[jboss-jira] [JBoss JIRA] (WFCORE-2549) Elytron, kerberos-security-factory unintentionaly required attribute "options"

Martin Choma (JIRA) issues at jboss.org
Thu Mar 16 11:05:02 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma updated WFCORE-2549:
---------------------------------
    Labels:   (was: eap71_beta kerberos)


> Elytron, kerberos-security-factory unintentionaly required attribute "options"
> ------------------------------------------------------------------------------
>
>                 Key: WFCORE-2549
>                 URL: https://issues.jboss.org/browse/WFCORE-2549
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>
> *User impact:* User can't configure kerberos authentication without optional {{options}} attribute
> *Workaround:* Add any option, even if you don't need any. 
> {code}
> /subsystem=elytron/kerberos-security-factory=a:add(principal=HTTP/localhost at JBOSS.ORG, path=/somewhere, mechanism-oids=["1.2.840.113554.1.2.2","1.3.6.1.5.5.2"],options={a=b})
> {code}
> *Description:*
> If I try command which worked previously I get error
> {code}
> [standalone at localhost:9990 /] /subsystem=elytron/kerberos-security-factory=a:add(principal=HTTP/localhost at JBOSS.ORG, path=/somewhere, mechanism-oids=["1.2.840.113554.1.2.2","1.3.6.1.5.5.2"])
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
>     "rolled-back" => true
> }
> {code}
> In server.log there is this stacktrace
> {code}
> 15:00:53,476 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([
>     ("subsystem" => "elytron"),
>     ("kerberos-security-factory" => "a")
> ]): java.lang.IllegalArgumentException
> 	at org.jboss.dmr.ModelValue.asPropertyList(ModelValue.java:103)
> 	at org.jboss.dmr.ModelNode.asPropertyList(ModelNode.java:503)
> 	at org.wildfly.extension.elytron.KerberosSecurityFactoryDefinition$2.getValueSupplier(KerberosSecurityFactoryDefinition.java:168)
> 	at org.wildfly.extension.elytron.TrivialAddHandler.performRuntime(TrivialAddHandler.java:77)
> 	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151)
> 	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:979)
> 	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:722)
> 	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:441)
> 	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1388)
> 	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:421)
> 	at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:243)
> 	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:263)
> 	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:229)
> 	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:243)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:217)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:137)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:161)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
> 	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:287)
> 	at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:244)
> 	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254)
> 	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225)
> 	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:157)
> 	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
> 	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> 	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> {code}
> Adding optional {{options}} attribute makes command work again
> {code}
> [standalone at localhost:9990 /] /subsystem=elytron/kerberos-security-factory=a:add(principal=HTTP/localhost at JBOSS.ORG, path=/somewhere, mechanism-oids=["1.2.840.113554.1.2.2","1.3.6.1.5.5.2"],options={a=b})
> {"outcome" => "success"}
> {code}
> Attribute {{options}} is marked correctly optional in model. 
> {code}
> 	"options" => {
> 	    "type" => OBJECT,
> 	    "description" => "The Krb5LoginModule additional options.",
> 	    "expressions-allowed" => false,
> 	    "required" => false,
> 	    "nillable" => true,
> 	    "value-type" => STRING,
> 	    "access-type" => "read-write",
> 	    "storage" => "configuration",
> 	    "restart-required" => "no-services"
> 	},
> {code}
> Not setting as alpha blocker, as workaround exists.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list