February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2259) Setting JBOSS_MODULEPATH is lost for second start of embed-server

by Panagiotis Sotiropoulos (JIRA)

Panagiotis Sotiropoulos created WFCORE-2259: ----------------------------------------------- Summary: Setting JBOSS_MODULEPATH is lost for second start of embed-server Key: WFCORE-2259 URL: https://issues.jboss.org/browse/WFCORE-2259 Project: WildFly Core Issue Type: Bug Components: CLI, Server Reporter: Panagiotis Sotiropoulos Assignee: Brian Stansberry Priority: Critical Fix For: 3.0.0.Alpha23 When {{embed-server}} command is used more times in the CLI and a custom {{JBOSS_MODULEPATH}} is configured, then only the first server start uses the correct module path. The subsequent `embed-server` call results in error: {code} Cannot start embedded server: WFLYEMB0022: Cannot invoke 'start' on embedded process: WFLYSRV0118: Determined modules directory does not exist: /tmp/jboss-eap-7.0-no-modules/modules {code} Using the {{JBOSS_MODULEPATH}} environment variable is documented in https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2259) Setting JBOSS_MODULEPATH is lost for second start of embed-server

by Panagiotis Sotiropoulos (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2259?page=com.atlassian.jira.plugi... ] Panagiotis Sotiropoulos updated WFCORE-2259: -------------------------------------------- Fix Version/s: (was: 3.0.0.Alpha23) > Setting JBOSS_MODULEPATH is lost for second start of embed-server > ----------------------------------------------------------------- > > Key: WFCORE-2259 > URL: https://issues.jboss.org/browse/WFCORE-2259 > Project: WildFly Core > Issue Type: Bug > Components: CLI, Server > Reporter: Panagiotis Sotiropoulos > Assignee: Brian Stansberry > Priority: Critical > > When {{embed-server}} command is used more times in the CLI and a custom {{JBOSS_MODULEPATH}} is configured, then only the first server start uses the correct module path. > The subsequent `embed-server` call results in error: > {code} > Cannot start embedded server: WFLYEMB0022: Cannot invoke 'start' on embedded process: WFLYSRV0118: Determined modules directory does not exist: /tmp/jboss-eap-7.0-no-modules/modules > {code} > Using the {{JBOSS_MODULEPATH}} environment variable is documented in https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6573) Allow Vault encrypted strings to be updated without a restart

by Lei Yu (JIRA)

[ https://issues.jboss.org/browse/WFLY-6573?page=com.atlassian.jira.plugin.... ] Lei Yu commented on WFLY-6573: ------------------------------ Customer Allianz Managed Operations & Services SE would like this feature to be implemented. > Allow Vault encrypted strings to be updated without a restart > ------------------------------------------------------------- > > Key: WFLY-6573 > URL: https://issues.jboss.org/browse/WFLY-6573 > Project: WildFly > Issue Type: Feature Request > Components: Security > Affects Versions: 10.0.0.Final > Reporter: Brad Maxwell > Assignee: Darran Lofthouse > > When a new vault string is created the affected servers in the domain have to be restarted before the encrypted value is applied. This makes it difficult to test a new configuration in CLI. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-901) Credential Store doesn't support set create.storage true/false

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/ELY-901?page=com.atlassian.jira.plugin.sy... ] Hynek Švábek closed ELY-901. ---------------------------- Resolution: Duplicate Issue > Credential Store doesn't support set create.storage true/false > -------------------------------------------------------------- > > Key: ELY-901 > URL: https://issues.jboss.org/browse/ELY-901 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Assignee: Peter Skopek > > Credential Store doesn't support set create.storage true/false. > Earlier we were able to set create.storage to true/false. > I can see problem in this scenario: > * I want to create new CS with path to existing CS file > * I fill wrong path > * Everything pass > But I want to use my CS file, not to create new one. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7920) There isn't possibility disable create CS file from scratch

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-7920?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-7920: ------------------------------- Description: There isn't possibility to disable create CS file from scratch. Earlier we were able to set create.storage to true/false. I can see problem in this scenario: * I want to create new CS with path to existing CS file * I fill wrong path * Everything pass But I want to use my CS file, not to create new one. was:There isn't possibility to disable create CS file from scratch. > There isn't possibility disable create CS file from scratch > ----------------------------------------------------------- > > Key: WFLY-7920 > URL: https://issues.jboss.org/browse/WFLY-7920 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > Priority: Blocker > > There isn't possibility to disable create CS file from scratch. > Earlier we were able to set create.storage to true/false. > I can see problem in this scenario: > * I want to create new CS with path to existing CS file > * I fill wrong path > * Everything pass > But I want to use my CS file, not to create new one. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2258) 500 return for nonexistent user in legacy ldap security realm

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2258?page=com.atlassian.jira.plugi... ] Martin Choma updated WFCORE-2258: --------------------------------- Labels: regression (was: eap71_alpha regression) > 500 return for nonexistent user in legacy ldap security realm > ------------------------------------------------------------- > > Key: WFCORE-2258 > URL: https://issues.jboss.org/browse/WFCORE-2258 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: regression > > In case of securing management interface with ldap in security realm. When nonexistent user is provided, wildfly answers with {{500}} http status code. It is different behaviour compared to wildfly 10.1, which returns {{401}}. I think http status code {{401}} is proper in this situation, because it is client fault (e.g. typo in username) and can be repaired on client side. > {code:title=server.log} > 10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling MechanismInformationCallback > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling AvailableRealmsCallback: realms = [ldap-realm] > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback: selected = [ldap-realm] > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback: authenticationName = anil > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil], pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm rewritten: [anil] > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non caching search for 'anil' > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Performing single level search > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Searching for user 'anil' using filter '(uid={0})'. > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore}) > 10:49:18,749 WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored > 10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User 'anil' not found in directory. > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2258) 500 return for nonexistent user in legacy ldap security realm

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2258?page=com.atlassian.jira.plugi... ] Martin Choma updated WFCORE-2258: --------------------------------- Description: In case of securing management interface with ldap in security realm. When nonexistent user is provided, wildfly answers with {{500}} http status code. It is different behaviour compared to wildfly 10.1, which returns {{401}}. I think http status code {{401}} is proper in this situation, because it is client fault (e.g. typo in username) and can be repaired on client side. {code:title=server.log} 10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling MechanismInformationCallback 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling AvailableRealmsCallback: realms = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback: selected = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback: authenticationName = anil 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil], pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm rewritten: [anil] 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non caching search for 'anil' 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Performing single level search 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Searching for user 'anil' using filter '(uid={0})'. 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore}) 10:49:18,749 WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored 10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User 'anil' not found in directory. {code} was: In case of securing management interface with ldap in security realm. When nonexistent user is provided, EAP answers with {{500}} http status code. It is different behaviour compared to wildfly 10.1, which returns {{401}}. I think http status code {{401}} is proper in this situation, because it is client fault (e.g. typo in username) and can be repaired on client side. {code:title=server.log} 10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling MechanismInformationCallback 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling AvailableRealmsCallback: realms = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback: selected = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback: authenticationName = anil 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil], pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm rewritten: [anil] 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non caching search for 'anil' 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Performing single level search 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Searching for user 'anil' using filter '(uid={0})'. 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore}) 10:49:18,749 WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored 10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User 'anil' not found in directory. {code} > 500 return for nonexistent user in legacy ldap security realm > ------------------------------------------------------------- > > Key: WFCORE-2258 > URL: https://issues.jboss.org/browse/WFCORE-2258 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: eap71_alpha, regression > > In case of securing management interface with ldap in security realm. When nonexistent user is provided, wildfly answers with {{500}} http status code. It is different behaviour compared to wildfly 10.1, which returns {{401}}. I think http status code {{401}} is proper in this situation, because it is client fault (e.g. typo in username) and can be repaired on client side. > {code:title=server.log} > 10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling MechanismInformationCallback > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling AvailableRealmsCallback: realms = [ldap-realm] > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback: selected = [ldap-realm] > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback: authenticationName = anil > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil], pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm rewritten: [anil] > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non caching search for 'anil' > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Performing single level search > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Searching for user 'anil' using filter '(uid={0})'. > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore}) > 10:49:18,749 WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored > 10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User 'anil' not found in directory. > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2258) 500 return for nonexistent user in legacy ldap security realm

