Uploaded image for project: 'Red Hat Decision Manager'
  1. Red Hat Decision Manager
  2. RHDM-453

User/Group management does not work if SSL is enabled in EAP management console

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.0.1.GA
    • 7.0.0.GA
    • Decision Central
    • RHDM 7.0.0GA
      EAP7.1

    • CR1
    • Workaround Exists
    • Hide

      use WildflyUserManagementService instead of WildflyCLIUserManagementService in order to manager property files (not via CLI)

      e.g.
      ~~~
      org.uberfire.ext.security.management.api.userManagementServices=WildflyUserManagementService
      org.uberfire.ext.security.management.wildfly.properties.users-file-path=/PATH/TO/standalone/configuration/application-users.properties
      org.uberfire.ext.security.management.wildfly.properties.groups-file-path=/PATH/TO/standalone/configuration/application-roles.properties
      ~~~

      Show
      use WildflyUserManagementService instead of WildflyCLIUserManagementService in order to manager property files (not via CLI) e.g. ~~~ org.uberfire.ext.security.management.api.userManagementServices=WildflyUserManagementService org.uberfire.ext.security.management.wildfly.properties.users-file-path=/PATH/TO/standalone/configuration/application-users.properties org.uberfire.ext.security.management.wildfly.properties.groups-file-path=/PATH/TO/standalone/configuration/application-roles.properties ~~~
    • Hide

      1. enable SSL in management console by following steps in the document.

      https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#mgmt_interface_ssl

      2. modify decision-central.war/WEB-INF/classes/security-management.properties accordingly

      ~~~

      1. Enable the user and group security management provider for Wildfly/EAP.
        org.uberfire.ext.security.management.api.userManagementServices=WildflyCLIUserManagementService
      2. Uncomment next line if you're using a different http management port, rather than the default (9990).
        org.uberfire.ext.security.management.wildfly.cli.port=9993 <<== HERE
        ~~~
        3. restart server and login decision central, click gear icon at right upper corner.
        => no number is shown in User and Group management icon.
      Show
      1. enable SSL in management console by following steps in the document. https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#mgmt_interface_ssl 2. modify decision-central.war/WEB-INF/classes/security-management.properties accordingly ~~~ Enable the user and group security management provider for Wildfly/EAP. org.uberfire.ext.security.management.api.userManagementServices=WildflyCLIUserManagementService Uncomment next line if you're using a different http management port, rather than the default (9990). org.uberfire.ext.security.management.wildfly.cli.port=9993 <<== HERE ~~~ 3. restart server and login decision central, click gear icon at right upper corner. => no number is shown in User and Group management icon.

      If SSL is enabled in EAP's management console like the following,

      2018-02-21 00:07:59,236 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0061: Http management interface listening on https://127.0.0.1:9993/management

      User management/Group management does not work with he following exception.
      ~~~
      2018-02-21 00:08:38,584 INFO [org.uberfire.ext.security.management.BackendUserSystemManager] (default task-26) Using the user management service named 'WildflyCLIUserManagementService'
      2018-02-21 00:08:38,615 ERROR [org.uberfire.ext.security.management.wildfly.cli.BaseWildflyCLIManager] (default task-26) Error reading realm using CLI commands.: java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9993. The connection failed
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
      at org.uberfire.ext.security.management.wildfly.cli.BaseWildflyCLIManager.getPropertiesFilePath(BaseWildflyCLIManager.java:124)
      at org.uberfire.ext.security.management.wildfly.cli.WildflyUserPropertiesCLIManager.getUsersPropertiesFilePath(WildflyUserPropertiesCLIManager.java:59)
      at org.uberfire.ext.security.management.wildfly.cli.WildflyUserPropertiesCLIManager.init(WildflyUserPropertiesCLIManager.java:64)
      at org.uberfire.ext.security.management.wildfly.cli.WildflyUserPropertiesCLIManager.initialize(WildflyUserPropertiesCLIManager.java:88)
      at org.uberfire.ext.security.management.BackendUserSystemManager.initialize(BackendUserSystemManager.java:93)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.invokeMethods(DefaultLifecycleCallbackInvoker.java:97)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.postConstruct(DefaultLifecycleCallbackInvoker.java:80)
      at org.jboss.weld.injection.producer.BasicInjectionTarget.postConstruct(BasicInjectionTarget.java:122)
      at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:162)
      at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)
      at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100)
      at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:140)
      at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
      at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:99)
      at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:125)
      at org.uberfire.ext.security.management.BackendUserSystemManager$Proxy$_$$_WeldClientProxy.users(Unknown Source)
      at org.uberfire.ext.security.management.service.UserManagerServiceImpl.init(UserManagerServiceImpl.java:52)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.invokeMethods(DefaultLifecycleCallbackInvoker.java:97)
      at org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.postConstruct(DefaultLifecycleCallbackInvoker.java:80)
      at org.jboss.weld.injection.producer.BasicInjectionTarget.postConstruct(BasicInjectionTarget.java:122)
      at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:162)
      at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)
      at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100)
      at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:140)
      at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
      at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:99)
      at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:125)
      at org.uberfire.ext.security.management.service.UserManagerServiceImpl$Proxy$_$$_WeldClientProxy.getSettings(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.errai.bus.server.io.AbstractRPCMethodCallback.invokeMethodFromMessage(AbstractRPCMethodCallback.java:65)
      at org.jboss.errai.bus.server.io.ValueReplyRPCEndpointCallback.callback(ValueReplyRPCEndpointCallback.java:40)
      at org.jboss.errai.bus.server.io.RemoteServiceCallback.callback(RemoteServiceCallback.java:54)
      at org.jboss.errai.cdi.server.CDIExtensionPoints$2.callback(CDIExtensionPoints.java:448)
      at org.jboss.errai.bus.server.DeliveryPlan.deliver(DeliveryPlan.java:47)
      at org.jboss.errai.bus.server.ServerMessageBusImpl.sendGlobal(ServerMessageBusImpl.java:297)
      at org.jboss.errai.bus.server.SimpleDispatcher.dispatchGlobal(SimpleDispatcher.java:46)
      at org.jboss.errai.bus.server.service.ErraiServiceImpl.store(ErraiServiceImpl.java:96)
      at org.jboss.errai.bus.server.service.ErraiServiceImpl.store(ErraiServiceImpl.java:113)
      at org.jboss.errai.bus.server.servlet.DefaultBlockingServlet.doPost(DefaultBlockingServlet.java:144)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
      at io.undertow.websockets.jsr.JsrWebSocketFilter.doFilter(JsrWebSocketFilter.java:130)
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      at org.uberfire.ext.security.server.SecureHeadersFilter.doFilter(SecureHeadersFilter.java:110)
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      at org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:70)
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
      at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
      at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
      at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
      at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
      at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
      at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
      at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
      at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
      at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
      at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
      at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
      at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
      at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
      at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
      at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
      at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
      at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
      at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9993. The connection failed
      at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:128)
      at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259)
      at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
      at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:162)
      at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:146)
      at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:60)
      at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
      at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
      at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
      ... 105 more
      Caused by: java.io.EOFException: XNIO000812: Connection closed unexpectedly
      at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:416)
      at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:400)
      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
      at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
      at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
      at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
      at ...asynchronous invocation...(Unknown Source)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:570)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:532)
      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:520)
      at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:204)
      at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:120)
      ... 115 more
      ~~~

            romartin@redhat.com Roger Martinez
            rhn-support-hmiura Hiroko Miura
            Tomas David Tomas David
            Tomas David Tomas David
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: