at
org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:223)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at
org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:184)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at
org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:163)
[wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
... 20 more
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
4049
days inactive
4049
days old
infinispan-issues@lists.jboss.org
0 comments
1 participants
participants (1)
-
RH Bugzilla Integration (JIRA)