Uploaded image for project: 'apiman (API Management)'
  1. apiman (API Management)
  2. APIMAN-797

Exception with status 500 on authentication failure when using LDAP

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 1.2.0.Final, 1.2.x
    • 1.2.x
    • None
    • None

    Description

      Providing no or invalid credentials when using BASIC auth policy with LDAP as credential store will lead to exception with response code 500. See bellow 

      HTTP/1.1 500 Internal Server Error
Connection: keep-alive
X-Powered-By: Undertow/1
Server: WildFly/8
Content-Type: application/json
Content-Length: 7653
X-Gateway-Error: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.apiman-gateway.war:main" from Service Module Loader
Date: Fri, 20 Nov 2015 14:36:41 GMT

{
    "responseCode": 500,
    "message": "JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module \"deployment.apiman-gateway.war:main\" from Service Module Loader",
    "trace": "javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module \"deployment.apiman-gateway.war:main\" from Service Module Loader [Root exception is javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=users,dc=example,dc=com]]\n\tat org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)\n\tat org.jboss.as.naming.InitialContext.init(InitialContext.java:99)\n\tat javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)\n\tat org.jboss.as.naming.InitialContext.<init>(InitialContext.java:90)\n\tat org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)\n\tat javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)\n\tat javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)\n\tat javax.naming.InitialContext.init(InitialContext.java:244)\n\tat javax.naming.InitialContext.<init>(InitialContext.java:216)\n\tat javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)\n\tat io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.validateAsServiceAccount(LDAPIdentityValidator.java:143)\n\tat io.apiman.gateway.engine.policies.auth.LDAPIdentityValidator.validate(LDAPIdentityValidator.java:90)\n\tat io.apiman.gateway.engine.policies.BasicAuthenticationPolicy.validateCredentials(BasicAuthenticationPolicy.java:165)\n\tat io.apiman.gateway.engine.policies.BasicAuthenticationPolicy.doApply(BasicAuthenticationPolicy.java:124)\n\tat io.apiman.gateway.engine.policies.BasicAuthenticationPolicy.doApply(BasicAuthenticationPolicy.java:45)\n\tat io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71)\n\tat io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65)\n\tat io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:251)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:203)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:396)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:366)\n\tat io.apiman.gateway.engine.policy.PolicyFactoryImpl.loadPolicy(PolicyFactoryImpl.java:89)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.loadPolicies(ServiceRequestExecutorImpl.java:366)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.access$1400(ServiceRequestExecutorImpl.java:77)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:274)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:259)\n\tat io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107)\n\tat io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97)\n\tat io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESRegistry.java:187)\n\tat io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(SecureRegistryWrapper.java:97)\n\tat io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(ServiceRequestExecutorImpl.java:258)\n\tat io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServlet.java:235)\n\tat io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServlet.java:81)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:687)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)\n\tat io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)\n\tat io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)\n\tat org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)\n\tat io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)\n\tat io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)\n\tat io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)\n\tat io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)\n\tat io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)\n\tat io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)\n\tat io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)\n\tat io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=users,dc=example,dc=com]\n\tat com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)\n\tat com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)\n\tat com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)\n\tat com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)\n\tat com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)\n\tat com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)\n\tat com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)\n\tat com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)\n\tat com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)\n\tat org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)\n\t... 61 more\n"
}

      I would expect the behaviour consistent with other credential storages – a message informing about auth failure and return code 401

      Attachments

        Activity

          People

            ewittman@redhat.com Eric Wittmann
            jcechace@redhat.com Jakub Čecháček
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: