Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-19221

(7.3.z) WFLY-13358 - Tests for WFCORE-4950 - Regression: Legacy Ldap Realm securing EJB with JDK8 not working

XMLWordPrintable

      Use case is basic EJB authentication using legacy LDAP security realm.

      It is working with CD17, but not CD18, CD19, 7.3.0.GA.

      With CD19 we see this log [1]

      15:24:12,874 INFO  [org.jboss.ejb.client] (main) EJBCLIENT000064: org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
      15:24:12,891 INFO  [org.wildfly.naming] (main) WildFly Naming version 1.0.9.Final
      15:24:12,940 INFO  [org.wildfly.naming] (main) WFNAM00049: Usage of the legacy "remote.connections" property is deprecated; please use javax.naming.Context#PROVIDER_URL instead
      15:24:13,001 INFO  [org.jboss.ejb.client] (main) JBoss EJB Client version 4.0.10.Final
      15:24:13,085 DEBUG [org.jboss.ejb.client.invocation] (main) Calling invoke(module = /ldap-realm-ejb-deployment/SimpleBean, strong affinity = None, weak affinity = None): 
      15:24:13,149 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Initialized connection from /127.0.0.1:35658 to /127.0.0.1:8080 with options {org.xnio.Options.REUSE_ADDRESSES=>true,org.xnio.Options.TCP_NODELAY=>true,org.jboss.remoting3.RemotingOptions.SASL_PROTOCOL=>remote}
      �[0m15:24:13,150 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Accepted connection from /127.0.0.1:35658 to rhel6-medium-103755.localdomain/127.0.0.1:8080
      �[0m15:24:13,150 TRACE [org.jboss.remoting.remote] (default I/O-4) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@4618238e
      �[0m15:24:13,151 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Sent 38 bytes
      �[0m15:24:13,151 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Flushed channel
      �[0m15:24:13,158 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) No buffers in queue for message header
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Allocated fresh buffers
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received 37 bytes
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received message java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Received java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capabilities request
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: version 1
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: message close protocol supported
      �[0m15:24:13,159 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: remote version is "5.0.5.Final"
      �[0m15:24:13,160 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: remote channels in is "40"; resulting max outbound channels value is "40"
      �[0m15:24:13,160 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: remote channels out is "40"; resulting max inbound channels value is "40"
      �[0m15:24:13,160 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received capability: authentication service
      �[0m15:24:13,160 TRACE [org.jboss.remoting.remote.server] (default I/O-4) No EXTERNAL mechanism due to lack of SSL
      �[0m15:24:13,162 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Added mechanism PLAIN
      �[0m15:24:13,167 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Sent 79 bytes
      �[0m15:24:13,168 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Flushed channel
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) No buffers in queue for message header
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Allocated fresh buffers
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received 27 bytes
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received message java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Received java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
      �[0m15:24:13,175 TRACE [org.jboss.remoting.remote.server] (default I/O-4) Server received authentication request
      �[0m15:24:13,175 TRACE [org.wildfly.security] (default I/O-4) Handling SocketAddressCallback
      �[0m15:24:13,175 TRACE [org.wildfly.security] (default I/O-4) Handling SocketAddressCallback
      �[0m15:24:13,175 TRACE [org.wildfly.security] (default I/O-4) Handling MechanismInformationCallback type='SASL' name='PLAIN' host-name='rhel6-medium-103755.localdomain' protocol='remote'
      �[0m15:24:13,177 TRACE [org.wildfly.security] (default I/O-4) Creating SaslServer [org.wildfly.security.sasl.plain.PlainSaslServer@31e953d3] for mechanism [PLAIN] and protocol [remote]
      �[0m15:24:13,177 TRACE [org.wildfly.security] (default I/O-4) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@59d04c37->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@6897305->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@2a5ce5b6->org.wildfly.security.sasl.plain.PlainSaslServer@31e953d3] for mechanism [PLAIN]
      �[0m15:24:13,177 TRACE [org.jboss.remoting.endpoint] (default I/O-4) Allocated tick to 8 of endpoint "rhel6-medium-103755" <25beb8e1> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@51d05ce5)
      �[0m15:24:13,179 TRACE [org.wildfly.security] (default task-1) Handling NameCallback: authenticationName = jduke
      �[0m15:24:13,180 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m15:24:13,181 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m15:24:13,181 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m15:24:13,181 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://rhel6-medium-103755.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m15:24:13,211 DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] (NioProcessor-2) Processing a MESSAGE_RECEIVED for session 13
      15:24:13,212 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Firing a MESSAGE_RECEIVED event for session 13
      15:24:13,214 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Event MESSAGE_RECEIVED has been fired for session 13
      15:24:13,219 DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] (NioProcessor-2) Processing a MESSAGE_RECEIVED for session 13
      15:24:13,222 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Firing a MESSAGE_RECEIVED event for session 13
      15:24:13,222 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-6-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      15:24:13,236 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Event MESSAGE_RECEIVED has been fired for session 13
      15:24:13,240 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest112eb0b5,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m15:24:13,242 TRACE [org.wildfly.security] (default task-1) Principal assigning: [jduke], pre-realm rewritten: [jduke@ldap-realm], realm name: [PLAIN], post-realm rewritten: [jduke@ldap-realm], realm rewritten: [jduke@ldap-realm]
      �[0m15:24:13,242 DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] (NioProcessor-2) Processing a MESSAGE_RECEIVED for session 13
      15:24:13,243 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m15:24:13,243 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m15:24:13,247 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m15:24:13,252 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Firing a MESSAGE_RECEIVED event for session 13
      15:24:13,247 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://rhel6-medium-103755.localdomain:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m15:24:13,256 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: fail
      �[0m15:24:13,257 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05013: Authentication mechanism password not verified
      	at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:127)
      	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
      	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110)
      	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)
      	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
      	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
      	at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:484)
      	at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
      	at java.lang.Thread.run(Thread.java:748)
      
      �[0m15:24:13,252 DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] (pool-6-thread-1) Event MESSAGE_RECEIVED has been fired for session 13
      15:24:13,259 TRACE [org.jboss.remoting.remote.server] (default task-1) No more authentication attempts allowed, closing the connection
      �[0m15:24:13,260 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Sent 5 bytes
      �[0m15:24:13,260 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Flushed channel
      �[0m15:24:13,260 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Shut down writes on channel
      �[0m15:24:13,261 DEBUG [org.jboss.remoting.remote.client] (XNIO-1 I/O-1) Client received authentication rejected for mechanism PLAIN
      15:24:13,262 DEBUG [org.jboss.remoting.remote.connection] (XNIO-1 I/O-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
         PLAIN: javax.security.sasl.SaslException: PLAIN: Server rejected authentication
      15:24:13,263 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) No buffers in queue for message header
      �[0m15:24:13,263 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Allocated fresh buffers
      �[0m15:24:13,263 TRACE [org.jboss.remoting.remote.connection] (default I/O-4) Received EOF
      �[0m15:24:13,263 TRACE [org.jboss.remoting.remote] (default I/O-4) Received connection end-of-stream
      �[0m15:24:13,265 TRACE [org.jboss.remoting.endpoint] (default task-1) Resource closed count 00000007 of endpoint "rhel6-medium-103755" <25beb8e1> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@51d05ce5)
      

      In contrast snippet of log with test passing with jdk 11

      [0m20:28:16,305 INFO  [org.jboss.ejb.client] (main) EJBCLIENT000064: org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
      20:28:16,312 INFO  [org.wildfly.naming] (main) WildFly Naming version 1.0.9.Final
      20:28:16,323 INFO  [org.wildfly.naming] (main) WFNAM00049: Usage of the legacy "remote.connections" property is deprecated; please use javax.naming.Context#PROVIDER_URL instead
      20:28:16,344 INFO  [org.jboss.ejb.client] (main) JBoss EJB Client version 4.0.10.Final
      20:28:16,406 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Initialized connection from /127.0.0.1:39979 to /127.0.0.1:8080 with options {org.jboss.remoting3.RemotingOptions.SASL_PROTOCOL=>remote,org.xnio.Options.REUSE_ADDRESSES=>true,org.xnio.Options.TCP_NODELAY=>true}
      �[0m20:28:16,406 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Accepted connection from /127.0.0.1:39979 to localhost/127.0.0.1:8080
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote] (default I/O-13) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@e393a583
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Sent 16 bytes
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Flushed channel
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) No buffers in queue for message header
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Allocated fresh buffers
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Received 37 bytes
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Received message java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Received java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capabilities request
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: version 1
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: message close protocol supported
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: remote version is "5.0.5.Final"
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: remote channels in is "40"; resulting max outbound channels value is "40"
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: remote channels out is "40"; resulting max inbound channels value is "40"
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received capability: authentication service
      �[0m20:28:16,407 TRACE [org.jboss.remoting.remote.server] (default I/O-13) No EXTERNAL mechanism due to lack of SSL
      �[0m20:28:16,409 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Added mechanism PLAIN
      �[0m20:28:16,409 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Sent 69 bytes
      �[0m20:28:16,410 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Flushed channel
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) No buffers in queue for message header
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Allocated fresh buffers
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Received 27 bytes
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.connection] (default I/O-13) Received message java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Received java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
      �[0m20:28:16,416 TRACE [org.jboss.remoting.remote.server] (default I/O-13) Server received authentication request
      �[0m20:28:16,416 TRACE [org.wildfly.security] (default I/O-13) Handling MechanismInformationCallback type='SASL' name='PLAIN' host-name='localhost' protocol='remote'
      �[0m20:28:16,417 TRACE [org.wildfly.security] (default I/O-13) Creating SaslServer [org.wildfly.security.sasl.plain.PlainSaslServer@6c8a34b9] for mechanism [PLAIN] and protocol [remote]
      �[0m20:28:16,417 TRACE [org.wildfly.security] (default I/O-13) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@6cbe8208->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@1bb90cb2->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@8f421181->org.wildfly.security.sasl.plain.PlainSaslServer@6c8a34b9] for mechanism [PLAIN]
      �[0m20:28:16,417 TRACE [org.jboss.remoting.endpoint] (default I/O-13) Allocated tick to 8 of endpoint "localhost" <43a56a00> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@6d93756b)
      �[0m20:28:16,418 TRACE [org.wildfly.security] (default task-1) Handling NameCallback: authenticationName = jduke
      �[0m20:28:16,418 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m20:28:16,418 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m20:28:16,418 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m20:28:16,418 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,425 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-5-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      20:28:16,432 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m20:28:16,433 TRACE [org.wildfly.security] (default task-1) Principal assigning: [jduke], pre-realm rewritten: [jduke@ldap-realm], realm name: [PLAIN], post-realm rewritten: [jduke@ldap-realm], realm rewritten: [jduke@ldap-realm]
      �[0m20:28:16,433 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m20:28:16,433 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m20:28:16,433 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m20:28:16,433 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,435 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-5-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      20:28:16,436 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m20:28:16,437 TRACE [org.jboss.as.domain.management.security] (default task-1) Using a trustOnly SSL context to authenticate user uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org
      �[0m20:28:16,437 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,439 TRACE [org.jboss.as.domain.management.security] (default task-1) Password verified for user 'jduke' (using connection attempt)
      �[0m20:28:16,440 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m20:28:16,440 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m20:28:16,440 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m20:28:16,440 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,442 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-5-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      20:28:16,443 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [jduke@ldap-realm] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Authorizing principal jduke.
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Authorizing against the following attributes: [] => []
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Permission mapping: identity [jduke@ldap-realm] with roles [] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
      �[0m20:28:16,444 TRACE [org.wildfly.security] (default task-1) Authorization succeed
      �[0m20:28:16,444 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'jduke'
      �[0m20:28:16,444 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing single level search
      �[0m20:28:16,444 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'jduke' using filter '(uid={0})'.
      �[0m20:28:16,444 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
      �[0m20:28:16,446 WARN  [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] (pool-5-thread-1) Requested attribute dn does not exist in the schema, it will be ignored
      20:28:16,447 TRACE [org.jboss.as.domain.management.security] (default task-1) DN 'uid=jduke,ou=People,o=LdapRealmAuthenticationForEjbManualTest63890c76,o=primary,dc=jboss,dc=org' found for user 'jduke'
      �[0m20:28:16,448 TRACE [org.wildfly.security] (default task-1) RunAs authorization succeed - the same identity
      �[0m20:28:16,448 TRACE [org.wildfly.security] (default task-1) Handling AuthorizeCallback: authenticationID = jduke  authorizationID = jduke  authorized = true
      �[0m20:28:16,448 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: succeed
      �[0m20:28:16,448 TRACE [org.wildfly.security] (default task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=jduke@ldap-realm, securityDomain=org.wildfly.security.auth.server.SecurityDomain@8d19cde5, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='PLAIN', securityRealm=org.jboss.as.domain.management.security.SecurityRealmService$SharedStateSecurityRealm@b6fa247f}, creationTime=2020-04-08T18:28:16.444188258Z}
      �[0m20:28:16,448 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication complete
      
      • We have also kerberos variant of test securing ejb with kerberos and that is working fine KerberosRemoteEjbManualTest.java
      • We have a lot of tests using legacy ldap realm to secure management interface itself and these are working also fine.
      • I tried to upgrade ejb-client from 4.0.10 to 4.0.31 but it didn't help
      • Tried to switch to WildFlyInitialContextFactory (https://issues.redhat.com/browse/JBEAP-10996), but didn't help

      [1] https://eap-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/eap-7.x-ldap-krb-ApacheDS-rhel/jdk=oracle-java-1.8,label_exp=RHEL6&&x86_64&&dynamic&&medium,security_provider=legacy_security/337/testReport/junit/org.jboss.eapqe.krbldap.eap7.tests.ldap.ejb/LdapRealmAuthenticationForEjbManualTest/testAccess/

        1. test-standalone.xml
          32 kB
        2. jdk8-test.log
          415 kB
        3. jdk11-test.log
          415 kB
        4. ejb-client-jdk8.log
          16 kB
        5. ejb-client-jdk11.log
          7 kB

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-iweiss Ingo Weiss
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: