Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-13131

[RHV] (7.x) sharedState is passed null by PluginAuthenticationCallbackHandler

XMLWordPrintable

    • Hide
      1. build auth-plugin which is attached 
        mvn clean package
      2. run EAP server
      3. add plugin as module to your EAP server 
        ./jboss-cli.sh --command="module add --name=org.ovirt.engine.core.auth-plugin --slot=main --resources=/path/to/plugin/auth-plugin-4.2.0-SNAPSHOT.jar --dependencies=org.jboss.as.domain-management"
      4. stop EAP server
      5. change your ManagementRealm to 
                <security-realm name="ManagementRealm">
          <plug-ins>
        <plug-in module="org.ovirt.engine.core.auth-plugin"/>
          </plug-ins>
          <authentication>
        <plug-in name="OvirtAuth" mechanism="PLAIN"/>
          </authentication>
        </security-realm>
      6. run EAP server
      7. try to log in through jboss-cli -c
        after adding username/password (you can fill anything there) you will see in server log
        //wrong output 
        12:05:44,889 INFO  [stdout] (management task-2) SharedState is: null
12:05:44,889 INFO  [stdout] (management task-2) SharedState is NULL

        or
        //it is right one, we expect not null

        12:05:44,889 INFO  [stdout] (management task-2) SharedState is: {}
12:05:44,889 INFO  [stdout] (management task-2) SharedState is NOT NULL
      Show
      build auth-plugin which is attached mvn clean package run EAP server add plugin as module to your EAP server ./jboss-cli.sh --command= "module add --name=org.ovirt.engine.core.auth-plugin --slot=main --resources=/path/to/plugin/auth-plugin-4.2.0-SNAPSHOT.jar --dependencies=org.jboss.as.domain-management" stop EAP server change your ManagementRealm to <security-realm name= "ManagementRealm" > <plug-ins> <plug-in module= "org.ovirt.engine.core.auth-plugin" /> </plug-ins> <authentication> <plug-in name= "OvirtAuth" mechanism= "PLAIN" /> </authentication> </security-realm> run EAP server try to log in through jboss-cli -c after adding username/password (you can fill anything there) you will see in server log //wrong output 12:05:44,889 INFO [stdout] (management task-2) SharedState is: null 12:05:44,889 INFO [stdout] (management task-2) SharedState is NULL or //it is right one, we expect not null 12:05:44,889 INFO [stdout] (management task-2) SharedState is: {} 12:05:44,889 INFO [stdout] (management task-2) SharedState is NOT NULL

      oVirt's ovirt-engine uses an authorization plugin [1] for management interface that recently after upgrading to Wildfly 11 stopped working. The reason is the sharedState passed to the plugin constructor is now null.

      A current workaround this would be to avoid adding to plugin into the shareState but that means any delegating plugin would fail to find this plugin and possibly other bad stuff I'm not aware of.

      [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=blob;f=backend/manager/modules/auth-plugin/src/main/java/org/ovirt/engine/core/jboss_auth_plugin/OvirtAuthPlugIn.java;h=fe2fcb400c0c81d661c03fac173d6ad416b42b9d;hb=95d62f8d7879b1863f2db74f88affb246cf94b37#l26

        1. auth-plugin.zip
          10 kB

              darran.lofthouse@redhat.com Darran Lofthouse
              vtunka Václav Tunka
              Hynek Švábek Hynek Švábek (Inactive)
              Hynek Švábek Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: