Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7289

Adding ldap-key-store requires accessible ldap server

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 11.0.0.Final
    • 11.0.0.Alpha1
    • Security
    • None

    Description

      Playing with ldap-key-store . What I consider very unconvenient is fact, that in moment of adding ldap-key-store, ldap server has to be running and accessible. Elytron ldap-realm does not need that. Doubt about legacy security realms. Is it possible to decouple that dependency and leave that check till first ldap-key-store usage?

      Steps to reproduce:

      [standalone@localhost:9990 /] /subsystem=elytron/dir-context=a:add()
{"outcome" => "success"}
[standalone@localhost:9990 /] /subsystem=elytron/ldap-key-store=a:add(dir-context=a, search-path="a")
{
    "outcome" => "failed",
    "rolled-back" => true
}

      leads to exception in server log

      14:37:25,917 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
    "address" => [
        ("subsystem" => "elytron"),
        ("ldap-key-store" => "a")
    ],
    "operation" => "add",
    "search-path" => "a",
    "dir-context" => "a",
    "operation-headers" => {
        "caller-type" => "user",
        "access-mechanism" => "NATIVE"
    }
}]: java.lang.IllegalStateException: ELY02015: Failed to obtain DirContext
	at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:126)
	at org.wildfly.security.keystore.LdapKeyStoreSpi.engineSize(LdapKeyStoreSpi.java:381)
	at java.security.KeyStore.size(KeyStore.java:1271)
	at org.wildfly.security.keystore.DelegatingKeyStoreSpi.engineSize(DelegatingKeyStoreSpi.java:121)
	at java.security.KeyStore.size(KeyStore.java:1271)
	at org.wildfly.extension.elytron.KeyStoreResource.containsAliases(KeyStoreResource.java:163)
	at org.wildfly.extension.elytron.KeyStoreResource.getChildTypes(KeyStoreResource.java:61)
	at org.jboss.as.controller.registry.AbstractModelResource$DelegateResource.getChildTypes(AbstractModelResource.java:372)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:287)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:291)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:291)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:276)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:262)
	at org.jboss.as.controller.registry.Resource$Tools.readModel(Resource.java:250)
	at org.jboss.as.controller.ModelControllerImpl.writeModel(ModelControllerImpl.java:787)
	at org.jboss.as.controller.OperationContextImpl.createPersistenceResource(OperationContextImpl.java:520)
	at org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:758)
	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:709)
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382)
	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363)
	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410)
	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: javax.naming.NamingException: Cannot parse url: undefined [Root exception is java.net.MalformedURLException: Invalid URI: undefined]
	at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:92)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:163)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
	at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
	at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
	at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
	at javax.naming.InitialContext.init(InitialContext.java:244)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.createDirContext(SimpleDirContextFactoryBuilder.java:286)
	at org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder$SimpleDirContextFactory.obtainDirContext(SimpleDirContextFactoryBuilder.java:222)
	at org.wildfly.extension.elytron.DirContextDefinition.lambda$null$0(DirContextDefinition.java:148)
	at org.wildfly.security.keystore.LdapKeyStoreSpi.obtainDirContext(LdapKeyStoreSpi.java:120)
	... 39 more
Caused by: java.net.MalformedURLException: Invalid URI: undefined
	at com.sun.jndi.toolkit.url.Uri.parse(Uri.java:199)
	at com.sun.jndi.toolkit.url.Uri.init(Uri.java:138)
	at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:82)
	... 56 more

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-6387 Adding ldap-key-store requires accessible ldap server

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. WFLY-7290 Unable to remove elytron ldap-key-store

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: