February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (DROOLS-1455) ClassCastException when using yearMonthDuration in decision table

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1455?page=com.atlassian.jira.plugi... ] Edson Tirelli commented on DROOLS-1455: --------------------------------------- Good catch, java Period class (used for 'Years and Months Duration') does not implement Comparable<Period>, but java Duration class does implement Comparable<Duration>. I will add code to specifically handle Period comparisons. > ClassCastException when using yearMonthDuration in decision table > ----------------------------------------------------------------- > > Key: DROOLS-1455 > URL: https://issues.jboss.org/browse/DROOLS-1455 > Project: Drools > Issue Type: Bug > Components: dmn engine > Reporter: Mélanie Gauthier > Assignee: Edson Tirelli > Attachments: yearMonthDuration.dmn > > > Trying to run the attached example, a ClasCastException error is logged. dayTimeDuration works fine. > A Period object is put in the context, created using > BuiltInType feelType = (BuiltInType) BuiltInType.determineTypeFromName(type); -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-8231) ldap role should ignore javax.naming.PartialResultException when referrals=ignore

by Peter Palaga (JIRA)

[ https://issues.jboss.org/browse/WFLY-8231?page=com.atlassian.jira.plugin.... ] Peter Palaga updated WFLY-8231: ------------------------------- Description: Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1418685 ldap role should ignore javax.naming.PartialResultException when referrals=ignore. In this case, the user has a role which is causing a referral. They have referrals=ignore which causes a PartialResultException to be logged. This ends up causing a 500 error. {code} 16:22:09,407 TRACE [org.jboss.as.domain.management.security] (management task-4) Failure supplementing Subject: javax.naming.PartialResultException: [LDAP: error code 10 - REFERRAL: failed for MessageType : SEARCH_REQUEST Message ID : 4 SearchRequest baseDn : 'cn=refrole1,ou=ReferralRoles,dc=subtree,dc=keycloak,dc=org' filter : '(objectClass=*)' scope : base object typesOnly : false Size Limit : no limit Time Limit : no limit Deref Aliases : deref Always attributes : 'cn' org.apache.directory.api.ldap.model.message.SearchRequestImpl@7887cbbc ManageDsaITImpl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : ERR_315 cannot create an entry under a referral when the Context.REFERRAL is set to 'ignore']; remaining name 'cn=refrole1,ou=ReferralRoles,dc=subtree,dc=keycloak,dc=org' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2971) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:313) at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:217) at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroupEntries(LdapSubjectSupplementalService.java:250) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:227) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:220) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:194) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:334) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getAuthorizationIdentity(LdapSubjectSupplementalService.java:319) at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.getAuthorizationIdentity(AggregateSecurityRealm.java:157) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1716) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1741) at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:470) at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:465) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:750) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:728) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:92) at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:154) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:110) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:84) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) {code} Setting referrals=follows worked around the issue in this case. Steps to reproduce: https://bugzilla.redhat.com/show_bug.cgi?id=1417272 was: Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1418685 ldap role should ignore javax.naming.PartialResultException when referrals=ignore. In this case, the customer has a role which is causing a referral. They have referrals=ignore which causes a PartialResultException to be logged. This ends up causing a 500 error. {code} 15:10:04,355 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 7) Group found with distinguishedName=CN=AGENTS-REGISTERED-DS 7431,OU=Automated,OU=Groups,DC=AGENTS,DC=AMFAM,DC=NET 15:10:04,357 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 7) Failure supplementing Subject: javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points ref 1: 'AGENTS.AMFAM.NET' \00]; remaining name 'CN=AGENTS-REGISTERED-DS 7431,OU=Automated,OU=Groups,DC=AGENTS,DC=AMFAM,DC=NET' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2971) [rt.jar:1.8.0_66] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) [rt.jar:1.8.0_66] at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) [rt.jar:1.8.0_66] at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) [rt.jar:1.8.0_66] at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) [rt.jar:1.8.0_66] at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:297) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:215) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroupEntries(LdapSubjectSupplementalService.java:218) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:195) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:188) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:163) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.SecurityRealmService$1.createSubjectUserInfo(SecurityRealmService.java:223) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.security.BasicAuthenticator._authenticate(BasicAuthenticator.java:120) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.security.BasicAuthenticator.authenticate(BasicAuthenticator.java:85) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:64) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78) at org.jboss.as.domain.http.server.XFrameHeaderFilter.doFilter(XFrameHeaderFilter.java:45) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:48) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:680) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_66] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_66] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66] at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.2.Final-redhat-1.jar:2.1.2.Final-redhat-1] {code} Setting referrals=follows worked around the issue in this case. Steps to reproduce: https://bugzilla.redhat.com/show_bug.cgi?id=1417272 > ldap role should ignore javax.naming.PartialResultException when referrals=ignore > --------------------------------------------------------------------------------- > > Key: WFLY-8231 > URL: https://issues.jboss.org/browse/WFLY-8231 > Project: WildFly > Issue Type: Task > Components: Security > Reporter: Peter Palaga > Assignee: Peter Palaga > > Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1418685 > ldap role should ignore javax.naming.PartialResultException when referrals=ignore. > In this case, the user has a role which is causing a referral. They have referrals=ignore which causes a PartialResultException to be logged. This ends up causing a 500 error. > {code} > 16:22:09,407 TRACE [org.jboss.as.domain.management.security] (management task-4) Failure supplementing Subject: javax.naming.PartialResultException: [LDAP: error code 10 - REFERRAL: failed for MessageType : SEARCH_REQUEST > Message ID : 4 > SearchRequest > baseDn : 'cn=refrole1,ou=ReferralRoles,dc=subtree,dc=keycloak,dc=org' > filter : '(objectClass=*)' > scope : base object > typesOnly : false > Size Limit : no limit > Time Limit : no limit > Deref Aliases : deref Always > attributes : 'cn' > org.apache.directory.api.ldap.model.message.SearchRequestImpl@7887cbbc ManageDsaITImpl Control > Type OID : '2.16.840.1.113730.3.4.2' > Criticality : 'false' > ' > : ERR_315 cannot create an entry under a referral when the Context.REFERRAL is set to 'ignore']; remaining name 'cn=refrole1,ou=ReferralRoles,dc=subtree,dc=keycloak,dc=org' > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2971) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) > at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329) > at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) > at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) > at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) > at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:313) > at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:217) > at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroupEntries(LdapSubjectSupplementalService.java:250) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:227) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:220) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:194) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:334) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getAuthorizationIdentity(LdapSubjectSupplementalService.java:319) > at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.getAuthorizationIdentity(AggregateSecurityRealm.java:157) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1716) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1741) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:470) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:465) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:750) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:728) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) > at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:92) > at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:154) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:110) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:84) > at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > Setting referrals=follows worked around the issue in this case. > Steps to reproduce: https://bugzilla.redhat.com/show_bug.cgi?id=1417272 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2341) ldap role should ignore javax.naming.PartialResultException when referrals=ignore

by Peter Palaga (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2341?page=com.atlassian.jira.plugi... ] Peter Palaga updated WFCORE-2341: --------------------------------- Description: Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1418685 ldap role should ignore javax.naming.PartialResultException when referrals=ignore. In this case, the user has a role which is causing a referral. They have referrals=ignore which causes a PartialResultException to be logged. This ends up causing a 500 error. {code} 16:22:09,407 TRACE [org.jboss.as.domain.management.security] (management task-4) Failure supplementing Subject: javax.naming.PartialResultException: [LDAP: error code 10 - REFERRAL: failed for MessageType : SEARCH_REQUEST Message ID : 4 SearchRequest baseDn : 'cn=refrole1,ou=ReferralRoles,dc=subtree,dc=keycloak,dc=org' filter : '(objectClass=*)' scope : base object typesOnly : false Size Limit : no limit Time Limit : no limit Deref Aliases : deref Always attributes : 'cn' org.apache.directory.api.ldap.model.message.SearchRequestImpl@7887cbbc ManageDsaITImpl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : ERR_315 cannot create an entry under a referral when the Context.REFERRAL is set to 'ignore']; remaining name 'cn=refrole1,ou=ReferralRoles,dc=subtree,dc=keycloak,dc=org' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2971) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:313) at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:217) at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroupEntries(LdapSubjectSupplementalService.java:250) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:227) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:220) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:194) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:334) at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getAuthorizationIdentity(LdapSubjectSupplementalService.java:319) at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.getAuthorizationIdentity(AggregateSecurityRealm.java:157) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1716) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1741) at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:470) at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:465) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:750) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:728) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:92) at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:154) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:110) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:84) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) {code} Setting referrals=follows worked around the issue in this case. Steps to reproduce: https://bugzilla.redhat.com/show_bug.cgi?id=1417272 was: Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1418685 ldap role should ignore javax.naming.PartialResultException when referrals=ignore. In this case, the customer has a role which is causing a referral. They have referrals=ignore which causes a PartialResultException to be logged. This ends up causing a 500 error. {code} 15:10:04,355 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 7) Group found with distinguishedName=CN=AGENTS-REGISTERED-DS 7431,OU=Automated,OU=Groups,DC=AGENTS,DC=AMFAM,DC=NET 15:10:04,357 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 7) Failure supplementing Subject: javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points ref 1: 'AGENTS.AMFAM.NET' \00]; remaining name 'CN=AGENTS-REGISTERED-DS 7431,OU=Automated,OU=Groups,DC=AGENTS,DC=AMFAM,DC=NET' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2971) [rt.jar:1.8.0_66] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) [rt.jar:1.8.0_66] at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) [rt.jar:1.8.0_66] at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) [rt.jar:1.8.0_66] at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) [rt.jar:1.8.0_66] at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:297) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:215) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroupEntries(LdapSubjectSupplementalService.java:218) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:195) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:188) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:163) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.SecurityRealmService$1.createSubjectUserInfo(SecurityRealmService.java:223) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.security.BasicAuthenticator._authenticate(BasicAuthenticator.java:120) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.security.BasicAuthenticator.authenticate(BasicAuthenticator.java:85) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:64) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78) at org.jboss.as.domain.http.server.XFrameHeaderFilter.doFilter(XFrameHeaderFilter.java:45) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:48) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:680) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_66] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_66] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66] at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.2.Final-redhat-1.jar:2.1.2.Final-redhat-1] {code} Setting referrals=follows worked around the issue in this case. Steps to reproduce: https://bugzilla.redhat.com/show_bug.cgi?id=1417272 > ldap role should ignore javax.naming.PartialResultException when referrals=ignore > --------------------------------------------------------------------------------- > > Key: WFCORE-2341 > URL: https://issues.jboss.org/browse/WFCORE-2341 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Peter Palaga > Assignee: Peter Palaga > > Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1418685 > ldap role should ignore javax.naming.PartialResultException when referrals=ignore. > In this case, the user has a role which is causing a referral. They have referrals=ignore which causes a PartialResultException to be logged. This ends up causing a 500 error. > {code} > 16:22:09,407 TRACE [org.jboss.as.domain.management.security] (management task-4) Failure supplementing Subject: javax.naming.PartialResultException: [LDAP: error code 10 - REFERRAL: failed for MessageType : SEARCH_REQUEST > Message ID : 4 > SearchRequest > baseDn : 'cn=refrole1,ou=ReferralRoles,dc=subtree,dc=keycloak,dc=org' > filter : '(objectClass=*)' > scope : base object > typesOnly : false > Size Limit : no limit > Time Limit : no limit > Deref Aliases : deref Always > attributes : 'cn' > org.apache.directory.api.ldap.model.message.SearchRequestImpl@7887cbbc ManageDsaITImpl Control > Type OID : '2.16.840.1.113730.3.4.2' > Criticality : 'false' > ' > : ERR_315 cannot create an entry under a referral when the Context.REFERRAL is set to 'ignore']; remaining name 'cn=refrole1,ou=ReferralRoles,dc=subtree,dc=keycloak,dc=org' > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2971) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) > at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329) > at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) > at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) > at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) > at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:313) > at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:217) > at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroupEntries(LdapSubjectSupplementalService.java:250) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:227) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:220) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:194) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:334) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getAuthorizationIdentity(LdapSubjectSupplementalService.java:319) > at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.getAuthorizationIdentity(AggregateSecurityRealm.java:157) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1716) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1741) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:470) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:465) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:750) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:728) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) > at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:92) > at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:154) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:110) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:84) > at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > Setting referrals=follows worked around the issue in this case. > Steps to reproduce: https://bugzilla.redhat.com/show_bug.cgi?id=1417272 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (DROOLS-1455) ClassCastException when using yearMonthDuration in decision table

by Mélanie Gauthier (JIRA)

Mélanie Gauthier created DROOLS-1455: ---------------------------------------- Summary: ClassCastException when using yearMonthDuration in decision table Key: DROOLS-1455 URL: https://issues.jboss.org/browse/DROOLS-1455 Project: Drools Issue Type: Bug Components: dmn engine Reporter: Mélanie Gauthier Assignee: Edson Tirelli Attachments: yearMonthDuration.dmn Trying to run the attached example, a ClasCastException error is logged. dayTimeDuration works fine. A Period object is put in the context, created using BuiltInType feelType = (BuiltInType) BuiltInType.determineTypeFromName(type); -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-957) Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/ELY-957?page=com.atlassian.jira.plugin.sy... ] Paul Ferraro commented on ELY-957: ---------------------------------- There's no reason to synchronize this method. If the synchronized modifier in the method signature of DefaultSingleSignOn.setIdentity(...) is cumbersome for subclasses, then there are better ways to address this (e.g. by replacing the modifier with a synchronized block, and clarifying the javadoc). > Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized > ---------------------------------------------------------------------------- > > Key: ELY-957 > URL: https://issues.jboss.org/browse/ELY-957 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.1.0.Beta24 > Reporter: Martin Choma > Assignee: Paul Ferraro > Priority: Minor > > Coverity static-analysis scan found getter is not synchronized, while setter is. > {code} > public SecurityIdentity getIdentity() { > return this.entry.getCachedIdentity().getSecurityIdentity(); > } > {code} > Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile. > However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure. > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84908... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-957) Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/ELY-957?page=com.atlassian.jira.plugin.sy... ] Paul Ferraro reassigned ELY-957: -------------------------------- Assignee: Paul Ferraro (was: Ilia Vassilev) > Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized > ---------------------------------------------------------------------------- > > Key: ELY-957 > URL: https://issues.jboss.org/browse/ELY-957 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.1.0.Beta24 > Reporter: Martin Choma > Assignee: Paul Ferraro > Priority: Minor > > Coverity static-analysis scan found getter is not synchronized, while setter is. > {code} > public SecurityIdentity getIdentity() { > return this.entry.getCachedIdentity().getSecurityIdentity(); > } > {code} > Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile. > However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure. > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84908... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-6755) mod_cluster uses the same password for accessing sslKeyStore and sslTrustStore

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-6755?page=com.atlassian.jira.plugin.... ] Radoslav Husar closed WFLY-6755. -------------------------------- Fix Version/s: (was: 11.0.0.Alpha1) Resolution: Out of Date With elytron integration in place (WFLY-3884) users should migrate their configuration to use elytron where this is no longer a problem. > mod_cluster uses the same password for accessing sslKeyStore and sslTrustStore > ------------------------------------------------------------------------------ > > Key: WFLY-6755 > URL: https://issues.jboss.org/browse/WFLY-6755 > Project: WildFly > Issue Type: Bug > Components: Clustering > Affects Versions: JBoss AS7 7.1.1.Final > Reporter: Radoslav Husar > Assignee: Radoslav Husar > > Problem reported by Duncan Doyle. > The passwords shouldn't be forced to be the same, in AS5 they could have been different. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-7996) Default Elytron subsystem configuration doesn't support local authentication in ApplicationRealm

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-7996?page=com.atlassian.jira.plugin.... ] Jan Kalina reopened WFLY-7996: ------------------------------ > Default Elytron subsystem configuration doesn't support local authentication in ApplicationRealm > ------------------------------------------------------------------------------------------------ > > Key: WFLY-7996 > URL: https://issues.jboss.org/browse/WFLY-7996 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Jan Kalina > Priority: Blocker > Fix For: 11.0.0.Alpha1 > > > The default Elytron configuration in profiles doesn't configure {{JBOSS-LOCAL-USER}} SASL mechanism for ApplicationRealm. If a client (e.g JMS/naming) uses local authentication in legacy security, it will not work after switching to Elytron based security. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (JBEE-173) Need system property to enable EL 2.2 backward compatible switch "javax.el.bc2.2"

by Ivo Studensky (JIRA)

Ivo Studensky created JBEE-173: ---------------------------------- Summary: Need system property to enable EL 2.2 backward compatible switch "javax.el.bc2.2" Key: JBEE-173 URL: https://issues.jboss.org/browse/JBEE-173 Project: JBoss JavaEE Spec APIs Issue Type: Enhancement Components: jboss-el-api Affects Versions: jboss-el-api_3.0_spec-1.0.7.Final Reporter: Ivo Studensky Assignee: Ivo Studensky [UEL-38|https://java.net/jira/browse/UEL-38] introduced an EL 2.2 backward compatible switch "javax.el.bc2.2". However, it's currently unable to enable this in EAP 7. User migration is blocked and needs system property to enable backwards compatibility. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-8261) ldap role should ignore javax.naming.PartialResultException when referrals=ignore

by Peter Palaga (JIRA)

Peter Palaga created WFLY-8261: ---------------------------------- Summary: ldap role should ignore javax.naming.PartialResultException when referrals=ignore Key: WFLY-8261 URL: https://issues.jboss.org/browse/WFLY-8261 Project: WildFly Issue Type: Task Components: Security Reporter: Peter Palaga Assignee: Peter Palaga Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1418685 ldap role should ignore javax.naming.PartialResultException when referrals=ignore. In this case, the customer has a role which is causing a referral. They have referrals=ignore which causes a PartialResultException to be logged. This ends up causing a 500 error. {code} 15:10:04,355 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 7) Group found with distinguishedName=CN=AGENTS-REGISTERED-DS 7431,OU=Automated,OU=Groups,DC=AGENTS,DC=AMFAM,DC=NET 15:10:04,357 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 7) Failure supplementing Subject: javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points ref 1: 'AGENTS.AMFAM.NET' \00]; remaining name 'CN=AGENTS-REGISTERED-DS 7431,OU=Automated,OU=Groups,DC=AGENTS,DC=AMFAM,DC=NET' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2971) [rt.jar:1.8.0_66] at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) [rt.jar:1.8.0_66] at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1329) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:235) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:141) [rt.jar:1.8.0_66] at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:129) [rt.jar:1.8.0_66] at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) [rt.jar:1.8.0_66] at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) [rt.jar:1.8.0_66] at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:297) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:215) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroupEntries(LdapSubjectSupplementalService.java:218) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:195) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:188) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:163) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.management.security.SecurityRealmService$1.createSubjectUserInfo(SecurityRealmService.java:223) [jboss-as-domain-management-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.security.BasicAuthenticator._authenticate(BasicAuthenticator.java:120) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.security.BasicAuthenticator.authenticate(BasicAuthenticator.java:85) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:64) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710) at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78) at org.jboss.as.domain.http.server.XFrameHeaderFilter.doFilter(XFrameHeaderFilter.java:45) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:48) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45) [jboss-as-domain-http-interface-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1] at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81) at org.jboss.sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:680) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_66] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_66] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66] at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.2.Final-redhat-1.jar:2.1.2.Final-redhat-1] {code} Setting referrals=follows worked around the issue in this case. Steps to reproduce: https://bugzilla.redhat.com/show_bug.cgi?id=1417272 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017