Uploaded image for project: 'JBoss BRMS Platform'
  1. JBoss BRMS Platform
  2. RHBRMS-3077

User/Group management does not work if SSL is enabled in management console

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • 6.4.7
    • Business Central

    • BRMS 6.4
      EAP7.0

    • Workaround Exists
    • Hide

      use WildflyUserManagementService instead of WildflyCLIUserManagementService so that it can manage property files directly (not via CLI)

      e.g.
      ~~~
      org.uberfire.ext.security.management.api.userManagementServices=WildflyUserManagementService
      org.uberfire.ext.security.management.wildfly.properties.users-file-path=/PATH/TO/standalone/configuration/application-users.properties
      org.uberfire.ext.security.management.wildfly.properties.groups-file-path=/PATH/TO/standalone/configuration/application-roles.properties
      ~~~

      Show
      use WildflyUserManagementService instead of WildflyCLIUserManagementService so that it can manage property files directly (not via CLI) e.g. ~~~ org.uberfire.ext.security.management.api.userManagementServices=WildflyUserManagementService org.uberfire.ext.security.management.wildfly.properties.users-file-path=/PATH/TO/standalone/configuration/application-users.properties org.uberfire.ext.security.management.wildfly.properties.groups-file-path=/PATH/TO/standalone/configuration/application-roles.properties ~~~
    • Hide

      1. enable SSL in management console by following steps in the document.

      https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#mgmt_interface_ssl

      2. modify decision-central.war/WEB-INF/classes/security-management.properties accordingly
      i.e. uncomment the following
      ~~~
      org.uberfire.ext.security.management.api.userManagementServices=WildflyCLIUserManagementService
      org.uberfire.ext.security.management.wildfly.cli.port=9993
      ~~~
      3. restart server and login decision central, open Home menu.
      => menu of 'User management' and 'Group management' are not shown.

      Show
      1. enable SSL in management console by following steps in the document. https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#mgmt_interface_ssl 2. modify decision-central.war/WEB-INF/classes/security-management.properties accordingly i.e. uncomment the following ~~~ org.uberfire.ext.security.management.api.userManagementServices=WildflyCLIUserManagementService org.uberfire.ext.security.management.wildfly.cli.port=9993 ~~~ 3. restart server and login decision central, open Home menu. => menu of 'User management' and 'Group management' are not shown.

    Description

      If SSL is enabled in EAP's management console like the following,

      2018-02-21 00:07:59,236 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0061: Http management interface listening on https://127.0.0.1:9993/management

      User management/Group management does not work with he following exception.
      ~~~
      16:10:02,950 INFO [org.uberfire.ext.security.management.BackendUserSystemManager] (default task-8) Using the user management service named 'WildflyCLIUserManagementService'
      16:10:03,038 ERROR [org.uberfire.ext.security.management.wildfly10.cli.Wildfly10ModelUtil]
      (default task-8) Error reading realm using CLI commands.:
      java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not
      connect to http-remoting://127.0.0.1:9993. The connection failed
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
      at org.uberfire.ext.security.management.wildfly10.cli.Wildfly10ModelUtil.getPropertiesFilePath(Wildfly10ModelUtil.java:72)
      at org.uberfire.ext.security.management.wildfly10.cli.Wildfly10UserPropertiesCLIManager.getPropertiesFilePath(Wildfly10UserPropertiesCLIManager.java:56)
      at org.uberfire.ext.security.management.wildfly.cli.BaseWildflyUserPropertiesCLIManager.getUsersPropertiesFilePath(BaseWildflyUserPropertiesCLIManager.java:56)
      at org.uberfire.ext.security.management.wildfly.cli.BaseWildflyUserPropertiesCLIManager.init(BaseWildflyUserPropertiesCLIManager.java:63)
      at org.uberfire.ext.security.management.wildfly.cli.BaseWildflyUserPropertiesCLIManager.initialize(BaseWildflyUserPropertiesCLIManager.java:75)
      at org.uberfire.ext.security.management.BackendUserSystemManager.initialize(BackendUserSystemManager.java:90)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.invokeMethods(DefaultLifecycleCallbackInvoker.java:98)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.postConstruct(DefaultLifecycleCallbackInvoker.java:81)
      at org.jboss.weld.injection.producer.BasicInjectionTarget.postConstruct(BasicInjectionTarget.java:126)
      at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:162)
      at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)
      at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:101)
      at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:141)
      at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
      at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:99)
      at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:125)
      at org.uberfire.ext.security.management.BackendUserSystemManager$Proxy$_$$_WeldClientProxy.users(Unknown Source)
      at org.uberfire.ext.security.management.service.UserManagerServiceImpl.init(UserManagerServiceImpl.java:51)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.invokeMethods(DefaultLifecycleCallbackInvoker.java:98)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.postConstruct(DefaultLifecycleCallbackInvoker.java:81)
      at org.jboss.weld.injection.producer.BasicInjectionTarget.postConstruct(BasicInjectionTarget.java:126)
      at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:162)
      at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)
      at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:101)
      at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:141)
      at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
      at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:99)
      at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:125)
      at org.uberfire.ext.security.management.service.UserManagerServiceImpl$Proxy$_$$_WeldClientProxy.getSettings(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.errai.bus.server.io.AbstractRPCMethodCallback.invokeMethodFromMessage(AbstractRPCMethodCallback.java:48)
      at org.jboss.errai.bus.server.io.ValueReplyRPCEndpointCallback.callback(ValueReplyRPCEndpointCallback.java:24)
      at org.jboss.errai.bus.server.io.RemoteServiceCallback.callback(RemoteServiceCallback.java:54)
      at org.jboss.errai.cdi.server.CDIExtensionPoints$2.callback(CDIExtensionPoints.java:410)
      at org.jboss.errai.bus.server.DeliveryPlan.deliver(DeliveryPlan.java:47)
      at org.jboss.errai.bus.server.ServerMessageBusImpl.sendGlobal(ServerMessageBusImpl.java:297)
      at org.jboss.errai.bus.server.SimpleDispatcher.dispatchGlobal(SimpleDispatcher.java:46)
      at org.jboss.errai.bus.server.service.ErraiServiceImpl.store(ErraiServiceImpl.java:97)
      at org.jboss.errai.bus.server.service.ErraiServiceImpl.store(ErraiServiceImpl.java:114)
      at org.jboss.errai.bus.server.servlet.DefaultBlockingServlet.doPost(DefaultBlockingServlet.java:142)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
      at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:69)
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:57)
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
      at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
      at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
      at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
      at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
      at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
      at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
      at io.undertow.server.Connectors.executeRootHandler(Connectors.java:324)
      at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:803)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:9993. The connection failed
      at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:122)
      at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:257)
      at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:71)
      at org.jboss.as.protocol.mgmt.FutureManagementChannel$Establishing.getChannel(FutureManagementChannel.java:212)
      at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:146)
      at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:65)
      at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:147)
      at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:122)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
      ... 92 more
      Caused by: java.io.EOFException: XNIO000812: Connection closed unexpectedly
      at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:416)
      at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:400)
      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
      at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
      at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
      at org.xnio.nio.WorkerThread.run(WorkerThread.java:571)
      at ...asynchronous invocation...(Unknown Source)
      at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:294)
      at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:276)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:393)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:381)
      at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:83)
      at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:114)
      ... 102 more"

      ~~~

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. RHDM-453 User/Group management does not work if SSL is enabled in EAP management console

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              romartin@redhat.com Roger Martinez
              rhn-support-hmiura Hiroko Miura
              Archiver:
              rhn-support-ceverson Clark Everson
              Tomas David Tomas David
              Tomas David Tomas David

              Dates

                Created:
                Updated:
                Resolved:
                Archived:

                PagerDuty