Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-13767

Only a fabric Administrator user specified with "fabric:create" command can execute "container-stop" command

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Explained
    • Affects Version/s: fuse-6.3-R16-GA
    • Fix Version/s: None
    • Component/s: Fabric8 v1
    • Labels:
      None
    • Steps to Reproduce:
      Hide
      1. unzip fuse 6.3 R16
      2. enable default user by editing etc/user.properties
      3. create fabric with the default user
      4. create child container
      5. create another admin user by using jaas: commands
      6. delete default user by using jaas: commands
      7. execute container-stop command

      FYI, this is the console log and fuse log which I got

      JBossFuse:karaf@root> version
      2.4.0.redhat-630446
      JBossFuse:karaf@root> fabric:create --clean --new-user admin --new-user-password admin --new-user-role Administrator --zookeeper-password admin --zookeeper-data-dir zkdata --resolver manualip --manual-ip 127.0.0.1 --wait-for-provisioning
      Waiting for container: root
      Waiting for container root to provision.
      
      JBossFuse:karaf@root> fabric:container-create-child root child
      Creating new instance on SSH port 8102 and RMI ports 1100/44445 at: /home/hfuruich/product/fuse-630/r16/jboss-fuse-6.3.0.redhat-446/instances/child
      The following containers have been created successfully:
      Container: child.
      JBossFuse:karaf@root> container-list
      [id]     [version]  [type]  [connected]  [profiles]              [provision status]
      root*    1.0        karaf   yes          fabric                  success           
                                               fabric-ensemble-0000-1                    
                                               jboss-fuse-full                           
        child  1.0        karaf   yes          default                 success           
      JBossFuse:karaf@root>
      JBossFuse:karaf@root>  realms
      Index Realm                Module Class                                                                    
          1 karaf                io.fabric8.jaas.ZookeeperLoginModule                                            
      JBossFuse:karaf@root> jaas:manage --index 1     
      JBossFuse:karaf@root> jaas:useradd bob bob  
      JBossFuse:karaf@root> jaas:roleadd bob admin
      JBossFuse:karaf@root> jaas:update 
      JBossFuse:karaf@root> jaas:manage --index 1
      JBossFuse:karaf@root> jaas:users
      User Name            Group                Role                
      admin                admin                admin               
      admin                admin                manager             
      admin                admin                viewer              
      admin                admin                Operator            
      admin                admin                Maintainer          
      admin                admin                Deployer            
      admin                admin                Auditor             
      admin                admin                Administrator       
      admin                admin                SuperUser           
      admin                                     Monitor             
      bob                                       admin               
      JBossFuse:karaf@root> jaas:userdel admin
      JBossFuse:karaf@root> jaas:update
      JBossFuse:karaf@root> jaas:manage --index 1
      JBossFuse:karaf@root> jaas:users
      User Name            Group                Role                
      bob                                       admin               
      JBossFuse:karaf@root>
      JBossFuse:karaf@root> container-stop child
      The list of container names: [child]
      Error executing command: java.lang.SecurityException: Authentication failed
      JBossFuse:karaf@root> 
      
      fuse.log (root container)
      ~~~
      2020-05-12 15:33:06,674 | ERROR | l Console Thread | Console                          | 37 - org.apache.karaf.shell.console - 2.4.0.redhat-630446 | Exception caught while executing command
      io.fabric8.api.FabricAuthenticationException: java.lang.SecurityException: Authentication failed
      at io.fabric8.service.ContainerTemplate.createConnector(ContainerTemplate.java:165)
      at io.fabric8.service.ContainerTemplate$1.createConnector(ContainerTemplate.java:54)
      at io.fabric8.service.NonCachingJmxTemplate.execute(NonCachingJmxTemplate.java:32)
      at io.fabric8.service.ContainerTemplate.execute(ContainerTemplate.java:91)
      at io.fabric8.service.child.ChildContainerProvider$1.stop(ChildContainerProvider.java:232)
      at io.fabric8.service.child.ChildContainerProvider.stop(ChildContainerProvider.java:101)
      at io.fabric8.service.FabricServiceImpl.stopContainer(FabricServiceImpl.java:387)
      at io.fabric8.internal.ContainerImpl.stop(ContainerImpl.java:513)
      at io.fabric8.commands.ContainerStopAction.doExecute(ContainerStopAction.java:49)
      at org.apache.karaf.shell.console.AbstractAction.execute(AbstractAction.java:33)
      at org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35)
      at sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54)
      at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
      at io.fabric8.commands.$ContainerStop591513427.execute(Unknown Source)
      at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)
      at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)
      at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)
      at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)
      at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)
      at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)
      at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:92)
      at org.apache.karaf.shell.console.jline.Console.run(Console.java:197)
      at org.apache.karaf.shell.console.jline.DelayedStarted.run(DelayedStarted.java:79)
      Caused by: java.lang.SecurityException: Authentication failed
      at org.apache.karaf.management.JaasAuthenticator.authenticate(JaasAuthenticator.java:78)
      at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:232)
      at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
      at sun.rmi.transport.Transport$1.run(Transport.java:200)
      at sun.rmi.transport.Transport$1.run(Transport.java:197)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:283)
      at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:260)
      at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161)
      at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
      at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2430)
      at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308)
      at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
      at io.fabric8.service.ContainerTemplate.createConnector(ContainerTemplate.java:159)
      ... 25 more
      Caused by: javax.security.auth.login.FailedLoginException: User doesn't exist
      at io.fabric8.jaas.ZookeeperLoginModule.login(ZookeeperLoginModule.java:213)
      at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
      at org.apache.karaf.management.JaasAuthenticator.authenticate(JaasAuthenticator.java:69)
      at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:232)
      at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
      at sun.rmi.transport.Transport$1.run(Transport.java:200)
      at sun.rmi.transport.Transport$1.run(Transport.java:197)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      ~~~
      
      Show
      unzip fuse 6.3 R16 enable default user by editing etc/user.properties create fabric with the default user create child container create another admin user by using jaas: commands delete default user by using jaas: commands execute container-stop command FYI, this is the console log and fuse log which I got JBossFuse:karaf@root> version 2.4.0.redhat-630446 JBossFuse:karaf@root> fabric:create --clean --new-user admin --new-user-password admin --new-user-role Administrator --zookeeper-password admin --zookeeper-data-dir zkdata --resolver manualip --manual-ip 127.0.0.1 --wait-for-provisioning Waiting for container: root Waiting for container root to provision. JBossFuse:karaf@root> fabric:container-create-child root child Creating new instance on SSH port 8102 and RMI ports 1100/44445 at: /home/hfuruich/product/fuse-630/r16/jboss-fuse-6.3.0.redhat-446/instances/child The following containers have been created successfully: Container: child. JBossFuse:karaf@root> container-list [id] [version] [type] [connected] [profiles] [provision status] root* 1.0 karaf yes fabric success fabric-ensemble-0000-1 jboss-fuse-full child 1.0 karaf yes default success JBossFuse:karaf@root> JBossFuse:karaf@root> realms Index Realm Module Class 1 karaf io.fabric8.jaas.ZookeeperLoginModule JBossFuse:karaf@root> jaas:manage --index 1 JBossFuse:karaf@root> jaas:useradd bob bob JBossFuse:karaf@root> jaas:roleadd bob admin JBossFuse:karaf@root> jaas:update JBossFuse:karaf@root> jaas:manage --index 1 JBossFuse:karaf@root> jaas:users User Name Group Role admin admin admin admin admin manager admin admin viewer admin admin Operator admin admin Maintainer admin admin Deployer admin admin Auditor admin admin Administrator admin admin SuperUser admin Monitor bob admin JBossFuse:karaf@root> jaas:userdel admin JBossFuse:karaf@root> jaas:update JBossFuse:karaf@root> jaas:manage --index 1 JBossFuse:karaf@root> jaas:users User Name Group Role bob admin JBossFuse:karaf@root> JBossFuse:karaf@root> container-stop child The list of container names: [child] Error executing command: java.lang.SecurityException: Authentication failed JBossFuse:karaf@root> fuse.log (root container) ~~~ 2020-05-12 15:33:06,674 | ERROR | l Console Thread | Console | 37 - org.apache.karaf.shell.console - 2.4.0.redhat-630446 | Exception caught while executing command io.fabric8.api.FabricAuthenticationException: java.lang.SecurityException: Authentication failed at io.fabric8.service.ContainerTemplate.createConnector(ContainerTemplate.java:165) at io.fabric8.service.ContainerTemplate$1.createConnector(ContainerTemplate.java:54) at io.fabric8.service.NonCachingJmxTemplate.execute(NonCachingJmxTemplate.java:32) at io.fabric8.service.ContainerTemplate.execute(ContainerTemplate.java:91) at io.fabric8.service.child.ChildContainerProvider$1.stop(ChildContainerProvider.java:232) at io.fabric8.service.child.ChildContainerProvider.stop(ChildContainerProvider.java:101) at io.fabric8.service.FabricServiceImpl.stopContainer(FabricServiceImpl.java:387) at io.fabric8.internal.ContainerImpl.stop(ContainerImpl.java:513) at io.fabric8.commands.ContainerStopAction.doExecute(ContainerStopAction.java:49) at org.apache.karaf.shell.console.AbstractAction.execute(AbstractAction.java:33) at org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35) at sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54) at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) at io.fabric8.commands.$ContainerStop591513427.execute(Unknown Source) at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78) at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477) at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403) at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108) at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183) at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120) at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:92) at org.apache.karaf.shell.console.jline.Console.run(Console.java:197) at org.apache.karaf.shell.console.jline.DelayedStarted.run(DelayedStarted.java:79) Caused by: java.lang.SecurityException: Authentication failed at org.apache.karaf.management.JaasAuthenticator.authenticate(JaasAuthenticator.java:78) at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:232) at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) at sun.rmi.transport.Transport$1.run(Transport.java:200) at sun.rmi.transport.Transport$1.run(Transport.java:197) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Transport.java:196) at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:283) at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:260) at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161) at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source) at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2430) at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270) at io.fabric8.service.ContainerTemplate.createConnector(ContainerTemplate.java:159) ... 25 more Caused by: javax.security.auth.login.FailedLoginException: User doesn't exist at io.fabric8.jaas.ZookeeperLoginModule.login(ZookeeperLoginModule.java:213) at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.apache.karaf.management.JaasAuthenticator.authenticate(JaasAuthenticator.java:69) at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:232) at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) at sun.rmi.transport.Transport$1.run(Transport.java:200) at sun.rmi.transport.Transport$1.run(Transport.java:197) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Transport.java:196) at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) ~~~

      Description

      Let's say we created a fabric environment with default user, admin, and now we want to delete the default user and create another admin user.
      However, another admin user could not do "container-stop" command with following error message:

      Caused by: javax.security.auth.login.FailedLoginException: User doesn't exist

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                grgrzybek Grzegorz Grzybek
                Reporter:
                hisao.furuichi Hisao Furuichi
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: