Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7265

Adding Elytron ldap-realm through CLI throws IllegalArgumentException

    XMLWordPrintable

Details

    • Hide

      Firstly add dir-context which will be used by ldap-realm:

      /subsystem=elytron/dir-context=dir:add(url=someUrl)
      

      Try to add ldap-realm without identity-mapping.user-password-mapper. See also IllegalArgumentException in server log.

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id})
      {
          "outcome" => "failed",
          "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
          "rolled-back" => true
      }
      

      Try to add ldap-realm without identity-mapping.user-password-mapper.writable or identity-mapping.user-password-mapper.verifiable. See also IllegalArgumentException in server log.

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable=true}})
      {
          "outcome" => "failed",
          "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException",
          "rolled-back" => true
      }
      

      Try to add ldap-realm with both identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable

      /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable=true,verifiable=true}})
      {"outcome" => "success"}
      
      Show
      Firstly add dir-context which will be used by ldap-realm: /subsystem=elytron/dir-context=dir:add(url=someUrl) Try to add ldap-realm without identity-mapping.user-password-mapper . See also IllegalArgumentException in server log. /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id}) { "outcome" => "failed" , "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException" , "rolled-back" => true } Try to add ldap-realm without identity-mapping.user-password-mapper.writable or identity-mapping.user-password-mapper.verifiable . See also IllegalArgumentException in server log. /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable= true }}) { "outcome" => "failed" , "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException" , "rolled-back" => true } Try to add ldap-realm with both identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable /subsystem=elytron/ldap-realm=ldap:add(dir-context=dir,identity-mapping={rdn-identifier=id,user-password-mapper={writable= true ,verifiable= true }}) { "outcome" => "success" }

    Description

      In case when ldap-realm is added through CLI then IllegalArgumentException is thrown in all cases when values for identity-mapping.user-password-mapper.writable and identity-mapping.user-password-mapper.verifiable are not set.

      According to read-attribute operation these attributes (writable and verifiable) should has set default values hence they should not be required by CLI.

      Following exception is thrown to server log:

      ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
          ("subsystem" => "elytron"),
          ("ldap-realm" => "ldap")
      ]): java.lang.IllegalArgumentException
      	at org.jboss.dmr.ModelValue.asBoolean(ModelValue.java:69)
      	at org.jboss.dmr.ModelNode.asBoolean(ModelNode.java:267)
      	at org.wildfly.extension.elytron.LdapRealmDefinition$UserPasswordCredentialMappingObjectDefinition.configure(LdapRealmDefinition.java:163)
      	at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.configureIdentityMapping(LdapRealmDefinition.java:420)
      	at org.wildfly.extension.elytron.LdapRealmDefinition$RealmAddHandler.performRuntime(LdapRealmDefinition.java:375)
      	at org.jboss.as.controller.AbstractAddStepHandler.performRuntime(AbstractAddStepHandler.java:337)
      	at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151)
      	at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:940)
      	at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:683)
      	at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382)
      	at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363)
      	at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410)
      	at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at javax.security.auth.Subject.doAs(Subject.java:422)
      	at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
      	at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
      	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
      	at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
      

      Attachments

        Issue Links

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: