Uploaded image for project: 'JBoss BRMS Platform'
  1. JBoss BRMS Platform
  2. RHBRMS-3077

User/Group management does not work if SSL is enabled in management console

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 6.4.7
    • Fix Version/s: None
    • Component/s: Business Central
    • Labels:
    • Environment:

      BRMS 6.4
      EAP7.0

    • Target Release:
    • Steps to Reproduce:
      Hide

      1. enable SSL in management console by following steps in the document.

      https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#mgmt_interface_ssl

      2. modify decision-central.war/WEB-INF/classes/security-management.properties accordingly
      i.e. uncomment the following
      ~~~
      org.uberfire.ext.security.management.api.userManagementServices=WildflyCLIUserManagementService
      org.uberfire.ext.security.management.wildfly.cli.port=9993
      ~~~
      3. restart server and login decision central, open Home menu.
      => menu of 'User management' and 'Group management' are not shown.

      Show
      1. enable SSL in management console by following steps in the document. https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#mgmt_interface_ssl 2. modify decision-central.war/WEB-INF/classes/security-management.properties accordingly i.e. uncomment the following ~~~ org.uberfire.ext.security.management.api.userManagementServices=WildflyCLIUserManagementService org.uberfire.ext.security.management.wildfly.cli.port=9993 ~~~ 3. restart server and login decision central, open Home menu. => menu of 'User management' and 'Group management' are not shown.
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      use WildflyUserManagementService instead of WildflyCLIUserManagementService so that it can manage property files directly (not via CLI)

      e.g.
      ~~~
      org.uberfire.ext.security.management.api.userManagementServices=WildflyUserManagementService
      org.uberfire.ext.security.management.wildfly.properties.users-file-path=/PATH/TO/standalone/configuration/application-users.properties
      org.uberfire.ext.security.management.wildfly.properties.groups-file-path=/PATH/TO/standalone/configuration/application-roles.properties
      ~~~

      Show
      use WildflyUserManagementService instead of WildflyCLIUserManagementService so that it can manage property files directly (not via CLI) e.g. ~~~ org.uberfire.ext.security.management.api.userManagementServices=WildflyUserManagementService org.uberfire.ext.security.management.wildfly.properties.users-file-path=/PATH/TO/standalone/configuration/application-users.properties org.uberfire.ext.security.management.wildfly.properties.groups-file-path=/PATH/TO/standalone/configuration/application-roles.properties ~~~

      Description

      If SSL is enabled in EAP's management console like the following,

      2018-02-21 00:07:59,236 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0061: Http management interface listening on https://127.0.0.1:9993/management

      User management/Group management does not work with he following exception.
      ~~~
      16:10:02,950 INFO [org.uberfire.ext.security.management.BackendUserSystemManager] (default task-8) Using the user management service named 'WildflyCLIUserManagementService'
      16:10:03,038 ERROR [org.uberfire.ext.security.management.wildfly10.cli.Wildfly10ModelUtil]
      (default task-8) Error reading realm using CLI commands.:
      java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not
      connect to http-remoting://127.0.0.1:9993. The connection failed
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
      at org.uberfire.ext.security.management.wildfly10.cli.Wildfly10ModelUtil.getPropertiesFilePath(Wildfly10ModelUtil.java:72)
      at org.uberfire.ext.security.management.wildfly10.cli.Wildfly10UserPropertiesCLIManager.getPropertiesFilePath(Wildfly10UserPropertiesCLIManager.java:56)
      at org.uberfire.ext.security.management.wildfly.cli.BaseWildflyUserPropertiesCLIManager.getUsersPropertiesFilePath(BaseWildflyUserPropertiesCLIManager.java:56)
      at org.uberfire.ext.security.management.wildfly.cli.BaseWildflyUserPropertiesCLIManager.init(BaseWildflyUserPropertiesCLIManager.java:63)
      at org.uberfire.ext.security.management.wildfly.cli.BaseWildflyUserPropertiesCLIManager.initialize(BaseWildflyUserPropertiesCLIManager.java:75)
      at org.uberfire.ext.security.management.BackendUserSystemManager.initialize(BackendUserSystemManager.java:90)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.invokeMethods(DefaultLifecycleCallbackInvoker.java:98)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.postConstruct(DefaultLifecycleCallbackInvoker.java:81)
      at org.jboss.weld.injection.producer.BasicInjectionTarget.postConstruct(BasicInjectionTarget.java:126)
      at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:162)
      at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)
      at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:101)
      at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:141)
      at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
      at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:99)
      at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:125)
      at org.uberfire.ext.security.management.BackendUserSystemManager$Proxy$_$$_WeldClientProxy.users(Unknown Source)
      at org.uberfire.ext.security.management.service.UserManagerServiceImpl.init(UserManagerServiceImpl.java:51)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.invokeMethods(DefaultLifecycleCallbackInvoker.java:98)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.postConstruct(DefaultLifecycleCallbackInvoker.java:81)
      at org.jboss.weld.injection.producer.BasicInjectionTarget.postConstruct(BasicInjectionTarget.java:126)
      at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:162)
      at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)
      at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:101)
      at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:141)
      at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
      at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:99)
      at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:125)
      at org.uberfire.ext.security.management.service.UserManagerServiceImpl$Proxy$_$$_WeldClientProxy.getSettings(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.errai.bus.server.io.AbstractRPCMethodCallback.invokeMethodFromMessage(AbstractRPCMethodCallback.java:48)
      at org.jboss.errai.bus.server.io.ValueReplyRPCEndpointCallback.callback(ValueReplyRPCEndpointCallback.java:24)
      at org.jboss.errai.bus.server.io.RemoteServiceCallback.callback(RemoteServiceCallback.java:54)
      at org.jboss.errai.cdi.server.CDIExtensionPoints$2.callback(CDIExtensionPoints.java:410)
      at org.jboss.errai.bus.server.DeliveryPlan.deliver(DeliveryPlan.java:47)
      at org.jboss.errai.bus.server.ServerMessageBusImpl.sendGlobal(ServerMessageBusImpl.java:297)
      at org.jboss.errai.bus.server.SimpleDispatcher.dispatchGlobal(SimpleDispatcher.java:46)
      at org.jboss.errai.bus.server.service.ErraiServiceImpl.store(ErraiServiceImpl.java:97)
      at org.jboss.errai.bus.server.service.ErraiServiceImpl.store(ErraiServiceImpl.java:114)
      at org.jboss.errai.bus.server.servlet.DefaultBlockingServlet.doPost(DefaultBlockingServlet.java:142)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
      at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:69)
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:57)
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
      at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
      at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
      at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
      at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
      at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
      at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
      at io.undertow.server.Connectors.executeRootHandler(Connectors.java:324)
      at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:803)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:9993. The connection failed
      at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:122)
      at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:257)
      at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:71)
      at org.jboss.as.protocol.mgmt.FutureManagementChannel$Establishing.getChannel(FutureManagementChannel.java:212)
      at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:146)
      at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:65)
      at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:147)
      at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:122)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
      ... 92 more
      Caused by: java.io.EOFException: XNIO000812: Connection closed unexpectedly
      at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:416)
      at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:400)
      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
      at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
      at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
      at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)
      at ...asynchronous invocation...(Unknown Source)
      at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:294)
      at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:276)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:393)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:381)
      at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:83)
      at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:114)
      ... 102 more"

      ~~~

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  roger600 Roger Martinez
                  Reporter:
                  hiroko Hiroko Miura
                  Tester:
                  Tomas David
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: