Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7265

Adding Elytron ldap-realm through CLI throws IllegalArgumentException

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • 11.0.0.Alpha1
    • None
    • Security
    • None
    • Hide

      Firstly add dir-context which will be used by ldap-realm:

      /subsystem=elytron/dir-context=dir:add(url=someUrl)

      Try to add ldap-realm without identity-mapping.user-password-mapper. See also IllegalArgumentException in server log.

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id})
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
    "rolled-back" => true
}

      Try to add ldap-realm without identity-mapping.user-password-mapper.writable or identity-mapping.user-password-mapper.verifiable. See also IllegalArgumentException in server log.

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable=true}})
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
    "rolled-back" => true
}

      Try to add ldap-realm with both identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable=true,verifiable=true}})
{"outcome" => "success"}
      Show
      Firstly add dir-context which will be used by ldap-realm: /subsystem=elytron/dir-context=dir:add(url=someUrl) Try to add ldap-realm without identity-mapping.user-password-mapper . See also IllegalArgumentException in server log. /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id}) { "outcome" => "failed" , "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException" , "rolled-back" => true } Try to add ldap-realm without identity-mapping.user-password-mapper.writable or identity-mapping.user-password-mapper.verifiable . See also IllegalArgumentException in server log. /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable= true }}) { "outcome" => "failed" , "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException" , "rolled-back" => true } Try to add ldap-realm with both identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable= true ,verifiable= true }}) { "outcome" => "success" }

    Description

      In case when ldap-realm is added through CLI then IllegalArgumentException is thrown in all cases when values for identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable are not set.

      According to read-attribute operation these attributes (writable and verifiable) should has set default values hence they should not be required by CLI.

      Following exception is thrown to server log:

      ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("ldap-realm" => "ldap")
]): java.lang.IllegalArgumentException
	at org.jboss.dmr.ModelValue.asBoolean(ModelValue.java:69)
	at org.jboss.dmr.ModelNode.asBoolean(ModelNode.java:267)
	at org.wildfly.extension.elytron.LdapRealmDefinition$UserPasswordCredentialMappingObjectDefinition.configure(LdapRealmDefinition.java:163)
	at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.configureIdentityMapping(LdapRealmDefinition.java:420)
	at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.performRuntime(LdapRealmDefinition.java:375)
	at org.jboss.as.controller.AbstractAddStepHandler.performRuntime(AbstractAddStepHandler.java:337)
	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151)
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:940)
	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:683)
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382)
	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363)
	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410)
	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
	at org.jboss.threads.JBossThread.run(JBossThread.java:320)

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6301 Adding Elytron ldap-realm through CLI throws IllegalArgumentException

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: