Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7265

Adding Elytron ldap-realm through CLI throws IllegalArgumentException

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • 11.0.0.Alpha1
    • None
    • Security
    • None
    • Hide

      Firstly add dir-context which will be used by ldap-realm:

      /subsystem=elytron/dir-context=dir:add(url=someUrl)

      Try to add ldap-realm without identity-mapping.user-password-mapper. See also IllegalArgumentException in server log.

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id})
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
    "rolled-back" => true
}

      Try to add ldap-realm without identity-mapping.user-password-mapper.writable or identity-mapping.user-password-mapper.verifiable. See also IllegalArgumentException in server log.

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable=true}})
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
    "rolled-back" => true
}

      Try to add ldap-realm with both identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable=true,verifiable=true}})
{"outcome" => "success"}
      Show
      Firstly add dir-context which will be used by ldap-realm: /subsystem=elytron/dir-context=dir:add(url=someUrl) Try to add ldap-realm without identity-mapping.user-password-mapper . See also IllegalArgumentException in server log. /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id}) { "outcome" => "failed" , "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException" , "rolled-back" => true } Try to add ldap-realm without identity-mapping.user-password-mapper.writable or identity-mapping.user-password-mapper.verifiable . See also IllegalArgumentException in server log. /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable= true }}) { "outcome" => "failed" , "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException" , "rolled-back" => true } Try to add ldap-realm with both identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable= true ,verifiable= true }}) { "outcome" => "success" }

      In case when ldap-realm is added through CLI then IllegalArgumentException is thrown in all cases when values for identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable are not set.

      According to read-attribute operation these attributes (writable and verifiable) should has set default values hence they should not be required by CLI.

      Following exception is thrown to server log:

      ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("ldap-realm" => "ldap")
]): java.lang.IllegalArgumentException
	at org.jboss.dmr.ModelValue.asBoolean(ModelValue.java:69)
	at org.jboss.dmr.ModelNode.asBoolean(ModelNode.java:267)
	at org.wildfly.extension.elytron.LdapRealmDefinition$UserPasswordCredentialMappingObjectDefinition.configure(LdapRealmDefinition.java:163)
	at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.configureIdentityMapping(LdapRealmDefinition.java:420)
	at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.performRuntime(LdapRealmDefinition.java:375)
	at org.jboss.as.controller.AbstractAddStepHandler.performRuntime(AbstractAddStepHandler.java:337)
	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151)
	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:940)
	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:683)
	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382)
	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363)
	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410)
	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
	at org.jboss.threads.JBossThread.run(JBossThread.java:320)

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: