Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-4167

fabric-git-server defaults to admin role and may only be associated with one role

    Details

    • Sprint:
      6.3 Sprint 4 (Mar 28 - Apr 29)
    • Steps to Reproduce:
      Hide

      1. Create a Fabric
      2. I'm on 6.2 P2 plus HF4, HF9 and HF10 although I do not believe this matters
      3. update password accordingly and compile attached ldap bundle
      4. Deploy to root container
      5. tester5 is only assigned to the SuperUser group and one will see the error immediately. tester4 is in the admin group and works as expected.

      Show
      1. Create a Fabric 2. I'm on 6.2 P2 plus HF4, HF9 and HF10 although I do not believe this matters 3. update password accordingly and compile attached ldap bundle 4. Deploy to root container 5. tester5 is only assigned to the SuperUser group and one will see the error immediately. tester4 is in the admin group and works as expected.

      Description

      We have a user that is associated only with the SuperUser role. With debug logging enabled we can see the following error:

      2015-10-08 14:44:17,237 | DEBUG | =git-upload-pack | GitSecureHttpContext             | 102 - io.fabric8.fabric-git-server - 1.2.0.redhat-133 | Login failed
      javax.security.auth.login.FailedLoginException: User does not have the required role: admin
      	at io.fabric8.git.http.GitSecureHttpContext.doAuthenticate(GitSecureHttpContext.java:184)[102:io.fabric8.fabric-git-server:1.2.0.redhat-133]
      	at io.fabric8.git.http.GitSecureHttpContext.handleSecurity(GitSecureHttpContext.java:127)[102:io.fabric8.fabric-git-server:1.2.0.redhat-133]
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:68)[101:org.ops4j.pax.web.pax-web-jetty:3.2.3]
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:240)[101:org.ops4j.pax.web.pax-web-jetty:3.2.3]
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:75)[101:org.ops4j.pax.web.pax-web-jetty:3.2.3]
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.Server.handle(Server.java:366)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[94:org.eclipse.jetty.aggregate.jetty-all-server:8.1.17.v20150415]
      	at java.lang.Thread.run(Thread.java:745)[:1.8.0_51]
      

      Creating io.fabric8.git.server.properties to the default.profile:

      # Add properties here
      role=SuperUser
      

      I've also noted that this role may only be set to one user. Specifying additional roles here results in an error:

      2015-10-08 15:21:16,739 | DEBUG | p1785143401-3787 | GitSecureHttpContext             | 102 - io.fabric8.fabric-git-server - 1.2.0.redhat-133 | Login failed
      javax.security.auth.login.FailedLoginException: User does not have the required role: SuperUser, admin
      

      This file should be provided and we should be able to set multiple roles

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                sonicaaaa Paolo Antinori
                Reporter:
                sjavurek Susan Javurek
                Tester:
                Andrej Vano
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: