[JBoss JIRA] (AS7-3077) security subsystem fails to add JASPI authentication configuration
by Ben Schofield (Created) (JIRA)
security subsystem fails to add JASPI authentication configuration
------------------------------------------------------------------
Key: AS7-3077
URL: https://issues.jboss.org/browse/AS7-3077
Project: Application Server 7
Issue Type: Bug
Components: Security
Affects Versions: 7.1.0.Beta1b
Reporter: Ben Schofield
Assignee: Anil Saldhana
Fix For: 7.1.0.CR1
The security subsystem is either not parsing the JASPI config or interpreting the resulting add operation correctly. The login-module-stack tag requires a name attribute. The parsed ModelNode does not reflect the attribute name of 'name' only the value. When org.jboss.as.security.SecurityDomainAdd.processJASPIAuth(...) is executed an exception is thrown when validating that 'name' exists. (stack.require(NAME).asString();) Below is an example config recreating the problem, the ModelNodes created from the config and the resulting exception. Attempts to add a child 'name' element to the configuration as a work around caused failures during parsing of the security subsystem.
h3.Example JASPI configuration consistent with jboss-as-security_1_1.xsd
<security-domain name="tutor-ldap">
<authentication-jaspi>
<login-module-stack name="ldap-stack" >
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="bindDN" value="uid=admin,ou=system"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="baseCtxDN" value="ou=users,ou=system"/>
<module-option name="baseFilter" value="(sn={0})"/>
<module-option name="rolesCtxDN" value="ou=groups,ou=system"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="roleAttributeIsDN" value="false"/>
<module-option name="java.naming.referral" value="follow"/>
<module-option name="roleRecursion" value="-1"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="allowEmptyPasswords" value="false"/>
</login-module>
</login-module-stack>
<auth-module code="org.jboss.as.web.security.jaspi.modules.HTTPFormServerAuthModule" login-module-stack-ref="ldap-stack">
</auth-module>
</authentication-jaspi>
</security-domain>
h3.Operations created during parsing of authentication-jaspi config
{
"operation" => "add",
"address" => [
("subsystem" => "security"),
("security-domain" => "tutor-ldap")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "security"),
("security-domain" => "tutor-ldap"),
("authentication" => "jaspi")
],
"auth-modules" => [{
"code" => "org.jboss.as.web.security.jaspi.modules.HTTPFormServerAuthModule",
"login-module-stack-ref" => "ldap-stack",
"module-options" => undefined
}]
}, {
"operation" => "add",
"address" => [
("subsystem" => "security"),
("security-domain" => "tutor-ldap"),
("authentication" => "jaspi"),
("login-module-stack" => "ldap-stack")
],
"login-modules" => [{
"code" => "LdapExtended",
"flag" => "required",
"module-options" => [
("java.naming.provider.url" => "ldap://localhost:10389"),
("bindDN" => "uid=admin,ou=system"),
("bindCredential" => "secret"),
("baseCtxDN" => "ou=users,ou=system"),
("baseFilter" => "(sn={0})"),
("rolesCtxDN" => "ou=groups,ou=system"),
("roleFilter" => "(member={1})"),
("roleAttributeID" => "cn"),
("roleAttributeIsDN" => "false"),
("java.naming.referral" => "follow"),
("roleRecursion" => "-1"),
("searchScope" => "SUBTREE_SCOPE"),
("java.naming.security.authentication" => "simple"),
("allowEmptyPasswords" => "false")
]
}
h3.ModelNode during execution of add operation
"cache-type" => undefined,
"authentication" => {"jaspi" => {
"auth-modules" => [{
"code" => "org.jboss.as.web.security.jaspi.modules.HTTPFormServerAuthModule",
"login-module-stack-ref" => "ldap-stack",
"module-options" => undefined
}],
"login-module-stack" => {"ldap-stack" => {"login-modules" => [{
"code" => "LdapExtended",
"flag" => "required",
"module-options" => [
("java.naming.provider.url" => "ldap://localhost:10389"),
("bindDN" => "uid=admin,ou=system"),
("bindCredential" => "secret"),
("baseCtxDN" => "ou=users,ou=system"),
("baseFilter" => "(sn={0})"),
("rolesCtxDN" => "ou=groups,ou=system"),
("roleFilter" => "(member={1})"),
("roleAttributeID" => "cn"),
("roleAttributeIsDN" => "false"),
("java.naming.referral" => "follow"),
("roleRecursion" => "-1"),
("searchScope" => "SUBTREE_SCOPE"),
("java.naming.security.authentication" => "simple"),
("allowEmptyPasswords" => "false")
]
}]}}
}}
}
h3.Exception thrown during process of operations
08:11:13,947 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 44) JBAS014612: Operation ("add") failed - address: ([
("subsystem" => "security"),
("security-domain" => "tutor-ldap")
]): java.util.NoSuchElementException: No child 'name' exists
at org.jboss.dmr.ModelValue.requireChild(ModelValue.java:362) [jboss-dmr-1.1.1.Final.jar:]
at org.jboss.dmr.PropertyModelValue.requireChild(PropertyModelValue.java:156) [jboss-dmr-1.1.1.Final.jar:]
at org.jboss.dmr.ModelNode.require(ModelNode.java:812) [jboss-dmr-1.1.1.Final.jar:]
at org.jboss.as.security.SecurityDomainAdd.processJASPIAuth(SecurityDomainAdd.java:333) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd.createApplicationPolicy(SecurityDomainAdd.java:213) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd.launchServices(SecurityDomainAdd.java:167) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd$1.execute(SecurityDomainAdd.java:156) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd$1.execute(SecurityDomainAdd.java:157) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd$1.execute(SecurityDomainAdd.java:157) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd$1.execute(SecurityDomainAdd.java:157) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.server.AbstractDeploymentChainStep.execute(AbstractDeploymentChainStep.java:46) [jboss-as-server-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.server.AbstractDeploymentChainStep.execute(AbstractDeploymentChainStep.java:46) [jboss-as-server-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:311) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_25]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_25]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 8 months
[JBoss JIRA] (AS7-3345) Unable to read server resources
by Heiko Braun (JIRA)
Heiko Braun created AS7-3345:
--------------------------------
Summary: Unable to read server resources
Key: AS7-3345
URL: https://issues.jboss.org/browse/AS7-3345
Project: Application Server 7
Issue Type: Bug
Components: Domain Management
Reporter: Heiko Braun
Assignee: Emanuel Muckenhuber
Fix For: 7.1.0.Final
{noformat}
[domain@localhost:9999 /] /host=master:read-children-resources(child-type=server,recursive=true)
{
"outcome" => "success",
"result" => {}
}
{noformat}
But there is an instance running:
{noformat}
[domain@localhost:9999 /] /host=master:read-children-names(child-type=server)
{
"outcome" => "success",
"result" => ["server-one"]
}
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 8 months
[JBoss JIRA] (AS7-3340) NPE during stop of service jboss.jacorb.poa-service.rootpoa
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/AS7-3340?page=com.atlassian.jira.plugin.s... ]
Brian Stansberry updated AS7-3340:
----------------------------------
Assignee: Stefan Guilhen
> NPE during stop of service jboss.jacorb.poa-service.rootpoa
> -----------------------------------------------------------
>
> Key: AS7-3340
> URL: https://issues.jboss.org/browse/AS7-3340
> Project: Application Server 7
> Issue Type: Bug
> Components: IIOP
> Affects Versions: 7.1.0.CR1b
> Reporter: Pavel Janousek
> Assignee: Stefan Guilhen
> Priority: Critical
>
> There is randomly occured NPE when stopping EAP a bit quickly after it started.
> {code}
> 15:55:17,151 ERROR [org.jboss.as] (Controller Boot Thread) JBoss EAP 6.0.0.Alpha2 (AS 7.1.0.CR1-redhat-1) started (with errors) in 8066ms - Started 132 of 222 services (20 services failed or missing dependencies, 68 services are passive or on-demand)
> ^C15:55:19,867 INFO [org.jboss.as.messaging] (MSC service thread 1-1) JBAS011605: Unbound messaging object to jndi name java:/queue/test
> 15:55:19,870 INFO [org.jboss.as.osgi] (MSC service thread 1-8) JBAS011921: Stopping OSGi Framework
> 15:55:19,876 INFO [org.jboss.as.messaging] (MSC service thread 1-7) JBAS011605: Unbound messaging object to jndi name java:/RemoteConnectionFactory
> 15:55:19,878 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-4) JBAS010409: Unbound data source [java:jboss/datasources/ExampleDS]
> 15:55:19,888 INFO [org.jboss.as.logging] JBAS011503: Restored bootstrap log handlers
> 15:55:19,897 INFO [jacorb.poa] POA IRPOA destroyed
> 15:55:19,898 INFO [jacorb.poa] POA Naming destroyed
> 15:55:19,906 WARN [org.jboss.msc.service.fail] MSC000004: Failure during stop of service jboss.jacorb.poa-service.rootpoa: java.lang.NullPointerException
> at org.jacorb.poa.POA.destroy(Unknown Source)
> at org.jboss.as.jacorb.service.CorbaPOAService.stop(CorbaPOAService.java:187)
> at org.jboss.msc.service.ServiceControllerImpl$StopTask.stopService(ServiceControllerImpl.java:1909) [jboss-msc-1.0.1.GA-redhat-1.jar:1.0.1.GA-redhat-1]
> at org.jboss.msc.service.ServiceControllerImpl$StopTask.run(ServiceControllerImpl.java:1872) [jboss-msc-1.0.1.GA-redhat-1.jar:1.0.1.GA-redhat-1]
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_27]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_27]
> at java.lang.Thread.run(Thread.java:662) [:1.6.0_27]
> 15:55:19,910 INFO [jacorb.orb] prepare ORB for shutdown...
> {code}
> As you can see above, I hit Ctrl-C in two seconds after start is done. NPE isn't occurred every time and I didn't see it anytime when EAP was running for a longer time (let say 10 seconds and more).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 8 months
[JBoss JIRA] (AS7-3340) NPE during stop of service jboss.jacorb.poa-service.rootpoa
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/AS7-3340?page=com.atlassian.jira.plugin.s... ]
Brian Stansberry updated AS7-3340:
----------------------------------
Component/s: IIOP
> NPE during stop of service jboss.jacorb.poa-service.rootpoa
> -----------------------------------------------------------
>
> Key: AS7-3340
> URL: https://issues.jboss.org/browse/AS7-3340
> Project: Application Server 7
> Issue Type: Bug
> Components: IIOP
> Affects Versions: 7.1.0.CR1b
> Reporter: Pavel Janousek
> Priority: Critical
>
> There is randomly occured NPE when stopping EAP a bit quickly after it started.
> {code}
> 15:55:17,151 ERROR [org.jboss.as] (Controller Boot Thread) JBoss EAP 6.0.0.Alpha2 (AS 7.1.0.CR1-redhat-1) started (with errors) in 8066ms - Started 132 of 222 services (20 services failed or missing dependencies, 68 services are passive or on-demand)
> ^C15:55:19,867 INFO [org.jboss.as.messaging] (MSC service thread 1-1) JBAS011605: Unbound messaging object to jndi name java:/queue/test
> 15:55:19,870 INFO [org.jboss.as.osgi] (MSC service thread 1-8) JBAS011921: Stopping OSGi Framework
> 15:55:19,876 INFO [org.jboss.as.messaging] (MSC service thread 1-7) JBAS011605: Unbound messaging object to jndi name java:/RemoteConnectionFactory
> 15:55:19,878 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-4) JBAS010409: Unbound data source [java:jboss/datasources/ExampleDS]
> 15:55:19,888 INFO [org.jboss.as.logging] JBAS011503: Restored bootstrap log handlers
> 15:55:19,897 INFO [jacorb.poa] POA IRPOA destroyed
> 15:55:19,898 INFO [jacorb.poa] POA Naming destroyed
> 15:55:19,906 WARN [org.jboss.msc.service.fail] MSC000004: Failure during stop of service jboss.jacorb.poa-service.rootpoa: java.lang.NullPointerException
> at org.jacorb.poa.POA.destroy(Unknown Source)
> at org.jboss.as.jacorb.service.CorbaPOAService.stop(CorbaPOAService.java:187)
> at org.jboss.msc.service.ServiceControllerImpl$StopTask.stopService(ServiceControllerImpl.java:1909) [jboss-msc-1.0.1.GA-redhat-1.jar:1.0.1.GA-redhat-1]
> at org.jboss.msc.service.ServiceControllerImpl$StopTask.run(ServiceControllerImpl.java:1872) [jboss-msc-1.0.1.GA-redhat-1.jar:1.0.1.GA-redhat-1]
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_27]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_27]
> at java.lang.Thread.run(Thread.java:662) [:1.6.0_27]
> 15:55:19,910 INFO [jacorb.orb] prepare ORB for shutdown...
> {code}
> As you can see above, I hit Ctrl-C in two seconds after start is done. NPE isn't occurred every time and I didn't see it anytime when EAP was running for a longer time (let say 10 seconds and more).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 8 months
[JBoss JIRA] (AS7-2266) Starting the server with a versioned backup fails the second time
by Rajesh Rajasekaran (Created) (JIRA)
Starting the server with a versioned backup fails the second time
-----------------------------------------------------------------
Key: AS7-2266
URL: https://issues.jboss.org/browse/AS7-2266
Project: Application Server 7
Issue Type: Bug
Components: Domain Management
Affects Versions: 7.1.0.Alpha1
Reporter: Rajesh Rajasekaran
Assignee: Brian Stansberry
"--server-config=v? This will server the _xml_history/current folder for the configuration where ? is the number of the backup to use."
"When restarting the server any existing standalone_xml_history/current directory is moved to a new timestamped folder within the standalone_xml_history, and a new current folder is created."
Due to the above behavior starting the sever with --server-config=v1 works only the first time, but fails the second time with
ERROR [stderr] java.lang.IllegalStateException: No configuration file ending in .v1.xml found in jbossas1/standalone/configuration/standalone_xml_history/current
There is also no option currently to load the versioned copy from the new timestamped folder it is moved to.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 8 months