[jboss-jira] [JBoss JIRA] (WFLY-7289) Adding ldap-key-store requires accessible ldap server

Martin Choma (JIRA) issues at jboss.org
Fri Oct 14 03:38:01 EDT 2016 

     [ https://issues.jboss.org/browse/WFLY-7289?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma updated WFLY-7289:
-------------------------------
    Priority: Critical  (was: Major)


> Adding ldap-key-store requires accessible ldap server
> -----------------------------------------------------
>
>                 Key: WFLY-7289
>                 URL: https://issues.jboss.org/browse/WFLY-7289
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 11.0.0.Alpha1
>            Reporter: Martin Choma
>            Priority: Critical
>
> Playing with ldap-key-store . What I consider very unconvenient is fact, that in moment of adding ldap-key-store, ldap server has to be running and accessible. Elytron ldap-realm does not need that. Doubt about legacy security realms. Is it possible to decouple that dependency and leave that check till first ldap-key-store usage?
> Steps to reproduce:
> {code}
> [standalone at localhost:9990 /] /subsystem=elytron/dir-context=a:add()
> {"outcome" => "success"}
> [standalone at localhost:9990 /] /subsystem=elytron/ldap-key-store=a:add(dir-context=a, search-path="a")
> {
>     "outcome" => "failed",
>     "rolled-back" => true
> }
> {code}
> leads to exception in server log
> {code}
> 14:37:25,917 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
>     "address" => [
>         ("subsystem" => "elytron"),
>         ("ldap-key-store" => "a")
>     ],
>     "operation" => "add",
>     "search-path" => "a",
>     "dir-context" => "a",
>     "operation-headers" => {
>         "caller-type" => "user",
>         "access-mechanism" => "NATIVE"
>     }
> }]: java.lang.IllegalStateException: ELY02015: Failed to obtain DirContext
> 	at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:126)
> 	at org.wildfly.security.keystore.LdapKeyStoreSpi.engineSize(LdapKeyStoreSpi.java:381)
> 	at java.security.KeyStore.size(KeyStore.java:1271)
> 	at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineSize(DelegatingKeyStoreSpi.java:121)
> 	at java.security.KeyStore.size(KeyStore.java:1271)
> 	at org.wildfly.extension.elytron.KeyStoreResource.containsAliases(KeyStoreResource.java:163)
> 	at org.wildfly.extension.elytron.KeyStoreResource.getChildTypes(KeyStoreResource.java:61)
> 	at org.jboss.as.controller.registry.AbstractModelResource$DelegateResource.getChildTypes(AbstractModelResource.java:372)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:287)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:291)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:291)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
> 	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:250)
> 	at org.jboss.as.controller.ModelControllerImpl.writeModel(ModelControllerImpl.java:787)
> 	at org.jboss.as.controller.OperationContextImpl.createPersistenceResource(OperationContextImpl.java:520)
> 	at org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:758)
> 	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:709)
> 	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382)
> 	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363)
> 	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410)
> 	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:422)
> 	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
> 	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
> 	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> 	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> Caused by: javax.naming.NamingException: Cannot parse url: undefined [Root exception is java.net.MalformedURLException: Invalid URI: undefined]
> 	at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:92)
> 	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:163)
> 	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
> 	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
> 	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
> 	at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
> 	at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
> 	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
> 	at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
> 	at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
> 	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
> 	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
> 	at javax.naming.InitialContext.init(InitialContext.java:244)
> 	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
> 	at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.createDirContext(SimpleDirContextFactoryBuilder.java:286)
> 	at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.obtainDirContext(SimpleDirContextFactoryBuilder.java:222)
> 	at org.wildfly.extension.elytron.DirContextDefinition.lambda$null$0(DirContextDefinition.java:148)
> 	at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:120)
> 	... 39 more
> Caused by: java.net.MalformedURLException: Invalid URI: undefined
> 	at com.sun.jndi.toolkit.url.Uri.parse(Uri.java:199)
> 	at com.sun.jndi.toolkit.url.Uri.init(Uri.java:138)
> 	at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:82)
> 	... 56 more
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list