Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.CR2
Affects Version/s: None
Component/s: Security
Labels:
- eap7.1-ok-for-cr2

Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1490383
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

build auth-plugin which is attached

mvn clean package

run EAP server

add plugin as module to your EAP server

./jboss-cli.sh --command="module add --name=org.ovirt.engine.core.auth-plugin --slot=main --resources=/path/to/plugin/auth-plugin-4.2.0-SNAPSHOT.jar --dependencies=org.jboss.as.domain-management"

stop EAP server

change your ManagementRealm to

<security-realm name="ManagementRealm"> <plug-ins> <plug-in module="org.ovirt.engine.core.auth-plugin"/> </plug-ins> <authentication> <plug-in name="OvirtAuth" mechanism="PLAIN"/> </authentication> </security-realm>

run EAP server

try to log in through jboss-cli -c
after adding username/password (you can fill anything there) you will see in server log
//wrong output

12:05:44,889 INFO [stdout] (management task-2) SharedState is: null 12:05:44,889 INFO [stdout] (management task-2) SharedState is NULL

or
//it is right one, we expect not null

12:05:44,889 INFO [stdout] (management task-2) SharedState is: {} 12:05:44,889 INFO [stdout] (management task-2) SharedState is NOT NULL
Show
build auth-plugin which is attached mvn clean package run EAP server add plugin as module to your EAP server ./jboss-cli.sh --command= "module add --name=org.ovirt.engine.core.auth-plugin --slot=main --resources=/path/to/plugin/auth-plugin-4.2.0-SNAPSHOT.jar --dependencies=org.jboss.as.domain-management" stop EAP server change your ManagementRealm to <security-realm name= "ManagementRealm" > <plug-ins> <plug-in module= "org.ovirt.engine.core.auth-plugin" /> </plug-ins> <authentication> <plug-in name= "OvirtAuth" mechanism= "PLAIN" /> </authentication> </security-realm> run EAP server try to log in through jboss-cli -c after adding username/password (you can fill anything there) you will see in server log //wrong output 12:05:44,889 INFO [stdout] (management task-2) SharedState is: null 12:05:44,889 INFO [stdout] (management task-2) SharedState is NULL or //it is right one, we expect not null 12:05:44,889 INFO [stdout] (management task-2) SharedState is: {} 12:05:44,889 INFO [stdout] (management task-2) SharedState is NOT NULL

SFDC Cases Counter:
SFDC Cases Links:

Description

oVirt's ovirt-engine uses an authorization plugin [1] for management interface that recently after upgrading to Wildfly 11 stopped working. The reason is the sharedState passed to the plugin constructor is now null.

A current workaround this would be to avoid adding to plugin into the shareState but that means any delegating plugin would fail to find this plugin and possibly other bad stuff I'm not aware of.

[1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=blob;f=backend/manager/modules/auth-plugin/src/main/java/org/ovirt/engine/core/jboss_auth_plugin/OvirtAuthPlugIn.java;h=fe2fcb400c0c81d661c03fac173d6ad416b42b9d;hb=95d62f8d7879b1863f2db74f88affb246cf94b37#l26

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

auth-plugin.zip
10 kB
2017/10/03 6:11 AM

Issue Links

clones

WFCORE-3273 sharedState is passed null by PluginAuthenticationCallbackHandler

Resolved

is incorporated by

JBEAP-12949 (7.1.0) Upgrade to WildFly Core to 3.0.3.Final-redhat

Verified

Activity

People

Assignee:: Darran Lofthouse

Reporter:: Václav Tunka

Tester:: Hynek Švábek (Inactive)

QA Contact:: Hynek Švábek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2017/09/12 4:40 AM

Updated:: 2021/10/24 6:13 AM

Resolved:: 2017/09/13 7:03 AM