Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8125

Document changed http status code in legacy ldap security realm if LDAP is unreachable

XMLWordPrintable

    • Hide

      1) Start server

      ./standalone.sh
      

      2) Configure server with CLI

      /core-service=management/ldap-connection=ldapConnection:add(url="ldap://localhost:10389", search-credential="secret", search-dn="uid=admin,ou=system")
      /core-service=management/security-realm=ldap-realm:add()
      /core-service=management/security-realm=ldap-realm/authentication=ldap:add(connection=ldapConnection, base-dn="ou=People,dc=jboss,dc=org", username-attribute=uid)
      /core-service=management/management-interface=http-interface:write-attribute(name=security-realm, value=ldap-realm)
      reload
      

      3) Access http://localhost:9990/management?operation=attribute&name=server-state in browser and provide credentials
      4) Instead of 401 status code 500 is returned

      Show
      1) Start server ./standalone.sh 2) Configure server with CLI /core-service=management/ldap-connection=ldapConnection:add(url= "ldap: //localhost:10389" , search-credential= "secret" , search-dn= "uid=admin,ou=system" ) /core-service=management/security-realm=ldap-realm:add() /core-service=management/security-realm=ldap-realm/authentication=ldap:add(connection=ldapConnection, base-dn= "ou=People,dc=jboss,dc=org" , username-attribute=uid) /core-service=management/management- interface =http- interface :write-attribute(name=security-realm, value=ldap-realm) reload 3) Access http://localhost:9990/management?operation=attribute&name=server-state in browser and provide credentials 4) Instead of 401 status code 500 is returned

      Legacy security behaviour changed compared to EAP 7.0. When there is no LDAP server reachable, attempt to acces management interface secured by legacy ldap security realm ends with http code 500. In EAP 7.0 it was 401. There is agreement between dev and qe, that 500 is more proper code as it express server side problem.

      Therefore please document this change properly. Maybe worth adding into Migration guide.

              zrhoads Zach Rhoads (Inactive)
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: