[jboss-jira] [JBoss JIRA] (WFCORE-4950) Regression: Legacy Ldap Realm securing EJB with JDK8 not working

Ricardo Martin Camarero (Jira) issues at jboss.org
Thu Apr 30 04:00:02 EDT 2020 

    [ https://issues.redhat.com/browse/WFCORE-4950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14067624#comment-14067624 ] 

Ricardo Martin Camarero commented on WFCORE-4950:
-------------------------------------------------

Checking the changes in the {{module.xml}} file for that module:

1. The {{sun.jdk}} was removed in [WFCORE-3705|https://github.com/wildfly/wildfly-core/commit/b48ea664f8129920ccde8b404d0cb295c93e4547#diff-1f7b02f9789aacd8453df6da96f70500] when new jdk modules were integrated.
2. But later {{java.naming}} was added in a workaround for [WFLY-10394|https://github.com/wildfly/wildfly-core/commit/8d52d23e3158723e867587d2c1db809ade6defa2#diff-1f7b02f9789aacd8453df6da96f70500] and it includes the class {{com.sun.jndi.ldap.LdapCtxFactory}}.
3. But {{java.naming}} was removed later in [WFCORE-4531|https://github.com/wildfly/wildfly-core/commit/08bbe43df448b46b67f4cc83f4424e07fa048723#diff-1f7b02f9789aacd8453df6da96f70500].
4. But between 2 and 3 the module {{jdk.security.auth}} was added in [WFCORE-3889|https://github.com/wildfly/wildfly-core/commit/81b9a7c64b9a27b3f562f520b1a760b446732af4#diff-1f7b02f9789aacd8453df6da96f70500], which in jdk requires transitive the {{java.naming}} ([see this|https://hg.openjdk.java.net/jdk/jdk11/file/1ddf9a99e4ad/src/jdk.security.auth/share/classes/module-info.java]). That makes it work in jdk-11 (removing that module I see the same exception using jdk-11).

So I'm going to add back the {{java.naming}} module, I think that it is included in jdk-11 because of the transitive tag but not in jdk-8 (jboss-modules seems to not add that transitive inclusion). I'll send the PR and we can argue about it later.

> Regression: Legacy Ldap Realm securing EJB with JDK8 not working
> ----------------------------------------------------------------
>
>                 Key: WFCORE-4950
>                 URL: https://issues.redhat.com/browse/WFCORE-4950
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 12.0.0.Beta1
>            Reporter: Ricardo Martin Camarero
>            Assignee: Ricardo Martin Camarero
>            Priority: Critical
>
> WFCORE issue related to JBEAP-19195. The root exception is the following:
> {noformat}
> javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "org.wildfly.extension.io" version 12.0.0.Beta1 from local module loader @5f2108b5 (finder: local module finder @31a5c39e (roots: /home/rmartinc/wildfly-20.0.0.Beta1-SNAPSHOT/modules,/home/rmartinc/wildfly-20.0.0.Beta1-SNAPSHOT/modules/system/layers/base)) [Root exception is java.lang.ClassNotFoundException: com.sun.jndi.ldap.LdapCtxFactory from [Module "org.wildfly.extension.io" version 12.0.0.Beta1 from local module loader @5f2108b5 (finder: local module finder @31a5c39e (roots: /home/rmartinc/wildfly-20.0.0.Beta1-SNAPSHOT/modules,/home/rmartinc/wildfly-20.0.0.Beta1-SNAPSHOT/modules/system/layers/base))]]
>  	at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:120)
>  	at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)
>  	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
>  	at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)
>  	at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
>  	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
>  	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
>  	at javax.naming.InitialContext.init(InitialContext.java:244)
>  	at javax.naming.InitialContext.<init>(InitialContext.java:216)
>  	at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
>  	at org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService.getConnection(LdapConnectionManagerService.java:272)
>  	at org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService.getConnection(LdapConnectionManagerService.java:184)
>  	at org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService.getConnection(LdapConnectionManagerService.java:180)
>  	at org.jboss.as.domain.management.security.LdapConnectionHandler.getConnection(LdapConnectionHandler.java:78)
>  	at org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:125)
>  	at org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:66)
>  	at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:232)
>  	at org.jboss.as.domain.management.security.UserLdapCallbackHandler$SecurityRealmImpl.getRealmIdentity(UserLdapCallbackHandler.java:339)
>  	at org.jboss.as.domain.management.security.SecurityRealmService$SharedStateSecurityRealm.getRealmIdentity(SecurityRealmService.java:776)
>  	at org.wildfly.security.auth.server.ServerAuthenticationContext.assignName(ServerAuthenticationContext.java:1197)
>  	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.setPrincipal(ServerAuthenticationContext.java:1726)
>  	at org.wildfly.security.auth.server.ServerAuthenticationContext.setAuthenticationPrincipal(ServerAuthenticationContext.java:410)
>  	at org.wildfly.security.auth.server.ServerAuthenticationContext.setAuthenticationName(ServerAuthenticationContext.java:384)
>  	at org.wildfly.security.auth.server.ServerAuthenticationContext.setAuthenticationName(ServerAuthenticationContext.java:368)
>  	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:912)
>  	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:853)
>  	at org.wildfly.security.auth.callback.SocketAddressQueryCallbackHandler.handle(SocketAddressQueryCallbackHandler.java:57)
>  	at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:105)
>  	at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:118)
>  	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
>  	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110)
>  	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)
>  	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
>  	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
>  	at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:484)
>  	at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991)
>  	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
>  	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
>  	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
>  	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
>  	at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.ClassNotFoundException: com.sun.jndi.ldap.LdapCtxFactory from [Module "org.wildfly.extension.io" version 12.0.0.Beta1 from local module loader @5f2108b5 (finder: local module finder @31a5c39e (roots: /home/rmartinc/wildfly-20.0.0.Beta1-SNAPSHOT/modules,/home/rmartinc/wildfly-20.0.0.Beta1-SNAPSHOT/modules/system/layers/base))]
>  	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255)
>  	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
>  	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
>  	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
>  	at java.lang.Class.forName0(Native Method)
>  	at java.lang.Class.forName(Class.java:348)
>  	at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:115)
>  	... 40 more
> {noformat}



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list