October 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-1863) Make CredentialReference thread safe

by Peter Skopek (JIRA)

Peter Skopek created WFCORE-1863: ------------------------------------ Summary: Make CredentialReference thread safe Key: WFCORE-1863 URL: https://issues.jboss.org/browse/WFCORE-1863 Project: WildFly Core Issue Type: Enhancement Components: Security Affects Versions: 3.0.0.Alpha9 Reporter: Peter Skopek Assignee: Peter Skopek CredentialReference is not thread safe nor documented that fact. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7260) Document in elytron model *-client-auth are mutual exclusive

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7260?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7260: ----------------------------------- Affects Version/s: (was: 11.0.0.Alpha1) > Document in elytron model *-client-auth are mutual exclusive > ------------------------------------------------------------ > > Key: WFLY-7260 > URL: https://issues.jboss.org/browse/WFLY-7260 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Minor > Fix For: 11.0.0.Alpha1 > > > Add to documentation information that need-client-auth and want-client-auth are mutually exclusive. If one is set other is unset. > Now we just have: > * {{want-client-auth}} - "Set wantClientAuth on the underlying SSLContext - if a security domain is referenced this will automatically be set to true." > * {{need-client-auth}} - "Set needClientAuth on the underlying SSLContext." -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7260) Document in elytron model *-client-auth are mutual exclusive

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7260?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7260: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Document in elytron model *-client-auth are mutual exclusive > ------------------------------------------------------------ > > Key: WFLY-7260 > URL: https://issues.jboss.org/browse/WFLY-7260 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Minor > Fix For: 11.0.0.Alpha1 > > > Add to documentation information that need-client-auth and want-client-auth are mutually exclusive. If one is set other is unset. > Now we just have: > * {{want-client-auth}} - "Set wantClientAuth on the underlying SSLContext - if a security domain is referenced this will automatically be set to true." > * {{need-client-auth}} - "Set needClientAuth on the underlying SSLContext." -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7219) Wrong description of missing target-name in simple-permission-mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7219?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7219: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Wrong description of missing target-name in simple-permission-mapper > -------------------------------------------------------------------- > > Key: WFLY-7219 > URL: https://issues.jboss.org/browse/WFLY-7219 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Fix For: 11.0.0.Alpha1 > > > In case when simple-permission-mapper cannot be added through CLI command due to missing target-name attribute, then IllegalArgumentException with wrong description is thrown. It says: "Parameter '*name*' may not be null". It should be "Parameter '*target-name*' may not be null". -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7137) Attribute "required" on key-store makes no difference of behaviour

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7137?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7137: ----------------------------------- Affects Version/s: (was: 11.0.0.Alpha1) > Attribute "required" on key-store makes no difference of behaviour > ------------------------------------------------------------------ > > Key: WFLY-7137 > URL: https://issues.jboss.org/browse/WFLY-7137 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Critical > Fix For: 11.0.0.Alpha1 > > > There is attribute {{required}} which can be set on key-store, that should disable check "does keystore file exists?" > {code} > "required" => { > "type" => BOOLEAN, > "description" => "Is the file required to exist at the time the KeyStore service starts?", > "attribute-group" => "file", > "expressions-allowed" => true, > "nillable" => true, > "default" => false, > "requires" => ["path"], > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > }, > {code} > However, when I try to use it, there is no difference if {{required}} attribute is set to true or false. > {code} > [standalone@localhost:9990 /] /subsystem=elytron/key-store=server:add(type="jks", path="/path/non-existing", required=false) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.server" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.server: WFLYELY00004: Unable to start the service. > Caused by: java.io.FileNotFoundException: /path/non-existing (No such file or directory)"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.server"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > [standalone@localhost:9990 /] /subsystem=elytron/key-store=server:add(type="jks", path="/path/non-existing", required=true) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.server" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.server: WFLYELY00004: Unable to start the service. > Caused by: java.io.FileNotFoundException: /path/non-existing (No such file or directory)"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.server"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > I have already seen people generating keystores in their app, so I think this option would be useful for them. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7137) Attribute "required" on key-store makes no difference of behaviour

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7137?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7137: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Attribute "required" on key-store makes no difference of behaviour > ------------------------------------------------------------------ > > Key: WFLY-7137 > URL: https://issues.jboss.org/browse/WFLY-7137 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Critical > Fix For: 11.0.0.Alpha1 > > > There is attribute {{required}} which can be set on key-store, that should disable check "does keystore file exists?" > {code} > "required" => { > "type" => BOOLEAN, > "description" => "Is the file required to exist at the time the KeyStore service starts?", > "attribute-group" => "file", > "expressions-allowed" => true, > "nillable" => true, > "default" => false, > "requires" => ["path"], > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > }, > {code} > However, when I try to use it, there is no difference if {{required}} attribute is set to true or false. > {code} > [standalone@localhost:9990 /] /subsystem=elytron/key-store=server:add(type="jks", path="/path/non-existing", required=false) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.server" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.server: WFLYELY00004: Unable to start the service. > Caused by: java.io.FileNotFoundException: /path/non-existing (No such file or directory)"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.server"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > [standalone@localhost:9990 /] /subsystem=elytron/key-store=server:add(type="jks", path="/path/non-existing", required=true) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.server" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.server: WFLYELY00004: Unable to start the service. > Caused by: java.io.FileNotFoundException: /path/non-existing (No such file or directory)"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.server"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > I have already seen people generating keystores in their app, so I think this option would be useful for them. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6882) A client is not able to invoke EJB's deployed as "HASingleton deployment"

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/WFLY-6882?page=com.atlassian.jira.plugin.... ] Paul Ferraro closed WFLY-6882. ------------------------------ Resolution: Rejected > A client is not able to invoke EJB's deployed as "HASingleton deployment" > ------------------------------------------------------------------------- > > Key: WFLY-6882 > URL: https://issues.jboss.org/browse/WFLY-6882 > Project: WildFly > Issue Type: Bug > Components: Clustering, EJB > Affects Versions: 10.0.0.Final, 11.0.0.Alpha1 > Reporter: Wolf-Dieter Fink > Assignee: Enrique González Martínez > > Given that an application contains a SLSB and is clustered, any EJB client will be updated to have a view off all cluster members and is able to use and failover to any node in the cluster no matter whether it is in the initial list of servers. > Now if the application is marked as "singleton-deployment" via jboss-all.xml and deployed to all servers only one server in a cluster will pick it and make it active. > Now the expectation is that a client is routed to that server no matter whether this special server is included in the clients initial connection list. > The interesting thing is that the client.log show that both servers are connected it the application is NOT marked as singleton > But only the initial server is connected if the app is marked as singleton! -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7290) Unable to remove elytron ldap-key-store

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7290?page=com.atlassian.jira.plugin.... ] Martin Choma moved JBEAP-6390 to WFLY-7290: ------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-7290 (was: JBEAP-6390) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: 11.0.0.Alpha1 (was: 7.1.0.DR6) > Unable to remove elytron ldap-key-store > --------------------------------------- > > Key: WFLY-7290 > URL: https://issues.jboss.org/browse/WFLY-7290 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Martin Choma > Priority: Critical > > Once ldap-key-store is added it can't be removed. > {code} > [standalone@localhost:9990 /] /subsystem=elytron/dir-context=b:add(url=ldap://dev156-w2012-x86-64.mw.lab.eng.bos.redhat.com, principal="CN=jbossqa,CN=Users,DC=JBOSS3,DC=test", credential=jboss42) > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/ldap-key-store=b:add(dir-context=b,search-path="O=eapqe,DC=JBOSS3,DC=test") > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/ldap-key-store=b:remove() > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalStateException: ELY02015: Failed to obtain DirContext", > "rolled-back" => true > } > {code} > which leads to error in server log > {code} > 14:55:41,841 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 12) WFLYCTL0013: Operation ("remove") failed - address: ([ > ("subsystem" => "elytron"), > ("ldap-key-store" => "b") > ]): java.lang.IllegalStateException: ELY02015: Failed to obtain DirContext > at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:126) > at org.wildfly.security.keystore.LdapKeyStoreSpi.engineSize(LdapKeyStoreSpi.java:381) > at java.security.KeyStore.size(KeyStore.java:1271) > at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineSize(DelegatingKeyStoreSpi.java:121) > at java.security.KeyStore.size(KeyStore.java:1271) > at org.wildfly.extension.elytron.KeyStoreResource.containsAliases(KeyStoreResource.java:163) > at org.wildfly.extension.elytron.KeyStoreResource.getChildTypes(KeyStoreResource.java:61) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:287) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:250) > at org.jboss.as.controller.AbstractRemoveStepHandler.execute(AbstractRemoveStepHandler.java:66) > at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:940) > at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:683) > at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382) > at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363) > at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410) > at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "org.wildfly.extension.elytron:main" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR6/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR6/jboss-eap-7.1/modules/system/layers/base)) [Root exception is java.lang.ClassNotFoundException: com.sun.jndi.ldap.LdapCtxFactory from [Module "org.wildfly.extension.elytron:main" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR6/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR6/jboss-eap-7.1/modules/system/layers/base))]] > at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:118) > at org.jboss.as.naming.InitialContext.init(InitialContext.java:99) > at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) > at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) > at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > at javax.naming.InitialContext.init(InitialContext.java:244) > at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.createDirContext(SimpleDirContextFactoryBuilder.java:286) > at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.obtainDirContext(SimpleDirContextFactoryBuilder.java:222) > at org.wildfly.extension.elytron.DirContextDefinition.lambda$null$0(DirContextDefinition.java:148) > at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:120) > ... 31 more > Caused by: java.lang.ClassNotFoundException: com.sun.jndi.ldap.LdapCtxFactory from [Module "org.wildfly.extension.elytron:main" from local module loader @5479e3f (finder: local module finder @27082746 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR6/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR6/jboss-eap-7.1/modules/system/layers/base))] > at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:199) > at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:377) > at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:365) > at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:94) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:348) > at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:113) > ... 43 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7255) Creating LDAP security realm fails with cryptic error message

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7255?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7255: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Creating LDAP security realm fails with cryptic error message > ------------------------------------------------------------- > > Key: WFLY-7255 > URL: https://issues.jboss.org/browse/WFLY-7255 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Zach Rhoads > Assignee: Jan Kalina > Fix For: 11.0.0.Alpha1 > > > When creating an LDAP security realm via CLI, setup fails with cryptic error message. > For example, creating a dir-context works fine: > /subsystem=elytron/dir-context=exampleDC:add(url="ldap://127.0.0.1:10389",principal="uid=admin,ou=system",credential="secret") > But when creating an ldap-realm: > /subsystem=elytron/ldap-realm=exampleLR:add(dir-context=exampleDC,identity-mapping={search-base-dn="ou=Users,dc=jboss,dc=org",rdn-identifier="uid",user-password-mapper={from="userPassword"}}) > It fails: > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException", > "rolled-back" => true > } > Full log in wildfly: > 14:11:03,368 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("ldap-realm" => "exampleLR") > ]): java.lang.IllegalArgumentException > at org.jboss.dmr.ModelValue.asBoolean(ModelValue.java:69) > at org.jboss.dmr.ModelNode.asBoolean(ModelNode.java:267) > at org.wildfly.extension.elytron.LdapRealmDefinition$UserPasswordCredentialMappingObjectDefinition.configure(LdapRealmDefinition.java:163) > at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.configureIdentityMapping(LdapRealmDefinition.java:420) > at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.performRuntime(LdapRealmDefinition.java:375) > at org.jboss.as.controller.AbstractAddStepHandler.performRuntime(AbstractAddStepHandler.java:337) > at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151) > at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:940) > at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:683) > at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382) > at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363) > at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410) > at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7289) Adding ldap-key-store requires accessible ldap server

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7289?page=com.atlassian.jira.plugin.... ] Martin Choma moved JBEAP-6388 to WFLY-7289: ------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-7289 (was: JBEAP-6388) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: 11.0.0.Alpha1 (was: 7.1.0.DR6) > Adding ldap-key-store requires accessible ldap server > ----------------------------------------------------- > > Key: WFLY-7289 > URL: https://issues.jboss.org/browse/WFLY-7289 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Martin Choma > > Playing with ldap-key-store . What I consider very unconvenient is fact, that in moment of adding ldap-key-store, ldap server has to be running and accessible. Elytron ldap-realm does not need that. Doubt about legacy security realms. Is it possible to decouple that dependency and leave that check till first ldap-key-store usage? > Steps to reproduce: > {code} > [standalone@localhost:9990 /] /subsystem=elytron/dir-context=a:add() > {"outcome" => "success"} > [standalone@localhost:9990 /] /subsystem=elytron/ldap-key-store=a:add(dir-context=a, search-path="a") > { > "outcome" => "failed", > "rolled-back" => true > } > {code} > leads to exception in server log > {code} > 14:37:25,917 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{ > "address" => [ > ("subsystem" => "elytron"), > ("ldap-key-store" => "a") > ], > "operation" => "add", > "search-path" => "a", > "dir-context" => "a", > "operation-headers" => { > "caller-type" => "user", > "access-mechanism" => "NATIVE" > } > }]: java.lang.IllegalStateException: ELY02015: Failed to obtain DirContext > at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:126) > at org.wildfly.security.keystore.LdapKeyStoreSpi.engineSize(LdapKeyStoreSpi.java:381) > at java.security.KeyStore.size(KeyStore.java:1271) > at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineSize(DelegatingKeyStoreSpi.java:121) > at java.security.KeyStore.size(KeyStore.java:1271) > at org.wildfly.extension.elytron.KeyStoreResource.containsAliases(KeyStoreResource.java:163) > at org.wildfly.extension.elytron.KeyStoreResource.getChildTypes(KeyStoreResource.java:61) > at org.jboss.as.controller.registry.AbstractModelResource$DelegateResource.getChildTypes(AbstractModelResource.java:372) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:287) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:291) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:291) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262) > at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:250) > at org.jboss.as.controller.ModelControllerImpl.writeModel(ModelControllerImpl.java:787) > at org.jboss.as.controller.OperationContextImpl.createPersistenceResource(OperationContextImpl.java:520) > at org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:758) > at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:709) > at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382) > at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363) > at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410) > at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: javax.naming.NamingException: Cannot parse url: undefined [Root exception is java.net.MalformedURLException: Invalid URI: undefined] > at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:92) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:163) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) > at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) > at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) > at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) > at org.jboss.as.naming.InitialContext.init(InitialContext.java:99) > at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) > at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) > at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > at javax.naming.InitialContext.init(InitialContext.java:244) > at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.createDirContext(SimpleDirContextFactoryBuilder.java:286) > at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.obtainDirContext(SimpleDirContextFactoryBuilder.java:222) > at org.wildfly.extension.elytron.DirContextDefinition.lambda$null$0(DirContextDefinition.java:148) > at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:120) > ... 39 more > Caused by: java.net.MalformedURLException: Invalid URI: undefined > at com.sun.jndi.toolkit.url.Uri.parse(Uri.java:199) > at com.sun.jndi.toolkit.url.Uri.init(Uri.java:138) > at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:82) > ... 56 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2016