Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7225

Writing wrong realm-mapper to security-domain causes failures after reload

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 11.0.0.Alpha1
    • 11.0.0.Alpha1
    • Security
    • None
    • Hide
      /subsystem=elytron/simple-regex-realm-mapper=SomeRealmMapper:add(pattern=somePattern)
      /subsystem=elytron/security-domain=SomeSecurityDomain:add(default-realm=ManagementRealm,realms=[{realm=ManagementRealm}])
      /subsystem=elytron/security-domain=SomeSecurityDomain:write-attribute(name=realm-mapper,value=SomeRealmMapper)
      {
          "outcome" => "success",
          "response-headers" => {
              "operation-requires-reload" => true,
              "process-state" => "reload-required"
          }
      }
      reload
      
      Show
      /subsystem=elytron/simple-regex-realm-mapper=SomeRealmMapper:add(pattern=somePattern) /subsystem=elytron/security-domain=SomeSecurityDomain:add( default -realm=ManagementRealm,realms=[{realm=ManagementRealm}]) /subsystem=elytron/security-domain=SomeSecurityDomain:write-attribute(name=realm-mapper,value=SomeRealmMapper) { "outcome" => "success" , "response-headers" => { "operation-requires-reload" => true , "process-state" => "reload-required" } } reload

      In case when write-attribute operation to security-domain is used for some realm-mapper with pattern which does not include a capture group, then operation succeeded. However after server reload/restart exception occurs in server log and affected security domain does not start correctly.

      Suggestion:
      Writing wrong realm-mapper to security-domain should be denied.

      Issue can be related to JBEAP-6214.

      Exceptions in server log:

      ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service org.wildfly.security.realm-mapper.SomeRealmMapper: org.jboss.msc.service.StartException in service org.wildfly.security.realm-mapper.SomeRealmMapper: Failed to start service
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.IllegalArgumentException: ELY01065: Pattern requires a capture group
      	at org.wildfly.security.auth.util.SimpleRegexRealmMapper.<init>(SimpleRegexRealmMapper.java:64)
      	at org.wildfly.security.auth.util.SimpleRegexRealmMapper.<init>(SimpleRegexRealmMapper.java:49)
      	at org.wildfly.extension.elytron.RealmMapperDefinitions$SimpleRegexRealmMapperAddHandler.lambda$performRuntime$0(RealmMapperDefinitions.java:157)
      	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
      	... 3 more
      ...
      ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
          ("subsystem" => "elytron"),
          ("security-domain" => "SomeSecurityDomain")
      ]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}
      07:29:21,263 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
          ("subsystem" => "elytron"),
          ("simple-regex-realm-mapper" => "SomeRealmMapper")
      ]) - failure description: {
          "WFLYCTL0080: Failed services" => {"org.wildfly.security.realm-mapper.SomeRealmMapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.realm-mapper.SomeRealmMapper: Failed to start service
          Caused by: java.lang.IllegalArgumentException: ELY01065: Pattern requires a capture group"},
          "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.realm-mapper.SomeRealmMapper"],
          "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
      }
      ...
      ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: JBoss EAP 7.1.0.Alpha1 (WildFly Core 3.0.0.Alpha8-redhat-2) started (with errors) in 616ms - Started 351 of 601 services (2 services failed or missing dependencies, 399 services are lazy, passive or on-demand)
      

              rhn-support-ivassile Ilia Vassilev
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: