Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Servlet tests for JBoss-based adapters with TLS are broken #20385

Closed
mabartos opened this issue May 16, 2023 · 5 comments · Fixed by #20759
Closed

Servlet tests for JBoss-based adapters with TLS are broken #20385

mabartos opened this issue May 16, 2023 · 5 comments · Fixed by #20759
Assignees
@mabartos
Labels
area/adapter/jee area/testsuite Indicates an issue on the Testsuite area kind/bug Categorizes a PR related to a bug team/cloud-native team/continuous-testing
Milestone
22.0.0

Comments

@mabartos
Copy link
Contributor

mabartos commented May 16, 2023
edited
Loading

Area

testsuite

Describe the bug

Servlet tests for WildFly and EAP app-servers with TLS fail.

Pipeline job: https://keycloak-jenkins.com/view/Keycloak/job/universal-test-pipeline-adapters/1650/testReport/org.keycloak.testsuite.adapter.servlet/BrokerLinkAndTokenExchangeTest/Run_tests___EAP_adapters_matrix___adapter_eap_tests___rhel8___eap_tls___mw_openjdk11______/

Log:

2023-05-15 17:05:39,863 INFO  [org.keycloak.common.Profile] (executor-thread-21) Preview features enabled: token-exchange
17:05:39,880 INFO  [org.keycloak.testsuite.arquillian.AppServerTestEnricher] Stopping app server: app-server-eap
17:05:39,893 WARN  [org.jboss.as.arquillian.container.ArchiveDeployer] Cannot undeploy: exchange-linking.war
java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:10190. The connection failed
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:80)
	at org.jboss.as.controller.client.helpers.DelegatingModelControllerClient.execute(DelegatingModelControllerClient.java:68)
	at org.wildfly.plugin.core.DefaultDeploymentManager.execute(DefaultDeploymentManager.java:394)
	at org.wildfly.plugin.core.DefaultDeploymentManager.undeploy(DefaultDeploymentManager.java:185)
	at org.jboss.as.arquillian.container.ArchiveDeployer.undeploy(ArchiveDeployer.java:135)
	at org.jboss.as.arquillian.container.ArchiveDeployer.undeploy(ArchiveDeployer.java:118)
	at org.jboss.as.arquillian.container.CommonDeployableContainer.undeploy(CommonDeployableContainer.java:261)
	at org.jboss.arquillian.container.impl.client.container.ContainerDeployController$4.call(ContainerDeployController.java:186)
	at org.jboss.arquillian.container.impl.client.container.ContainerDeployController$4.call(ContainerDeployController.java:170)
	at org.jboss.arquillian.container.impl.client.container.ContainerDeployController.executeOperation(ContainerDeployController.java:239)
	at org.jboss.arquillian.container.impl.client.container.ContainerDeployController.undeploy(ContainerDeployController.java:170)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90)
	at org.jboss.arquillian.container.impl.client.ContainerDeploymentContextHandler.createDeploymentContext(ContainerDeploymentContextHandler.java:71)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95)
	at org.jboss.arquillian.container.impl.client.ContainerDeploymentContextHandler.createContainerContext(ContainerDeploymentContextHandler.java:54)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105)
	at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:62)
	at org.jboss.arquillian.container.test.impl.client.container.ClientContainerController.stop(ClientContainerController.java:179)
	at org.keycloak.testsuite.arquillian.AppServerTestEnricher.stopAppServer(AppServerTestEnricher.java:286)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90)
	at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:83)
	at jdk.internal.reflect.GeneratedMethodAccessor10.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95)
	at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:69)
	at jdk.internal.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105)
	at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.afterClass(EventTestRunnerAdaptor.java:95)
	at org.jboss.arquillian.junit.Arquillian$3$1.evaluate(Arquillian.java:183)
	at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:350)
	at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54)
	at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:177)
	at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:54)
	at org.junit.rules.RunRules.evaluate(RunRules.java:20)
	at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:413)
	at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:115)
	at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:377)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:284)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:248)
	at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:167)
	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:456)
	at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:169)
	at org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:595)
	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:581)
Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:10190. The connection failed
	at org.jboss.as.protocol.ProtocolConnectionUtils.checkFuture(ProtocolConnectionUtils.java:142)
	at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:122)
	at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259)
	at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
	at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:167)
	at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:132)
	at org.jboss.as.controller.client.impl.RemotingModelControllerClient$2.getChannel(RemotingModelControllerClient.java:85)
	at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
	at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
	at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
	... 76 more
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: javax.security.sasl.SaslException: JBOSS-LOCAL-USER: Server rejected authentication
	at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:445)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:244)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:599)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:561)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:549)
	at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:224)
	at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:118)
	... 86 more
	Suppressed: javax.security.sasl.SaslException: JBOSS-LOCAL-USER: Server rejected authentication
		at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:760)
		at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:602)
		at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
		at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
		at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
		at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

Version

999

How to Reproduce?

Execute Servlet tests with JBoss-based app servers and TLS

Anything else?

No response
@mabartos mabartos added area/testsuite Indicates an issue on the Testsuite area kind/bug Categorizes a PR related to a bug area/adapter/jee labels May 16, 2023
@miquelsi miquelsi added this to the 22.0.0 milestone May 19, 2023
@vmuzikar
Copy link
Contributor

@mabartos Will this be something you could look into?

@mabartos
Copy link
Contributor Author

@vmuzikar Yes, I can.

@mabartos mabartos self-assigned this May 24, 2023
@vmuzikar vmuzikar mentioned this issue May 25, 2023
Closed
@mabartos
Copy link
Contributor Author

@miquelsi It seems the test failures related to the TLS are not caused by the Quarkus 3 upgrade but rather by this PR: #19276.

When the app server with TLS is used in the pipeline execution, there are a lot of failures. Most likely, the cause for this is noted in log[1]:

07:54:17,459 INFO  [org.jboss.as.cli.CommandContext] Warning! The CLI is running in a non-modular environment and cannot load commands from management extensions.
&amp#27;[31m07:54:17,550 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("core-service" => "management"),
    ("security-realm" => "UndertowRealm")
]) - failure description: "WFLYDM0145: The resource 'security-realm' is unsupported since Java 14"
&amp#27;[0m07:54:17,644 DEBUG [org.keycloak.testsuite.arquillian.ServerTestEnricherUtil] Remove Undertow HTTPS listener 'https' for default server and reload/restart server
07:54:17,647 INFO  [org.wildfly.extras.creaper.core.online.OnlineManagementClient] Applying command RemoveUndertowListener https of type https-listener for server default-server

We need to assess the support for JDK17 properly for the app servers. The EAP was upgraded in the testsuite and it's possible to use JDK17 for it. However, there are some missing pieces necessary to finish. You can check the log message:
"WFLYDM0145: The resource 'security-realm' is unsupported since Java 14". Related Red Hat issue[3].

@rmartinc As you made some changes to the adapter test fixes[2], you could have more info, right?

[1] https://keycloak-jenkins.com/view/Keycloak/job/universal-test-pipeline-adapters/1667/testReport/org.keycloak.testsuite.adapter.example.cors/CorsExampleAdapterTest/Run_tests___EAP_adapters_matrix___adapter_eap_tests___rhel8___eap_tls___mw_openjdk17___angularCorsProductTest/
[2] #19273
[3] https://access.redhat.com/solutions/6999875

mabartos added a commit to mabartos/keycloak that referenced this issue May 29, 2023
@mabartos
Servlet tests for JBoss-based adapters with TLS are broken
899cc3a 
Fixes keycloak#20385
@rmartinc
Copy link
Contributor

@mabartos That error means you are running a eap/wildfly server with JDK-17 without removing the old subsystems that are known to be non-valid. In my PR what I did was adding the execution of the enable-elytron-se17.cli script that performs exactly that (it removes old sub-systems and enables the new ones). it was done only at the server side. I don't think my change alone can broke the pipeline, JDK should have been upgraded to JDK-17 too.

Are the adapters tests running with wildfly/EAP with JDK-17 too? Maybe the issue is that the EAP server for the adapters should also be modified with the same script. Besides if some extra configuration is done for the TLS, that conf should also be done using the new elytron and not the old security-realm.

I can take a look if you send me the exact maven line you are executing.

@mabartos mabartos mentioned this issue May 30, 2023
Closed
@mabartos
Copy link
Contributor Author

mabartos commented May 30, 2023
edited
Loading

@rmartinc Thanks for the info. AFAIK, also the adapter tests are executed with JDK17, that's why I've spotted the error log related to the unsupported security-realm since Java 14.

Yes, it seems we need to also use the script for the JBoss-based app servers. I've sent a draft PR with some related changes to that: #20634

rmartinc added a commit to rmartinc/keycloak that referenced this issue Jun 2, 2023
@rmartinc
Manage elytron configuration if configured for JDK-17
3666cd8 
Closes keycloak#20385
@rmartinc rmartinc mentioned this issue Jun 2, 2023
Merged
mhajas pushed a commit that referenced this issue Jun 5, 2023
@rmartinc @mhajas
Manage elytron configuration if configured for JDK-17
d800947 
Closes #20385
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mabartos mabartos

Labels
area/adapter/jee area/testsuite Indicates an issue on the Testsuite area kind/bug Categorizes a PR related to a bug team/cloud-native team/continuous-testing
Projects
Testsuite Stabilization
Status: Done
Milestone
22.0.0
4 participants
@miquelsi @vmuzikar @rmartinc @mabartos