[jboss-jira] [JBoss JIRA] (WFCORE-2559) caching-realm with ldap-realm cannot be added when LDAP is unreachable

Ondrej Lukas (JIRA) issues at jboss.org
Mon Mar 20 04:37:00 EDT 2017 

Ondrej Lukas created WFCORE-2559:
------------------------------------

             Summary: caching-realm with ldap-realm cannot be added when LDAP is unreachable
                 Key: WFCORE-2559
                 URL: https://issues.jboss.org/browse/WFCORE-2559
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
            Reporter: Ondrej Lukas
            Assignee: Darran Lofthouse
            Priority: Critical


In case when caching-realm is used together with ldap-realm and LDAP server (which is used by that ldap-realm) is unreachable, then caching-realm cannot be added. 

This issue also causes that this realm service is not correctly started when server is started. It means that in case when LDAP server is unreachable during starting application server, then this realm will not work until it will be reloaded again and LDAP will be reachable.

Following exception occurs for CLI command:
{code}
/subsystem=elytron/caching-realm=some-cache-realm:add(realm=some-ldap-realm)
{
    "outcome" => "failed",
    "failure-description" => {
        "WFLYCTL0080: Failed services" => {"org.wildfly.security.security-realm.some-cache-realm" => "org.jboss.msc.service.StartException in service org.wildfly.security.security-realm.some-cache-realm: Failed to start service
    Caused by: java.lang.IllegalStateException: ELY01146: Ldap realm failed to register notification listener
    Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context
    Caused by: javax.naming.CommunicationException: 127.0.0.1:10389 [Root exception is java.net.ConnectException: Connection refused]
    Caused by: java.net.ConnectException: Connection refused"},
        "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.some-cache-realm"]
    },
    "rolled-back" => true
}
{code}

Following exception occurs in server log when mentioned above CLI command is executed:
{code}
ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.security.security-realm.some-cache-realm: org.jboss.msc.service.StartException in service org.wildfly.security.security-realm.some-cache-realm: Failed to start service
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: ELY01146: Ldap realm failed to register notification listener
	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.registerIdentityChangeListener(LdapSecurityRealm.java:153)
	at org.wildfly.security.auth.realm.CachingSecurityRealm.<init>(CachingSecurityRealm.java:60)
	at org.wildfly.security.auth.realm.CachingModifiableSecurityRealm.<init>(CachingModifiableSecurityRealm.java:53)
	at org.wildfly.extension.elytron.CachingRealmDefinition$RealmAddHandler.lambda$createService$0(CachingRealmDefinition.java:143)
	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
	... 3 more
Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context
	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.obtainContext(LdapSecurityRealm.java:187)
	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.registerIdentityChangeListener(LdapSecurityRealm.java:149)
	... 9 more
Caused by: javax.naming.CommunicationException: 127.0.0.1:10389 [Root exception is java.net.ConnectException: Connection refused]
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1613)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
	at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)
	at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)
	at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
	at javax.naming.InitialContext.init(InitialContext.java:244)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.createDirContext(SimpleDirContextFactoryBuilder.java:442)
	at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.obtainDirContext(SimpleDirContextFactoryBuilder.java:356)
	at org.wildfly.extension.elytron.DirContextDefinition.lambda$null$0(DirContextDefinition.java:227)
	at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.lambda$configureDirContext$0(LdapRealmDefinition.java:462)
	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.obtainContext(LdapSecurityRealm.java:185)
	... 10 more
Caused by: java.net.ConnectException: Connection refused
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:589)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
	... 32 more

09:26:07,954 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("caching-realm" => "some-cache-realm")
]) - failure description: {
    "WFLYCTL0080: Failed services" => {"org.wildfly.security.security-realm.some-cache-realm" => "org.jboss.msc.service.StartException in service org.wildfly.security.security-realm.some-cache-realm: Failed to start service
    Caused by: java.lang.IllegalStateException: ELY01146: Ldap realm failed to register notification listener
    Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context
    Caused by: javax.naming.CommunicationException: 127.0.0.1:10389 [Root exception is java.net.ConnectException: Connection refused]
    Caused by: java.net.ConnectException: Connection refused"},
    "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.some-cache-realm"]
}
{code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list