Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-19195

(CD) Regression: Legacy Ldap Realm securing EJB with JDK8 not working

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.4.0.CD20
    • 7.3.0.CD18, 7.3.0.GA, 7.4.0.CD19
    • Security
    • Regression

      Use case is basic EJB authentication using legacy LDAP security realm.

      It is working with CD17, but not CD18, CD19, 7.3.0.GA.

      With CD19 we see this log [1]

      15:24:12,874 INFO  [org.jboss.ejb.client] (main) EJBCLIENT000064: org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
      15:24:12,891 INFO  [org.wildfly.naming] (main) WildFly Naming version 1.0.9.Final
      15:24:12,940 INFO  [org.wildfly.naming] (main) WFNAM00049: Usage of the legacy "remote.connections" property is deprecated; please use javax.naming.Context#PROVIDER_URL instead
      15:24:13,001 INFO  [org.jboss.ejb.client] (main) JBoss EJB Client version 4.0.10.Final
      15:24:13,085 DEBUG [org.jboss.ejb.client.invocation] (main) Calling invoke(module = /ldap-realm-ejb-deployment/SimpleBean, strong affinity = None, weak affinity = None): 
      15:24:13,149 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Initialized connection from /127.0.0.1:35658 to /127.0.0.1:8080 with options {org.xnio.Options.REUSE_ADDRESSES=>true,org.xnio.Options.TCP_NODELAY=>true,org.jboss.remoting3.RemotingOptions.SASL_PROTOCOL=>remote}
      �[0m15:24:13,150 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Accepted connection from /127.0.0.1:35658 to rhel6-medium-103755.localdomain/127.0.0.1:8080
      �[0m15:24:13,150 TRACE [org.jboss.remoting.remote] (default I/O-4) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@4618238e
      �[0m15:24:13,151 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Sent 38 bytes
      �[0m15:24:13,151 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Flushed channel
      �[0m15:24:13,158 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) No buffers in queue for message header
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Allocated fresh buffers
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received 37 bytes
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received message java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Received java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capabilities request
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: version 1
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: message close protocol supported
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: remote version is "5.0.5.Final"
      �[0m15:24:13,160 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: remote channels in is "40"; resulting max outbound channels value is "40"
      �[0m15:24:13,160 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: remote channels out is "40"; resulting max inbound channels value is "40"
      �[0m15:24:13,160 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: authentication service
      �[0m15:24:13,160 TRACE [org.jboss.remoting.remote.server] (default I/O-4) No EXTERNAL mechanism due to lack of SSL
      �[0m15:24:13,162 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Added mechanism PLAIN
      �[0m15:24:13,167 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Sent 79 bytes
      �[0m15:24:13,168 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Flushed channel
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) No buffers in queue for message header
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Allocated fresh buffers
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received 27 bytes
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received message java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Received java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received authentication request
      �[0m15:24:13,175 TRACE [org.wildfly.security] (default I/O-4) Handling SocketAddressCallback
      �[0m15:24:13,175 TRACE [org.wildfly.security] (default I/O-4) Handling SocketAddressCallback
      �[0m15:24:13,175 TRACE [org.wildfly.security] (default I/O-4) Handling MechanismInformationCallback type='SASL' name='PLAIN' host-name='rhel6-medium-103755.localdomain' protocol='remote'
      �[0m15:24:13,177 TRACE [org.wildfly.security] (default I/O-4) Creating SaslServer [org.wildfly.security.sasl.plain.PlainSaslServer@31e953d3] for mechanism [PLAIN] and protocol [remote]
      �[0m15:24:13,177 TRACE [org.wildfly.security] (default I/O-4) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@59d04c37->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@6897305->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@2a5ce5b6->org.wildfly.security.sasl.plain.PlainSaslServer@31e953d3] for mechanism [PLAIN]
      �[0m15:24:13,177 TRACE [org.jboss.remoting.endpoint] (default I/O-4) Allocated tick to 8 of endpoint "rhel6-medium-103755" <25beb8e1> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@51d05ce5)
      �[0m15:24:13,179 TRACE [org.wildfly.security] (default task-1) Handling NameCallback: authenticationName = jduke
      �[0m15:24:13,180 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m15:24:13,181 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m15:24:13,181 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m15:24:13,181 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://rhel6-medium-103755.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m15:24:13,211 DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] (NioProcessor-2) Processing a MESSAGE_RECEIVED for session 13
      15:24:13,212 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Firing a MESSAGE_RECEIVED event for session 13
      15:24:13,214 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Event MESSAGE_RECEIVED has been fired for session 13
      15:24:13,219 DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] (NioProcessor-2) Processing a MESSAGE_RECEIVED for session 13
      15:24:13,222 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Firing a MESSAGE_RECEIVED event for session 13
      15:24:13,222 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-6-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      15:24:13,236 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Event MESSAGE_RECEIVED has been fired for session 13
      15:24:13,240 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest112eb0b5,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m15:24:13,242 TRACE [org.wildfly.security] (default task-1) Principal assigning: [jduke], pre-realm rewritten: [jduke@ldap-realm], realm name: [PLAIN], post-realm rewritten: [jduke@ldap-realm], realm rewritten: [jduke@ldap-realm]
      �[0m15:24:13,242 DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] (NioProcessor-2) Processing a MESSAGE_RECEIVED for session 13
      15:24:13,243 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m15:24:13,243 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m15:24:13,247 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m15:24:13,252 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Firing a MESSAGE_RECEIVED event for session 13
      15:24:13,247 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://rhel6-medium-103755.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m15:24:13,256 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: fail
      �[0m15:24:13,257 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05013: Authentication mechanism password not verified
      	at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:127)
      	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
      	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110)
      	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)
      	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
      	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
      	at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:484)
      	at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
      	at java.lang.Thread.run(Thread.java:748)
      
      �[0m15:24:13,252 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Event MESSAGE_RECEIVED has been fired for session 13
      15:24:13,259 TRACE [org.jboss.remoting.remote.server] (default task-1) No more authentication attempts allowed, closing the connection
      �[0m15:24:13,260 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Sent 5 bytes
      �[0m15:24:13,260 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Flushed channel
      �[0m15:24:13,260 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Shut down writes on channel
      �[0m15:24:13,261 DEBUG [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received authentication rejected for mechanism PLAIN
      15:24:13,262 DEBUG [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
         PLAIN: javax.security.sasl.SaslException: PLAIN: Server rejected authentication
      15:24:13,263 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) No buffers in queue for message header
      �[0m15:24:13,263 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Allocated fresh buffers
      �[0m15:24:13,263 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received EOF
      �[0m15:24:13,263 TRACE [org.jboss.remoting.remote] (default I/O-4) Received connection end-of-stream
      �[0m15:24:13,265 TRACE [org.jboss.remoting.endpoint] (default task-1) Resource closed count 00000007 of endpoint "rhel6-medium-103755" <25beb8e1> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@51d05ce5)
      

      In contrast snippet of log with test passing with jdk 11

      [0m20:28:16,305 INFO  [org.jboss.ejb.client] (main) EJBCLIENT000064: org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
      20:28:16,312 INFO  [org.wildfly.naming] (main) WildFly Naming version 1.0.9.Final
      20:28:16,323 INFO  [org.wildfly.naming] (main) WFNAM00049: Usage of the legacy "remote.connections" property is deprecated; please use javax.naming.Context#PROVIDER_URL instead
      20:28:16,344 INFO  [org.jboss.ejb.client] (main) JBoss EJB Client version 4.0.10.Final
      20:28:16,406 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Initialized connection from /127.0.0.1:39979 to /127.0.0.1:8080 with options {org.jboss.remoting3.RemotingOptions.SASL_PROTOCOL=>remote,org.xnio.Options.REUSE_ADDRESSES=>true,org.xnio.Options.TCP_NODELAY=>true}
      �[0m20:28:16,406 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Accepted connection from /127.0.0.1:39979 to localhost/127.0.0.1:8080
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote] (default I/O-13) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@e393a583
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Sent 16 bytes
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Flushed channel
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) No buffers in queue for message header
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Allocated fresh buffers
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Received 37 bytes
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Received message java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Received java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capabilities request
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: version 1
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: message close protocol supported
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: remote version is "5.0.5.Final"
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: remote channels in is "40"; resulting max outbound channels value is "40"
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: remote channels out is "40"; resulting max inbound channels value is "40"
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: authentication service
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) No EXTERNAL mechanism due to lack of SSL
      �[0m20:28:16,409 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Added mechanism PLAIN
      �[0m20:28:16,409 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Sent 69 bytes
      �[0m20:28:16,410 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Flushed channel
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) No buffers in queue for message header
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Allocated fresh buffers
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Received 27 bytes
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Received message java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Received java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received authentication request
      �[0m20:28:16,416 TRACE [org.wildfly.security] (default I/O-13) Handling MechanismInformationCallback type='SASL' name='PLAIN' host-name='localhost' protocol='remote'
      �[0m20:28:16,417 TRACE [org.wildfly.security] (default I/O-13) Creating SaslServer [org.wildfly.security.sasl.plain.PlainSaslServer@6c8a34b9] for mechanism [PLAIN] and protocol [remote]
      �[0m20:28:16,417 TRACE [org.wildfly.security] (default I/O-13) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@6cbe8208->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@1bb90cb2->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@8f421181->org.wildfly.security.sasl.plain.PlainSaslServer@6c8a34b9] for mechanism [PLAIN]
      �[0m20:28:16,417 TRACE [org.jboss.remoting.endpoint] (default I/O-13) Allocated tick to 8 of endpoint "localhost" <43a56a00> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@6d93756b)
      �[0m20:28:16,418 TRACE [org.wildfly.security] (default task-1) Handling NameCallback: authenticationName = jduke
      �[0m20:28:16,418 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m20:28:16,418 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m20:28:16,418 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m20:28:16,418 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,425 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-5-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      20:28:16,432 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m20:28:16,433 TRACE [org.wildfly.security] (default task-1) Principal assigning: [jduke], pre-realm rewritten: [jduke@ldap-realm], realm name: [PLAIN], post-realm rewritten: [jduke@ldap-realm], realm rewritten: [jduke@ldap-realm]
      �[0m20:28:16,433 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m20:28:16,433 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m20:28:16,433 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m20:28:16,433 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,435 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-5-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      20:28:16,436 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m20:28:16,437 TRACE [org.jboss.as.domain.management.security] (default task-1) Using a trustOnly SSL context to authenticate user uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org
      �[0m20:28:16,437 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,439 TRACE [org.jboss.as.domain.management.security] (default task-1) Password verified for user 'jduke' (using connection attempt)
      �[0m20:28:16,440 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m20:28:16,440 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m20:28:16,440 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m20:28:16,440 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,442 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-5-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      20:28:16,443 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [jduke@ldap-realm] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Authorizing principal jduke.
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Authorizing against the following attributes: [] => []
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Permission mapping: identity [jduke@ldap-realm] with roles [] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Authorization succeed
      �[0m20:28:16,444 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m20:28:16,444 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m20:28:16,444 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m20:28:16,444 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,446 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-5-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      20:28:16,447 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m20:28:16,448 TRACE [org.wildfly.security] (default task-1) RunAs authorization succeed - the same identity
      �[0m20:28:16,448 TRACE [org.wildfly.security] (default task-1) Handling AuthorizeCallback: authenticationID = jduke  authorizationID = jduke  authorized = true
      �[0m20:28:16,448 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: succeed
      �[0m20:28:16,448 TRACE [org.wildfly.security] (default task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=jduke@ldap-realm, securityDomain=org.wildfly.security.auth.server.SecurityDomain@8d19cde5, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='PLAIN', securityRealm=org.jboss.as.domain.management.security.SecurityRealmService$SharedStateSecurityRealm@b6fa247f}, creationTime=2020-04-08T18:28:16.444188258Z}
      �[0m20:28:16,448 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication complete
      
      • We have also kerberos variant of test securing ejb with kerberos and that is working fine KerberosRemoteEjbManualTest.java
      • We have a lot of tests using legacy ldap realm to secure management interface itself and these are working also fine.
      • I tried to upgrade ejb-client from 4.0.10 to 4.0.31 but it didn't help
      • Tried to switch to WildFlyInitialContextFactory (https://issues.redhat.com/browse/JBEAP-10996), but didn't help

      [1] https://eap-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/eap-7.x-ldap-krb-ApacheDS-rhel/jdk=oracle-java-1.8,label_exp=RHEL6&&x86_64&&dynamic&&medium,security_provider=legacy_security/337/testReport/junit/org.jboss.eapqe.krbldap.eap7.tests.ldap.ejb/LdapRealmAuthenticationForEjbManualTest/testAccess/

        1. test-standalone.xml
          32 kB
        2. jdk8-test.log
          415 kB
        3. jdk11-test.log
          415 kB
        4. ejb-client-jdk8.log
          16 kB
        5. ejb-client-jdk11.log
          7 kB

              rhn-support-rmartinc Ricardo Martin Camarero
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: