Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5400

ChildContainers don't have correct RBAC configuration.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: jboss-fuse-6.3
    • Fix Version/s: jboss-fuse-6.3
    • Component/s: Fabric8 v1, Karaf
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      1. add user test=test,Administrator
      2. start with bin/start and connect with bin/client -u test
      3. fabric:create, container-create-child root test
      4. container-edit-jvm-options -f test

      Show
      1. add user test=test,Administrator 2. start with bin/start and connect with bin/client -u test 3. fabric:create, container-create-child root test 4. container-edit-jvm-options -f test
    • Sprint:
      Sprint 5 - towards ER2

      Description

      User with the only role "Administrator" can't access container jvm opts using container-edit-jvm-options -f , because it fails with:

      2016-04-27 10:44:26,750 | ERROR | Thread-51        | ContainerEditJvmOptionsAction    | 38 - org.apache.karaf.shell.console - 2.4.0.redhat-630045 | Unable to fetch child jvm opts
      		 
      java.lang.SecurityException: Insufficient roles/credentials for operation
      		 
      	at org.apache.karaf.management.KarafMBeanServerGuard.handleInvoke(KarafMBeanServerGuard.java:350)
      		 
      	at org.apache.karaf.management.KarafMBeanServerGuard.handleGetAttribute(KarafMBeanServerGuard.java:270)
      		 
      	at org.apache.karaf.management.KarafMBeanServerGuard.invoke(KarafMBeanServerGuard.java:88)
      		 
      	at org.apache.karaf.management.internal.MBeanInvocationHandler.invoke(MBeanInvocationHandler.java:43)
      		 
      	at com.sun.proxy.$Proxy2.getAttribute(Unknown Source)
      		 
      	at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1445)
      		 
      	at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76)
      		 
      	at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1309)
      		 
      	at java.security.AccessController.doPrivileged(Native Method)
      		 
      	at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1408)
      		 
      	at javax.management.remote.rmi.RMIConnectionImpl.getAttribute(RMIConnectionImpl.java:639)
      		 
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      		 
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      		 
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      		 
      	at java.lang.reflect.Method.invoke(Method.java:498)
      		 
      	at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:323)
      		 
      	at sun.rmi.transport.Transport$1.run(Transport.java:200)
      		 
      	at sun.rmi.transport.Transport$1.run(Transport.java:197)
      		 
      	at java.security.AccessController.doPrivileged(Native Method)
      		 
      	at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
      		 
      	at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
      		 
      	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
      		 
      	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683)
      		 
      	at java.security.AccessController.doPrivileged(Native Method)
      		 
      	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
      		 
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      		 
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      		 
      	at java.lang.Thread.run(Thread.java:745)
      		 
      	at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:276)
      		 
      	at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:253)
      		 
      	at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:162)
      		 
      	at com.sun.jmx.remote.internal.PRef.invoke(Unknown Source)
      		 
      	at javax.management.remote.rmi.RMIConnectionImpl_Stub.getAttribute(Unknown Source)
      		 
      	at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.getAttribute(RMIConnector.java:903)
      		 
      	at io.fabric8.commands.ContainerEditJvmOptionsAction.doExecute(ContainerEditJvmOptionsAction.java:118)
      		 
      	at org.apache.karaf.shell.console.AbstractAction.execute(AbstractAction.java:33)
      		 
      	at org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35)
      		 
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      		 
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      		 
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      		 
      	at java.lang.reflect.Method.invoke(Method.java:498)
      		 
      	at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54)
      		 
      	at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
      		 
      	at io.fabric8.commands.$ContainerEditJvmOptions1028037130.execute(Unknown Source)
      		 
      	at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)
      		 
      	at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)
      		 
      	at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)
      		 
      	at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)
      		 
      	at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)
      		 
      	at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)
      		 
      	at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:92)
      		 
      	at org.apache.karaf.shell.console.jline.Console.run(Console.java:197)
      		 
      	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1.runConsole(ShellFactoryImpl.java:173)
      		 
      	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1$1.run(ShellFactoryImpl.java:125)
      		 
      	at java.security.AccessController.doPrivileged(Native Method)
      		 
      	at org.apache.karaf.jaas.modules.JaasHelper.doAs(JaasHelper.java:47)
      		 
      	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1.run(ShellFactoryImpl.java:123)

      It's not about incorrect credentials, because it fails even with container-edit-jvm-options -u test -p test -f

        Gliffy Diagrams

          Attachments

            Issue Links

            relates to

            Bug - A problem which impairs or prevents the functions of the product. ENTESB-5402 SSHContainers don't have correct RBAC configuration.

            • Blocker - An issue (bug, feature, task) that blocks development and/or testing work, production could not run. An upcoming version that is affected by this issue cannot be released until it's addressed.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. ENTESB-5966 Error executing command: Insufficient credentials when we use JMX Mbeans for creating fabric & ssh containers

            • Blocker - An issue (bug, feature, task) that blocks development and/or testing work, production could not run. An upcoming version that is affected by this issue cannot be released until it's addressed.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. ENTESB-5118 Invalid BundleContext when installing patch feature to admin:created container

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. ENTESB-5186 container-stop operation may report wrong outcome

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. ENTESB-5443 fabric8 jboss-fuse-full profile is missing some ACL entries for fabric:* commands

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. ENTESB-5619 [itests] ARQ/pax-exam tests affected by package refresh

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

              Activity

                People

                • Assignee:
                  sonicaaaa Paolo Antinori
                  Reporter:
                  avano Andrej Vaňo
                  Tester:
                  Andrej Vaňo
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: