Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-4778

Legacy LDAP realm, runtime operations and access to runtime attributes fail

    Details

    • Steps to Reproduce:
      Hide
      • configure security realm to use cache with eviction by search time strategy
                  <security-realm name="authn-by-search-time-neg-neg">
                      <authentication>
                          <ldap connection="ldap-connection" base-dn="o=LdapCacheInSecurityRealmsManualTestda9786df,o=primary,dc=jboss,dc=org" recursive="true">
                              <cache eviction-time="-1" max-cache-size="-1"/>
                              <username-filter attribute="uid"/>
                          </ldap>
                      </authentication>
                      <authorization>
                          <properties path="/home/okotek/git/tests-ldap-kerberos/eap7/target/LdapCacheInSecurityRealmsManualTest-roles.properties"/>
                      </authorization>
                  </security-realm>
      
      • configure http interface to be secured by this realm
                  <http-interface security-realm="authn-by-search-time-neg-neg">
                      <http-upgrade enabled="true"/>
                      <socket-binding http="management-http"/>
                  </http-interface>
      
      • try to access runtime attributes or perform an runtime operation
      /core-service=management/security-realm=authn-by-search-time-neg-neg/authentication=ldap/cache=by-search-time:read-resource(include-runtime=true)
      /core-service=management/security-realm=authn-by-search-time-neg-neg/authentication=ldap/cache=by-search-time:contains(name=userA)"
      
      Show
      configure security realm to use cache with eviction by search time strategy <security-realm name="authn-by-search-time-neg-neg"> <authentication> <ldap connection="ldap-connection" base-dn="o=LdapCacheInSecurityRealmsManualTestda9786df,o=primary,dc=jboss,dc=org" recursive="true"> <cache eviction-time="-1" max-cache-size="-1"/> <username-filter attribute="uid"/> </ldap> </authentication> <authorization> <properties path="/home/okotek/git/tests-ldap-kerberos/eap7/target/LdapCacheInSecurityRealmsManualTest-roles.properties"/> </authorization> </security-realm> configure http interface to be secured by this realm <http-interface security-realm="authn-by-search-time-neg-neg"> <http-upgrade enabled="true"/> <socket-binding http="management-http"/> </http-interface> try to access runtime attributes or perform an runtime operation /core-service=management/security-realm=authn-by-search-time-neg-neg/authentication=ldap/cache=by-search-time:read-resource(include-runtime=true) /core-service=management/security-realm=authn-by-search-time-neg-neg/authentication=ldap/cache=by-search-time:contains(name=userA)"
    • Affects Testing:
      Regression

      Description

      Runtime operations and access to runtime attributes fail for legacy LDAP realm.

      ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("read-attribute") failed - address: ([
          ("core-service" => "management"),
          ("security-realm" => "authn-by-search-time-neg-neg"),
          ("authentication" => "ldap"),
          ("cache" => "by-search-time")
      ]): java.lang.UnsupportedOperationException
              at org.jboss.msc.service.ServiceControllerImpl.awaitValue(ServiceControllerImpl.java:1115)
              at org.jboss.msc.service.DelegatingServiceController.awaitValue(DelegatingServiceController.java:110)
              at org.jboss.as.domain.management.security.LdapCacheResourceDefinition$BaseRuntimeOpHandler.lookupService(LdapCacheResourceDefinition.java:321)
              at org.jboss.as.domain.management.security.LdapCacheResourceDefinition$BaseRuntimeOpHandler.readAttribute(LdapCacheResourceDefinition.java:288)
              at org.jboss.as.domain.management.security.LdapCacheResourceDefinition$BaseRuntimeOpHandler$1.execute(LdapCacheResourceDefinition.java:269)
              at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
              at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
              at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
              at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413)
              at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:423)
              at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:243)
              at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:289)
              at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:255)
              at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:243)
              at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:240)
              at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:138)
              at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:162)
              at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:158)
              at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:313)
              at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:270)
              at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254)
              at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225)
              at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:158)
              at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
              at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
              at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
              at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
              at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
              at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
              at java.lang.Thread.run(Thread.java:748)
              at org.jboss.threads.JBossThread.run(JBossThread.java:485)
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ropalka Richard Opalka
                  Reporter:
                  okotek Ondrej Kotek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: