11:36 a.m.
[
https://issues.jboss.org/browse/WFLY-7289?page=com.atlassian.jira.plugin....
]
Darran Lofthouse commented on WFLY-7289:
----------------------------------------
I have merged the pull request as it adds additional logging but there is still the
problem that the server should be able to come up even if the LDAP server is unavailable.
Adding ldap-key-store requires accessible ldap server
-----------------------------------------------------
Key: WFLY-7289
URL: https://issues.jboss.org/browse/WFLY-7289
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 11.0.0.Alpha1
Reporter: Martin Choma
Assignee: Jan Kalina
Priority: Critical
Playing with ldap-key-store . What I consider very unconvenient is fact, that in moment
of adding ldap-key-store, ldap server has to be running and accessible. Elytron ldap-realm
does not need that. Doubt about legacy security realms. Is it possible to decouple that
dependency and leave that check till first ldap-key-store usage?
Steps to reproduce:
{code}
[standalone@localhost:9990 /] /subsystem=elytron/dir-context=a:add()
{"outcome" => "success"}
[standalone@localhost:9990 /] /subsystem=elytron/ldap-key-store=a:add(dir-context=a,
search-path="a")
{
"outcome" => "failed",
"rolled-back" => true
}
{code}
leads to exception in server log
{code}
14:37:25,917 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 1) WFLYCTL0403: Unexpected failure during execution of the
following operation(s): [{
"address" => [
("subsystem" => "elytron"),
("ldap-key-store" => "a")
],
"operation" => "add",
"search-path" => "a",
"dir-context" => "a",
"operation-headers" => {
"caller-type" => "user",
"access-mechanism" => "NATIVE"
}
}]: java.lang.IllegalStateException: ELY02015: Failed to obtain DirContext
at
org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:126)
at org.wildfly.security.keystore.LdapKeyStoreSpi.engineSize(LdapKeyStoreSpi.java:381)
at java.security.KeyStore.size(KeyStore.java:1271)
at
org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineSize(DelegatingKeyStoreSpi.java:121)
at java.security.KeyStore.size(KeyStore.java:1271)
at
org.wildfly.extension.elytron.KeyStoreResource.containsAliases(KeyStoreResource.java:163)
at
org.wildfly.extension.elytron.KeyStoreResource.getChildTypes(KeyStoreResource.java:61)
at
org.jboss.as.controller.registry.AbstractModelResource$DelegateResource.getChildTypes(AbstractModelResource.java:372)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:287)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:291)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:291)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:250)
at org.jboss.as.controller.ModelControllerImpl.writeModel(ModelControllerImpl.java:787)
at
org.jboss.as.controller.OperationContextImpl.createPersistenceResource(OperationContextImpl.java:520)
at
org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:758)
at
org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:709)
at
org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382)
at
org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363)
at
org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410)
at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232)
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213)
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136)
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
at
org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
at
org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: javax.naming.NamingException: Cannot parse url: undefined [Root exception is
java.net.MalformedURLException: Invalid URI: undefined]
at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:92)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:163)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
at
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at
org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.createDirContext(SimpleDirContextFactoryBuilder.java:286)
at
org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.obtainDirContext(SimpleDirContextFactoryBuilder.java:222)
at
org.wildfly.extension.elytron.DirContextDefinition.lambda$null$0(DirContextDefinition.java:148)
at
org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:120)
... 39 more
Caused by: java.net.MalformedURLException: Invalid URI: undefined
at com.sun.jndi.toolkit.url.Uri.parse(Uri.java:199)
at com.sun.jndi.toolkit.url.Uri.init(Uri.java:138)
at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:82)
... 56 more
{code}
--
This message was sent by Atlassian JIRA
(v7.2.2#72004)
3478
days inactive
3478
days old
0 comments
1 participants
participants (1)
-
Darran Lofthouse (JIRA)