Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WFCORE-5936] Ldap autentication using referrals fails on JDK 17 with ApacheDS #5123

Merged
merged 1 commit into from Jun 13, 2022
Merged

[WFCORE-5936] Ldap autentication using referrals fails on JDK 17 with ApacheDS #5123

merged 1 commit into from Jun 13, 2022

Conversation

rmartinc
Copy link
Contributor

@rmartinc rmartinc commented Jun 8, 2022

Issue: https://issues.redhat.com/browse/WFCORE-5936

The elytron dir-context also needs exports for com.sun.jndi.url.ldap in order to follow referrals in JDK-17. There is a exception in org.jboss.as.naming.context.ObjectFactoryBuilder when trying to recreate the context for the referral now. Just adding the same exports that were added for com.sun.jndi.ldap in WFCORE-5438.

@bstansberry Take a look when you have time. If you want it in another branch (26.x) just let me know.

@fjuma I was thinking about adding a referral and referral-mode=follow ldap realm test but I see they are on wildfly. I can create a followup JIRA for that if you think it's interesting.

@github-actions github-actions bot added the deps-ok Dependencies have been checked, and there are no significant changes label Jun 8, 2022
soul2zimate
soul2zimate reviewed Jun 8, 2022
View reviewed changes
Copy link
Contributor

@soul2zimate soul2zimate left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe you also need to update https://github.com/wildfly/wildfly-core/blob/19.0.0.Beta11/pom.xml#L156

@rmartinc
Copy link
Contributor Author

rmartinc commented Jun 8, 2022

Thanks @soul2zimate! Yes, I have not searched for poms... 😄

@yersan yersan requested a review from ropalka June 8, 2022 12:29
@fjuma
Copy link
Contributor

fjuma commented Jun 8, 2022

@rmartinc Thanks for working on this! It would be great to have a follow-up issue to add the test you mentioned.

@bstansberry
Copy link
Contributor

@fjuma @rmartinc Do we need com.sun.jndi.url.ldaps as well? For ldapsURLContextFactory.

@jmesnil @jfdenise @pferraro FYI re this general topic for cloud, as a similar pattern of packages exists in jdk.naming.dns module with com.sun.jndi.dns and com.sun.jndi.url.dns. I don't know if that's relevant to how JGroups uses that package though.

@rmartinc
Copy link
Contributor Author

rmartinc commented Jun 8, 2022
edited

Do we need com.sun.jndi.url.ldaps as well? For ldapsURLContextFactory.

@bstansberry Very good catch! Yes, it is also needed... I see the same exception if the url returned in the referral if pointing to a ldaps port:

javax.naming.NamingException: com.sun.jndi.url.ldaps.ldapsURLContextFactory [Root exception is java.lang.IllegalAccessException: class org.jboss.as.naming.context.ObjectFactoryBuilder cannot access class com.sun.jndi.url.ldaps.ldapsURLContextFactory (in module java.naming) because module java.naming does not export com.sun.jndi.url.ldaps to unnamed module @3dce7f38]
 	at org.jboss.as.naming@26.1.2.Final-SNAPSHOT//org.jboss.as.naming.context.ObjectFactoryBuilder.getURLObjectFactory(ObjectFactoryBuilder.java:263)
 	at org.jboss.as.naming@26.1.2.Final-SNAPSHOT//org.jboss.as.naming.context.ObjectFactoryBuilder.processURL(ObjectFactoryBuilder.java:213)
	at org.jboss.as.naming@26.1.2.Final-SNAPSHOT//org.jboss.as.naming.context.ObjectFactoryBuilder.lookForURLs(ObjectFactoryBuilder.java:198)
 	at org.jboss.as.naming@26.1.2.Final-SNAPSHOT//org.jboss.as.naming.context.ObjectFactoryBuilder.factoryFromReference(ObjectFactoryBuilder.java:162)
 	at org.jboss.as.naming@26.1.2.Final-SNAPSHOT//org.jboss.as.naming.context.ObjectFactoryBuilder.createObjectFactory(ObjectFactoryBuilder.java:74)
 	at java.naming/javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:320)
 	at java.naming/com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119)
 	...
Caused by: java.lang.IllegalAccessException: class org.jboss.as.naming.context.ObjectFactoryBuilder cannot access class com.sun.jndi.url.ldaps.ldapsURLContextFactory (in module java.naming) because module java.naming does not export com.sun.jndi.url.ldaps to unnamed module @3dce7f38
 	at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392)
 	at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674)
 	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489)
 	at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:128)
 	at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:347)
 	at java.base/java.lang.Class.newInstance(Class.java:645)
 	at org.jboss.as.naming@26.1.2.Final-SNAPSHOT//org.jboss.as.naming.context.ObjectFactoryBuilder.getURLObjectFactory(ObjectFactoryBuilder.java:261)
 	... 76 more

I'll submit a new PR tomorrow morning adding both exports in all the places.

@rmartinc
Copy link
Contributor Author

rmartinc commented Jun 9, 2022

Now ldap and ldaps packages are added. Thanks @bstansberry!

@wildfly-ci
Copy link

Core -> Full Integration Build 11654 outcome was FAILURE using a merge of e4cb0e9
Summary: Tests failed: 1 (1 new), passed: 7163, ignored: 150 Build time: 03:53:34

Failed tests

org.jboss.as.clustering.jgroups.subsystem.JGroupsTransformersTestCase.testRejectionsEAP740: java.lang.RuntimeException: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.jboss.eap:wildfly-clustering-jgroups-extension:jar:7.4.0.GA-redhat-00005 from/to repo0 (http://nexus.wildfly.int/nexus/repository/public/): Connect to nexus.wildfly.int:80 timed out
	at org.jboss.as.model.test.MavenUtil.createMavenGavURL(MavenUtil.java:142)
	at org.jboss.as.model.test.ChildFirstClassLoaderBuilder.addMavenResourceURL(ChildFirstClassLoaderBuilder.java:198)
	at org.jboss.as.subsystem.test.SubsystemTestDelegate$LegacyKernelServiceInitializerImpl.addMavenResourceURL(SubsystemTestDelegate.java:712)
	at org.jboss.as.clustering.jgroups.subsystem.JGroupsTransformersTestCase.testRejections(JGroupsTransformersTestCase.java:137)
	at org.jboss.as.clustering.jgroups.subsystem.JGroupsTransformersTestCase.testRejectionsEAP740(JGroupsTransformersTestCase.java:124)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.jboss.eap:wildfly-clustering-jgroups-extension:jar:7.4.0.GA-redhat-00005 from/to repo0 (http://nexus.wildfly.int/nexus/repository/public/): Connect to nexus.wildfly.int:80 timed out
	at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:422)
	at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:224)
	at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:201)
	at org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveArtifact(DefaultRepositorySystem.java:260)
	at org.jboss.as.model.test.MavenUtil.createMavenGavURL(MavenUtil.java:140)
	... 34 more
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.jboss.eap:wildfly-clustering-jgroups-extension:jar:7.4.0.GA-redhat-00005 from/to repo0 (http://nexus.wildfly.int/nexus/repository/public/): Connect to nexus.wildfly.int:80 timed out
	at org.eclipse.aether.connector.basic.ArtifactTransportListener.transferFailed(ArtifactTransportListener.java:52)
	at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:365)
	at org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run(RunnableErrorForwarder.java:75)
	at org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute(BasicRepositoryConnector.java:583)
	at org.eclipse.aether.connector.basic.BasicRepositoryConnector.get(BasicRepositoryConnector.java:259)
	at org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:498)
	at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:399)
	... 38 more
Caused by: org.apache.http.conn.ConnectTimeoutException: Connect to nexus.wildfly.int:80 timed out
	at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:123)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:326)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
	at org.apache.http.impl.client.DecompressingHttpClient.execute(DecompressingHttpClient.java:164)
	at org.eclipse.aether.transport.http.HttpTransporter.execute(HttpTransporter.java:296)
	at org.eclipse.aether.transport.http.HttpTransporter.implGet(HttpTransporter.java:252)
	at org.eclipse.aether.spi.connector.transport.AbstractTransporter.get(AbstractTransporter.java:67)
	at org.eclipse.aether.connector.basic.BasicRepositoryConnector$GetTaskRunner.runTask(BasicRepositoryConnector.java:453)
	at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:360)
	... 43 more

@yersan yersan added the ready-for-merge This PR is ready to be merged and fulfills all requirements label Jun 10, 2022
@yersan yersan merged commit 8014edc into wildfly:main Jun 13, 2022
@bstansberry bstansberry mentioned this pull request Aug 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@soul2zimate soul2zimate soul2zimate left review comments

@ropalka ropalka ropalka approved these changes

@fjuma fjuma fjuma approved these changes

Assignees
No one assigned
Labels
deps-ok Dependencies have been checked, and there are no significant changes ready-for-merge This PR is ready to be merged and fulfills all requirements
Projects
None yet
Milestone
No milestone
7 participants
@rmartinc @fjuma @bstansberry @wildfly-ci @ropalka @soul2zimate @yersan