[JBoss JIRA] (WFLY-7842) Security-Realm Authorization over LDAP doesn't permit multiple Attribute names as filter.
by Daniel Draper (JIRA)
Daniel Draper created WFLY-7842:
-----------------------------------
Summary: Security-Realm Authorization over LDAP doesn't permit multiple Attribute names as filter.
Key: WFLY-7842
URL: https://issues.jboss.org/browse/WFLY-7842
Project: WildFly
Issue Type: Bug
Environment: CentOS release 6.8 (Final)
JBoss Admin Command-line Interface
JBOSS_HOME: /opt/wildfly/10.1.0
JBoss AS release: 2.2.0.Final "Kenny"
JBoss AS product: WildFly Full 10.1.0.Final
JAVA_HOME: null
java.version: 1.8.0_40
java.vm.vendor: Oracle Corporation
java.vm.version: 25.40-b25
os.name: Linux
os.version: 4.6.3-1.el6.elrepo.x86_64
Reporter: Daniel Draper
Assignee: Jason Greene
When hooking up our Wildfly Application to our SSO (CAS) for authentication and delegating Authorization to a Security Realm and then using LDAP we ran into the following problem:
*Use Case*
We want to use authorization inside a Security-Realm through LDAP.
In our LDAP setup we have a Group-To-Principal matching of the form "_member=uid=x" OR "submember=uid=x_" depending on if the user was added manually or through an autodomain.
Unfortunately as far as we could tell using two attributes in the Polish Notation (as is required by [LDAP|https://ldapwiki.com/wiki/LDAP%20filters%20Syntax%20and%20Choices]) seems to be impossible for the wildfly configuration. We tried the following in the standalone-accounting.xml (in different iterations and ways to place the parenthesis) which all lead to an 'unbalanced Parenthesis' or similar error when starting up wildfly.
{code:xml}
<management>
<security-realms>
<security-realm name="bla">
<authorization>
<ldap connection="ldap">
<username-to-dn>
<username-is-dn/>
</username-to-dn>
<group-search group-name="SIMPLE" iterative="false" group-dn-attribute="cn" group-name-attribute="cn">
<group-to-principal search-by="SIMPLE" base-dn="ou=roles,***" recursive="false">
<membership-filter principal-attribute="|(submember=uid={0})(member=uid={0})"/>
</group-to-principal>
</group-search>
</ldap>
</authorization>
</security-realm>
</security-realms>
</management>
{code}
We then found the filterString is parsed the following way: (See [LdapGroupSearcherFactory#L115|https://github.com/wildfly/wildfly-core/blo...])
{code:java}
this.filterString = String.format("(%s={0})", principalAttribute);
{code}
which seems to make multiple attribute names as a filter impossible, which makes our use case as above impossible.
Asked in [Forums|https://developer.jboss.org/thread/273435], but since I didn't get any answers for 3 weeks opening here.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 9 months
[JBoss JIRA] (WFLY-7841) ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
by Tomas Remes (JIRA)
[ https://issues.jboss.org/browse/WFLY-7841?page=com.atlassian.jira.plugin.... ]
Tomas Remes commented on WFLY-7841:
-----------------------------------
[~tibor17] Can you please provide simple reproducer and exception stacktrace?
> ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
> ---------------------------------------------------------------------------------------------------------
>
> Key: WFLY-7841
> URL: https://issues.jboss.org/browse/WFLY-7841
> Project: WildFly
> Issue Type: Bug
> Components: CDI / Weld
> Affects Versions: 10.0.0.Final
> Reporter: Tibor Digana
> Assignee: Stuart Douglas
>
> The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService#scheduleAtFixedRate()_.
> The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
> I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
> * _@ApplicationScoped_ job instance was passed to executor from caller.
> * The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_ created the Job bean instance and then I called _scheduleAtFixedRate(job, 5, 60, SECONDS)_
> It looks to me that _javax.enterprise.concurrent_ has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 9 months
[JBoss JIRA] (WFLY-7841) ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
by Tibor Digana (JIRA)
[ https://issues.jboss.org/browse/WFLY-7841?page=com.atlassian.jira.plugin.... ]
Tibor Digana updated WFLY-7841:
-------------------------------
Description:
The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService#scheduleAtFixedRate()_.
The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
* _@ApplicationScoped_ job instance was passed to executor from caller.
* The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_ created the Job bean instance and then I called _scheduleAtFixedRate(job, 5, 60, SECONDS)_
It looks to me that _javax.enterprise.concurrent_ has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
was:
The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService_.
The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
* _@ApplicationScoped_ job instance was passed to executor from caller.
* The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_ created the Job bean instance
It looks to me that javax.enterprise.concurrent has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
> ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
> ---------------------------------------------------------------------------------------------------------
>
> Key: WFLY-7841
> URL: https://issues.jboss.org/browse/WFLY-7841
> Project: WildFly
> Issue Type: Bug
> Components: CDI / Weld
> Affects Versions: 10.0.0.Final
> Reporter: Tibor Digana
> Assignee: Stuart Douglas
>
> The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService#scheduleAtFixedRate()_.
> The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
> I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
> * _@ApplicationScoped_ job instance was passed to executor from caller.
> * The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_ created the Job bean instance and then I called _scheduleAtFixedRate(job, 5, 60, SECONDS)_
> It looks to me that _javax.enterprise.concurrent_ has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 9 months
[JBoss JIRA] (WFLY-7841) ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
by Tibor Digana (JIRA)
[ https://issues.jboss.org/browse/WFLY-7841?page=com.atlassian.jira.plugin.... ]
Tibor Digana updated WFLY-7841:
-------------------------------
Description:
The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService_.
The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
* _@ApplicationScoped_ job instance was passed to executor from caller.
* The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_ created the Job bean instance
It looks to me that javax.enterprise.concurrent has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
was:
The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService_.
The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
* _@ApplicationScoped_ job instance was passed to executor from caller.
* The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_
It looks to me that javax.enterprise.concurrent has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
> ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
> ---------------------------------------------------------------------------------------------------------
>
> Key: WFLY-7841
> URL: https://issues.jboss.org/browse/WFLY-7841
> Project: WildFly
> Issue Type: Bug
> Components: CDI / Weld
> Affects Versions: 10.0.0.Final
> Reporter: Tibor Digana
> Assignee: Stuart Douglas
>
> The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService_.
> The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
> I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
> * _@ApplicationScoped_ job instance was passed to executor from caller.
> * The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_ created the Job bean instance
> It looks to me that javax.enterprise.concurrent has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 9 months
[JBoss JIRA] (WFLY-7841) ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
by Tibor Digana (JIRA)
Tibor Digana created WFLY-7841:
----------------------------------
Summary: ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
Key: WFLY-7841
URL: https://issues.jboss.org/browse/WFLY-7841
Project: WildFly
Issue Type: Bug
Components: CDI / Weld
Affects Versions: 10.0.0.Final
Reporter: Tibor Digana
Assignee: Stuart Douglas
The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService_.
The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
I tried to schedule executing the job in two way and both finished with same issue (No managed context in _EntityManager_) :
* _@ApplicationScoped_ job instance was passed to executor from caller.
* The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_
It looks to me that javax.enterprise.concurrent has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 9 months
[JBoss JIRA] (WFLY-7841) ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
by Tibor Digana (JIRA)
[ https://issues.jboss.org/browse/WFLY-7841?page=com.atlassian.jira.plugin.... ]
Tibor Digana updated WFLY-7841:
-------------------------------
Description:
The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService_.
The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
* _@ApplicationScoped_ job instance was passed to executor from caller.
* The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_
It looks to me that javax.enterprise.concurrent has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
was:
The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService_.
The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
I tried to schedule executing the job in two way and both finished with same issue (No managed context in _EntityManager_) :
* _@ApplicationScoped_ job instance was passed to executor from caller.
* The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_
It looks to me that javax.enterprise.concurrent has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
> ManagedScheduledExecutorService could not find EntityManager produced by CDI producer. No active context.
> ---------------------------------------------------------------------------------------------------------
>
> Key: WFLY-7841
> URL: https://issues.jboss.org/browse/WFLY-7841
> Project: WildFly
> Issue Type: Bug
> Components: CDI / Weld
> Affects Versions: 10.0.0.Final
> Reporter: Tibor Digana
> Assignee: Stuart Douglas
>
> The problem is that _EntityManager_ does not have managed delegate within a job executed by _ManagedScheduledExecutorService_.
> The _EntityManager_ is produced by CDI producer and entire web application is able to work with injected _EntityManager_ except for the jobs.
> I tried to schedule executing the job in two ways and both finished with same issue (No managed context in _EntityManager_) :
> * _@ApplicationScoped_ job instance was passed to executor from caller.
> * The job was changed to _RequestScoped_ and _ContextProxy#createContextualProxy()_
> It looks to me that javax.enterprise.concurrent has a different _BeanManager_ and therefore has no notion about my CDI Producer of _EntityManager_. The producer is regular producer of _EntityManager_ in JavaEE.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 9 months
[JBoss JIRA] (WFLY-7778) Remoting identity propagation does not work with Elytron
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFLY-7778?page=com.atlassian.jira.plugin.... ]
Jan Kalina updated WFLY-7778:
-----------------------------
Steps to Reproduce:
Tests: (after modification to use Elytron instead of legacy subystem: https://github.com/wildfly-security-incubator/wildfly/pull/56 )
org.jboss.as.test.integration.ejb.security.testAuthentication()
org.jboss.as.test.integration.ejb.security.testAuthentication_BadPwd()
org.jboss.as.test.integration.ejb.security.testAuthentication_TwoBeans()
org.jboss.as.test.integration.ejb.security.testAuthentication_TwoBeans_ReAuth_BadPwd()
(and a lot of other, most of tests using EJB)
was:
Tests: (after modification to use Elytron instead of legacy subystem)
org.jboss.as.test.integration.ejb.security.testAuthentication()
org.jboss.as.test.integration.ejb.security.testAuthentication_BadPwd()
org.jboss.as.test.integration.ejb.security.testAuthentication_TwoBeans()
org.jboss.as.test.integration.ejb.security.testAuthentication_TwoBeans_ReAuth_BadPwd()
(and a lot of other, most of tests using EJB)
> Remoting identity propagation does not work with Elytron
> --------------------------------------------------------
>
> Key: WFLY-7778
> URL: https://issues.jboss.org/browse/WFLY-7778
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Critical
>
> Even througth succesful obtaining LoginContext, identity is not propagated in EJB call.
> Identity is unauthorized on server side.
> *Remoting does not work because it is not implemented yet* - this issue created primary for tests ignore issue reference.
> Often error message:
> {code:java}
> SaslException: Authentication failed: all available authentication mechanisms failed:
> JBOSS-LOCAL-USER: Server rejected authentication
> DIGEST-MD5: Server rejected authentication]
> at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:110)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 9 months
[JBoss JIRA] (JGRP-2078) NPE in Ipv6 Solaris 10 test
by Bogdan Sikora (JIRA)
[ https://issues.jboss.org/browse/JGRP-2078?page=com.atlassian.jira.plugin.... ]
Bogdan Sikora commented on JGRP-2078:
-------------------------------------
[~rachmato] Sorry for the delay... I've been looking at this and it looks like some really rare issue that hasn't been seen since 7.0.0. You can close this issue and i`ll reopen it with closer info if there will be any further cases.
> NPE in Ipv6 Solaris 10 test
> ---------------------------
>
> Key: JGRP-2078
> URL: https://issues.jboss.org/browse/JGRP-2078
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.6.8
> Reporter: Bogdan Sikora
> Assignee: Bela Ban
>
> {noformat}
> 2016-06-08 05:49:40,139 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-8) ISPN000079: Channel ejb local address is jboss-eap-7.0, physical addresses are [2620:52:0:105f:0:0:ffff:51%2:55200]
> 2016-06-08 05:49:40,139 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-5) ISPN000079: Channel server local address is jboss-eap-7.0, physical addresses are [2620:52:0:105f:0:0:ffff:51%2:55200]
> 2016-06-08 05:49:40,139 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-6) ISPN000079: Channel hibernate local address is jboss-eap-7.0, physical addresses are [2620:52:0:105f:0:0:ffff:51%2:55200]
> 2016-06-08 05:49:40,139 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-7) ISPN000079: Channel web local address is jboss-eap-7.0, physical addresses are [2620:52:0:105f:0:0:ffff:51%2:55200]
> {noformat}
> {noformat}
> 2016-06-08 05:50:01,589 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0002: Started clusterbench.war cache from web container
> 2016-06-08 05:50:01,625 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started routing cache from web container
> 2016-06-08 05:50:02,894 ERROR [org.jgroups.protocols.UNICAST3] (thread-2,ee,jboss-eap-7.0) JGRP000043: jboss-eap-7.0: failed handling event: java.lang.NullPointerException
> 2016-06-08 05:50:03,379 ERROR [org.jgroups.protocols.UNICAST3] (thread-2,ee,jboss-eap-7.0) JGRP000043: jboss-eap-7.0: failed handling event: java.lang.NullPointerException
> 2016-06-08 05:50:03,878 ERROR [org.jgroups.protocols.UNICAST3] (thread-1,ee,jboss-eap-7.0) JGRP000043: jboss-eap-7.0: failed handling event: java.lang.NullPointerException
> ...
> {noformat}
> https://paste.fedoraproject.org/376166/65389534/
> Config
> https://paste.fedoraproject.org/376150/
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 9 months