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2258?page=com.atlassian.jira.plugi... ] Martin Choma updated WFCORE-2258: --------------------------------- Description: In case of securing management interface with ldap in security realm. When nonexistent user is provided, EAP answers with {{500}} http status code. It is different behaviour compared to wildfly 10.1, which returns {{401}}. I think http status code {{401}} is proper in this situation, because it is client fault (e.g. typo in username) and can be repaired on client side. {code:title=server.log} 10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling MechanismInformationCallback 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling AvailableRealmsCallback: realms = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback: selected = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback: authenticationName = anil 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil], pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm rewritten: [anil] 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non caching search for 'anil' 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Performing single level search 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Searching for user 'anil' using filter '(uid={0})'. 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore}) 10:49:18,749 WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored 10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User 'anil' not found in directory. {code} was: In case of securing management interface with ldap in security realm. When nonexistent user is provided, EAP answers with {{500}} http status code. It is different behaviour compared to EAP 7.0, which returns {{401}}. I think http status code {{401}} is proper in this situation, because it is client fault (e.g. typo in username) and can be repaired on client side. {code:title=server.log} 10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling MechanismInformationCallback 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling AvailableRealmsCallback: realms = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback: selected = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback: authenticationName = anil 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil], pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm rewritten: [anil] 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non caching search for 'anil' 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Performing single level search 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Searching for user 'anil' using filter '(uid={0})'. 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore}) 10:49:18,749 WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored 10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User 'anil' not found in directory. {code} > 500 return for nonexistent user in legacy ldap security realm > ------------------------------------------------------------- > > Key: WFCORE-2258 > URL: https://issues.jboss.org/browse/WFCORE-2258 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: eap71_alpha, regression > > In case of securing management interface with ldap in security realm. When nonexistent user is provided, EAP answers with {{500}} http status code. It is different behaviour compared to wildfly 10.1, which returns {{401}}. I think http status code {{401}} is proper in this situation, because it is client fault (e.g. typo in username) and can be repaired on client side. > {code:title=server.log} > 10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling MechanismInformationCallback > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling AvailableRealmsCallback: realms = [ldap-realm] > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback: selected = [ldap-realm] > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback: authenticationName = anil > 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil], pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm rewritten: [anil] > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non caching search for 'anil' > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Performing single level search > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Searching for user 'anil' using filter '(uid={0})'. > 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore}) > 10:49:18,749 WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored > 10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User 'anil' not found in directory. > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2257) Missing username in LDAP entry for legacy ldap realm returns 500 instead of 401

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2257?page=com.atlassian.jira.plugi... ] Ondrej Lukas updated WFCORE-2257: --------------------------------- Description: In case when legacy LDAP Realm uses {{username-load}} attribute and its value does not exist in LDAP entry then current implementation returns status code 500. This is different behaviour from WildFly 10 where status code 401 is returned. This issue can be related to WFCORE-2258 (500 return for nonexistent user in legacy ldap security realm). was: In case when legacy LDAP Realm uses {{username-load}} attribute and its value does not exist in LDAP entry then current implementation returns status code 500. This is different behaviour from EAP 7.0.x where status code 401 is returned. This issue can be related to JBEAP-8106 (500 return for nonexistent user in legacy ldap security realm). [~dlofthouse] should it be handled as blocker due to regression or is this change intended and we should just cover this change only in release notes? > Missing username in LDAP entry for legacy ldap realm returns 500 instead of 401 > ------------------------------------------------------------------------------- > > Key: WFCORE-2257 > URL: https://issues.jboss.org/browse/WFCORE-2257 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > In case when legacy LDAP Realm uses {{username-load}} attribute and its value does not exist in LDAP entry then current implementation returns status code 500. This is different behaviour from WildFly 10 where status code 401 is returned. > This issue can be related to WFCORE-2258 (500 return for nonexistent user in legacy ldap security realm). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2258) 500 return for nonexistent user in legacy ldap security realm

by Martin Choma (JIRA)

Martin Choma created WFCORE-2258: ------------------------------------ Summary: 500 return for nonexistent user in legacy ldap security realm Key: WFCORE-2258 URL: https://issues.jboss.org/browse/WFCORE-2258 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Blocker In case of securing management interface with ldap in security realm. When nonexistent user is provided, EAP answers with {{500}} http status code. It is different behaviour compared to EAP 7.0, which returns {{401}}. I think http status code {{401}} is proper in this situation, because it is client fault (e.g. typo in username) and can be repaired on client side. {code:title=server.log} 10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling MechanismInformationCallback 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling AvailableRealmsCallback: realms = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback: selected = [ldap-realm] 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback: authenticationName = anil 10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil], pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm rewritten: [anil] 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non caching search for 'anil' 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Performing single level search 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Searching for user 'anil' using filter '(uid={0})'. 10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore}) 10:49:18,749 WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored 10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User 'anil' not found in directory. {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017