[
https://issues.jboss.org/browse/WFCORE-2258?page=com.atlassian.jira.plugi...
]
Martin Choma updated WFCORE-2258:
---------------------------------
Description:
In case of securing management interface with ldap in security realm. When nonexistent
user is provided, EAP answers with {{500}} http status code. It is different behaviour
compared to wildfly 10.1, which returns {{401}}. I think http status code {{401}} is
proper in this situation, because it is client fault (e.g. typo in username) and can be
repaired on client side.
{code:title=server.log}
10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling
MechanismInformationCallback
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling
AvailableRealmsCallback: realms = [ldap-realm]
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback:
selected = [ldap-realm]
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback:
authenticationName = anil
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil],
pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm
rewritten: [anil]
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non
caching search for 'anil'
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Performing single level search
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Searching for user 'anil' using filter '(uid={0})'.
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost.localdomain:10389,
java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***,
java.naming.referral=ignore})
10:49:18,749 WARN
[org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
(pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User
'anil' not found in directory.
{code}
was:
In case of securing management interface with ldap in security realm. When nonexistent
user is provided, EAP answers with {{500}} http status code. It is different behaviour
compared to EAP 7.0, which returns {{401}}. I think http status code {{401}} is proper in
this situation, because it is client fault (e.g. typo in username) and can be repaired on
client side.
{code:title=server.log}
10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling
MechanismInformationCallback
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling
AvailableRealmsCallback: realms = [ldap-realm]
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback:
selected = [ldap-realm]
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback:
authenticationName = anil
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil],
pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm
rewritten: [anil]
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non
caching search for 'anil'
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Performing single level search
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Searching for user 'anil' using filter '(uid={0})'.
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost.localdomain:10389,
java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***,
java.naming.referral=ignore})
10:49:18,749 WARN
[org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
(pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User
'anil' not found in directory.
{code}
500 return for nonexistent user in legacy ldap security realm
-------------------------------------------------------------
Key: WFCORE-2258
URL:
https://issues.jboss.org/browse/WFCORE-2258
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Blocker
Labels: eap71_alpha, regression
In case of securing management interface with ldap in security realm. When nonexistent
user is provided, EAP answers with {{500}} http status code. It is different behaviour
compared to wildfly 10.1, which returns {{401}}. I think http status code {{401}} is
proper in this situation, because it is client fault (e.g. typo in username) and can be
repaired on client side.
{code:title=server.log}
10:49:18,745 TRACE [org.wildfly.security] (management task-10) Handling
MechanismInformationCallback
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling
AvailableRealmsCallback: realms = [ldap-realm]
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling RealmCallback:
selected = [ldap-realm]
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Handling NameCallback:
authenticationName = anil
10:49:18,746 TRACE [org.wildfly.security] (management task-10) Name assigning: [anil],
pre-realm rewritten: [anil], realm name: [PLAIN], post realm rewritten: [anil], realm
rewritten: [anil]
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10) Non
caching search for 'anil'
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Performing single level search
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Searching for user 'anil' using filter '(uid={0})'.
10:49:18,746 TRACE [org.jboss.as.domain.management.security] (management task-10)
Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost.localdomain:10389,
java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***,
java.naming.referral=ignore})
10:49:18,749 WARN
[org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
(pool-7-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
10:49:18,750 TRACE [org.jboss.as.domain.management.security] (management task-10) User
'anil' not found in directory.
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)