[infinispan-issues] [JBoss JIRA] (ISPN-4669) Loading LDAP roles fails when some principal hasn't LDAP record
Vojtech Juranek (JIRA)
issues at jboss.org
Tue Aug 26 15:27:59 EDT 2014
Vojtech Juranek created ISPN-4669:
-------------------------------------
Summary: Loading LDAP roles fails when some principal hasn't LDAP record
Key: ISPN-4669
URL: https://issues.jboss.org/browse/ISPN-4669
Project: Infinispan
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Server
Reporter: Vojtech Juranek
Assignee: Tristan Tarrant
In server mode, when loading the roles from LDAP (e.g. scenario GSSAPI authentization and authorization is delegate to LDAP), it fails with following exception when some principal (typically {{InetAddressPrincipal}}) hasn't a record in LDAP:
{noformat}
Caused by: java.lang.SecurityException: JDGS010022: Cannot retrieve authorization information for user admin at INFINISPAN.ORG
at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider$GSSAPIEndpointAuthorizingCallbackHandler.getSubjectUserInfo(EndpointServerAuthenticationProvider.java:96) [infinispan-server-endpoints-7.0.0-SNAPSHOT.
jar:7.0.0-SNAPSHOT]
at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:238) [infinispan.jar:7.0.0-SNAPSHOT]
at org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:152) [infinispan.jar:7.0.0-SNAPSHOT]
at org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:148) [infinispan.jar:7.0.0-SNAPSHOT]
at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:96) [infinispan.jar:7.0.0-SNAPSHOT]
... 14 more
Caused by: java.io.IOException: javax.naming.NamingException: JBAS015231: User '127.0.0.1' not found in directory.
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:171) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at org.jboss.as.domain.management.security.SecurityRealmService$1.createSubjectUserInfo(SecurityRealmService.java:200) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider$GSSAPIEndpointAuthorizingCallbackHandler.getSubjectUserInfo(EndpointServerAuthenticationProvider.java:94) [infinispan-server-endpoints-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
... 18 more
Caused by: javax.naming.NamingException: JBAS015231: User '127.0.0.1' not found in directory.
at org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:130) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:67) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:223) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:184) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:163) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
... 20 more
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the infinispan-issues
mailing list