Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5400

ChildContainers don't have correct RBAC configuration.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • jboss-fuse-6.3
    • jboss-fuse-6.3
    • Fabric8 v1, Karaf
    • None
    • % %
    • Hide

      1. add user test=test,Administrator
      2. start with bin/start and connect with bin/client -u test
      3. fabric:create, container-create-child root test
      4. container-edit-jvm-options -f test

      Show
      1. add user test=test,Administrator 2. start with bin/start and connect with bin/client -u test 3. fabric:create, container-create-child root test 4. container-edit-jvm-options -f test
    • Sprint 5 - towards ER2

      User with the only role "Administrator" can't access container jvm opts using container-edit-jvm-options -f , because it fails with:

      2016-04-27 10:44:26,750 | ERROR | Thread-51        | ContainerEditJvmOptionsAction    | 38 - org.apache.karaf.shell.console - 2.4.0.redhat-630045 | Unable to fetch child jvm opts
java.lang.SecurityException: Insufficient roles/credentials for operation
	at org.apache.karaf.management.KarafMBeanServerGuard.handleInvoke(KarafMBeanServerGuard.java:350)
	at org.apache.karaf.management.KarafMBeanServerGuard.handleGetAttribute(KarafMBeanServerGuard.java:270)
	at org.apache.karaf.management.KarafMBeanServerGuard.invoke(KarafMBeanServerGuard.java:88)
	at org.apache.karaf.management.internal.MBeanInvocationHandler.invoke(MBeanInvocationHandler.java:43)
	at com.sun.proxy.$Proxy2.getAttribute(Unknown Source)
	at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1445)
	at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76)
	at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1309)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1408)
	at javax.management.remote.rmi.RMIConnectionImpl.getAttribute(RMIConnectionImpl.java:639)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:323)
	at sun.rmi.transport.Transport$1.run(Transport.java:200)
	at sun.rmi.transport.Transport$1.run(Transport.java:197)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
	at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
	at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:276)
	at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:253)
	at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:162)
	at com.sun.jmx.remote.internal.PRef.invoke(Unknown Source)
	at javax.management.remote.rmi.RMIConnectionImpl_Stub.getAttribute(Unknown Source)
	at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.getAttribute(RMIConnector.java:903)
	at io.fabric8.commands.ContainerEditJvmOptionsAction.doExecute(ContainerEditJvmOptionsAction.java:118)
	at org.apache.karaf.shell.console.AbstractAction.execute(AbstractAction.java:33)
	at org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54)
	at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
	at io.fabric8.commands.$ContainerEditJvmOptions1028037130.execute(Unknown Source)
	at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)
	at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)
	at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)
	at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)
	at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)
	at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)
	at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:92)
	at org.apache.karaf.shell.console.jline.Console.run(Console.java:197)
	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1.runConsole(ShellFactoryImpl.java:173)
	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1$1.run(ShellFactoryImpl.java:125)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.karaf.jaas.modules.JaasHelper.doAs(JaasHelper.java:47)
	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1.run(ShellFactoryImpl.java:123)

      It's not about incorrect credentials, because it fails even with container-edit-jvm-options -u test -p test -f

              pantinor@redhat.com Paolo Antinori
              avano@redhat.com Andrej Vano
              Andrej Vano Andrej Vano
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: