[JBoss JIRA] (WFCORE-2827) undefined suffix in rotating-file-audit-log not handled
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2827?page=com.atlassian.jira.plugi... ]
Jan Kalina closed WFCORE-2827.
------------------------------
Resolution: Duplicate Issue
> undefined suffix in rotating-file-audit-log not handled
> -------------------------------------------------------
>
> Key: WFCORE-2827
> URL: https://issues.jboss.org/browse/WFCORE-2827
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta21
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Critical
>
> Attribute *suffix* of *rotating-file-audit-log* is optional, but if not filled, following exception occure:
> {code}
> MSC000001: Failed to start service org.wildfly.security.security-event-listener.myAppRotate: org.jboss.msc.service.StartException in service org.wildfly.security.security-event-listener.myAppRotate: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: Illegal pattern character 'n'
> at java.text.SimpleDateFormat.compile(SimpleDateFormat.java:826)
> at java.text.SimpleDateFormat.initialize(SimpleDateFormat.java:634)
> at java.text.SimpleDateFormat.<init>(SimpleDateFormat.java:605)
> at java.text.SimpleDateFormat.<init>(SimpleDateFormat.java:580)
> at org.wildfly.security.audit.RotatingFileAuditEndpoint$Builder.setSuffix(RotatingFileAuditEndpoint.java:289)
> at org.wildfly.extension.elytron.AuditResourceDefinitions$2.lambda$getValueSupplier$2(AuditResourceDefinitions.java:247)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> ... 3 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFLY-8819) Remove username="$local" workaround from default domain host slave configuration
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-8819?page=com.atlassian.jira.plugin.... ]
Brian Stansberry moved JBEAP-11062 to WFLY-8819:
------------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-8819 (was: JBEAP-11062)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Domain Management
Security
(was: Domain Management)
(was: Security)
Affects Version/s: (was: 7.1.0.DR18)
> Remove username="$local" workaround from default domain host slave configuration
> --------------------------------------------------------------------------------
>
> Key: WFLY-8819
> URL: https://issues.jboss.org/browse/WFLY-8819
> Project: WildFly
> Issue Type: Bug
> Components: Domain Management, Security
> Reporter: Michal Jurc
> Assignee: Brian Stansberry
>
> Currently, the default {{host-slave.xml}} configuration reads as follows:
> {code:xml|title=host-slave.xml} <domain-controller>
> <remote username="$local" security-realm="ManagementRealm">
> <discovery-options>
> <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}"/>
> </discovery-options>
> </remote>
> </domain-controller>{code}
> As the local silent authentication functionality has been fixed, the {{username="$local"}} attribute in {{remote}} element can be removed.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFLY-8818) Skip VirtualHostTestCase#testDefaultHost if ServerAddress is not localhost
by Petr Kremensky (JIRA)
[ https://issues.jboss.org/browse/WFLY-8818?page=com.atlassian.jira.plugin.... ]
Petr Kremensky moved JBEAP-11061 to WFLY-8818:
----------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-8818 (was: JBEAP-11061)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Test Suite
(was: Test Suite)
Affects Version/s: (was: 7.1.0.DR18)
> Skip VirtualHostTestCase#testDefaultHost if ServerAddress is not localhost
> --------------------------------------------------------------------------
>
> Key: WFLY-8818
> URL: https://issues.jboss.org/browse/WFLY-8818
> Project: WildFly
> Issue Type: Enhancement
> Components: Test Suite
> Reporter: Petr Kremensky
> Assignee: Petr Kremensky
>
> VirtualHostTestCase#testDefaultHost pass in case when ServerAddress (node0 property) is bind to localhost, or an alias in /etc/hosts file pointing ServerAddress to localhost exists.
> We are using a non localhost address as ServerAddress and the test is always failing in our environment.
> See JBEAP-6934 for more details.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (REMJMX-142) Elytron, JMX client fails to work when the JVM is running in FIPS mode
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/REMJMX-142?page=com.atlassian.jira.plugin... ]
Darran Lofthouse resolved REMJMX-142.
-------------------------------------
Resolution: Done
> Elytron, JMX client fails to work when the JVM is running in FIPS mode
> ----------------------------------------------------------------------
>
> Key: REMJMX-142
> URL: https://issues.jboss.org/browse/REMJMX-142
> Project: Remoting JMX
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
> Fix For: 3.0.0.Beta5
>
>
> The JMX client fails to work when the JVM is running in FIPS mode.
> There should be possible to configure client ssl context with Elytron. However doing so, still javax.net.ssl.SSLContext.getDefault() is called which fails with the following stacktrace:
> {code:title=server.log}
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Completed open of endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 1 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote)
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote': Remoting remote connection provider 42a0d0b7 for endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 2 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+tls)
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+tls': Remoting remote connection provider 7dc22d9b for endpoint "endpoint" <67ce59be>
> 10:55:00,762 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 3 of endpoint "endpoint" <67ce59be> (opened Connection provider for remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remoting': Remoting remote connection provider 194d9579 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 4 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+http)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+http': Remoting remote connection provider 21f0cb0a for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 5 of endpoint "endpoint" <67ce59be> (opened Connection provider for remote+https)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'remote+https': Remoting remote connection provider 27b862 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 6 of endpoint "endpoint" <67ce59be> (opened Connection provider for http-remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'http-remoting': Remoting remote connection provider 422cda30 for endpoint "endpoint" <67ce59be>
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Allocated tick to 7 of endpoint "endpoint" <67ce59be> (opened Connection provider for https-remoting)
> 10:55:00,763 TRACE [org.jboss.remoting.endpoint] (default task-1) Adding connection provider registration named 'https-remoting': Remoting remote connection provider 55cb3d77 for endpoint "endpoint" <67ce59be>
> 10:55:00,764 WARN [org.jboss.remotingjmx.Util] (default task-1) The protocol 'remoting-jmx' is deprecated, instead you should use 'remote'.
> 10:55:00,764 TRACE [org.wildfly.security] (default task-1) getAuthenticationConfiguration uri=remote://localhost:9999, protocolDefaultPort=-1, abstractType=null, abstractTypeAuthority=null, purpose=null, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-port=9999]
> 10:55:00,764 WARN [org.jboss.remotingjmx.Util] (default task-1) The protocol 'remoting-jmx' is deprecated, instead you should use 'remote'.
> 10:55:00,765 TRACE [org.wildfly.security] (default task-1) getAuthenticationConfiguration uri=remote://localhost:9999, protocolDefaultPort=-1, abstractType=null, abstractTypeAuthority=null, purpose=connect, MatchRule=[], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-port=9999]
> 10:55:00,772 INFO [stdout] (default task-1) *** Error:JBREM000212: Failed to configure SSL context
> 10:55:00,773 ERROR [stderr] (default task-1) java.io.IOException: JBREM000212: Failed to configure SSL context
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:497)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:487)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.internalRemotingConnect(RemotingConnector.java:241)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.internalConnect(RemotingConnector.java:158)
> 10:55:00,773 ERROR [stderr] (default task-1) at org.jboss.remotingjmx.RemotingConnector.connect(RemotingConnector.java:105)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
> 10:55:00,773 ERROR [stderr] (default task-1) at com.redhat.eap.qe.fips.standalone.elytron.client.jmx.JmxClientServlet.doGet(JmxClientServlet.java:33)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> 10:55:00,773 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> 10:55:00,773 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> 10:55:00,774 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,774 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704)
> 10:55:00,775 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
> 10:55:00,776 ERROR [stderr] (default task-1) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.lang.Thread.run(Thread.java:745)
> 10:55:00,776 ERROR [stderr] (default task-1) Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
> 10:55:00,776 ERROR [stderr] (default task-1) at java.security.Provider$Service.newInstance(Provider.java:1617)
> 10:55:00,776 ERROR [stderr] (default task-1) at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
> 10:55:00,776 ERROR [stderr] (default task-1) at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
> 10:55:00,777 ERROR [stderr] (default task-1) at org.wildfly.security.auth.client.AuthenticationContextConfigurationClient.getSSLContext(AuthenticationContextConfigurationClient.java:183)
> 10:55:00,777 ERROR [stderr] (default task-1) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:495)
> 10:55:00,777 ERROR [stderr] (default task-1) ... 46 more
> 10:55:00,777 ERROR [stderr] (default task-1) Caused by: java.security.KeyStoreException: FIPS mode: KeyStore must be from provider SunPKCS11-testPkcs
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:67)
> 10:55:00,777 ERROR [stderr] (default task-1) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:874)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:732)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> 10:55:00,777 ERROR [stderr] (default task-1) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> 10:55:00,778 ERROR [stderr] (default task-1) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> 10:55:00,778 ERROR [stderr] (default task-1) at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> 10:55:00,778 ERROR [stderr] (default task-1) at java.security.Provider$Service.newInstance(Provider.java:1595)
> 10:55:00,778 ERROR [stderr] (default task-1) ... 52 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFCORE-2853) Referral mode 'throw' for searching groups in legacy LDAP realm causes NPE
by Ondrej Lukas (JIRA)
Ondrej Lukas created WFCORE-2853:
------------------------------------
Summary: Referral mode 'throw' for searching groups in legacy LDAP realm causes NPE
Key: WFCORE-2853
URL: https://issues.jboss.org/browse/WFCORE-2853
Project: WildFly Core
Issue Type: Bug
Components: Domain Management, Security
Reporter: Ondrej Lukas
Assignee: Brian Stansberry
When referral mode 'throw' is configured for LDAP outbound connection which is used by legacy LDAP security realm and its groups are assigned through principal-to-group LDAP authorization then it finishes with NPE. It causes that Management Console returns status 500 when referral mode 'throw' is used for group searching user includes referral role.
It can be reproduced by using configuration from [1] with referral mode 'throw'.
Thrown exception on trace level:
{code}
TRACE [org.wildfly.security] (management task-1) BASIC: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:176)
at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114)
at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:98)
at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:154)
... 12 more
Caused by: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:336)
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getAuthorizationIdentity(LdapSubjectSupplementalService.java:319)
at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.getAuthorizationIdentity(AggregateSecurityRealm.java:157)
at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1797)
at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1826)
at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:477)
at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:472)
at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:757)
at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:735)
at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:92)
... 13 more
Caused by: java.io.IOException: java.lang.NullPointerException
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:203)
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:334)
... 23 more
Caused by: java.lang.NullPointerException
at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:315)
at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:221)
at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225)
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroupEntries(LdapSubjectSupplementalService.java:250)
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:227)
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:220)
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:194)
... 24 more
{code}
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1417272#c1
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months
[JBoss JIRA] (WFCORE-2853) Referral mode 'throw' for searching groups in legacy LDAP realm causes NPE
by Ondrej Lukas (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2853?page=com.atlassian.jira.plugi... ]
Ondrej Lukas updated WFCORE-2853:
---------------------------------
Affects Version/s: 3.0.0.Beta21
> Referral mode 'throw' for searching groups in legacy LDAP realm causes NPE
> --------------------------------------------------------------------------
>
> Key: WFCORE-2853
> URL: https://issues.jboss.org/browse/WFCORE-2853
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Security
> Affects Versions: 3.0.0.Beta21
> Reporter: Ondrej Lukas
> Assignee: Brian Stansberry
>
> When referral mode 'throw' is configured for LDAP outbound connection which is used by legacy LDAP security realm and its groups are assigned through principal-to-group LDAP authorization then it finishes with NPE. It causes that Management Console returns status 500 when referral mode 'throw' is used for group searching user includes referral role.
> It can be reproduced by using configuration from [1] with referral mode 'throw'.
> Thrown exception on trace level:
> {code}
> TRACE [org.wildfly.security] (management task-1) BASIC: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
> at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:176)
> at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114)
> at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
> at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
> at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
> at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
> at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
> at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
> at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:98)
> at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:154)
> ... 12 more
> Caused by: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:336)
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getAuthorizationIdentity(LdapSubjectSupplementalService.java:319)
> at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.getAuthorizationIdentity(AggregateSecurityRealm.java:157)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1797)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1826)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:477)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:472)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:757)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:735)
> at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
> at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:92)
> ... 13 more
> Caused by: java.io.IOException: java.lang.NullPointerException
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:203)
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:334)
> ... 23 more
> Caused by: java.lang.NullPointerException
> at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:315)
> at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:221)
> at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225)
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroupEntries(LdapSubjectSupplementalService.java:250)
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:227)
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:220)
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:194)
> ... 24 more
> {code}
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1417272#c1
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 11 months