glassfish
  1. glassfish
  2. GLASSFISH-17900

Error when a user is added to a file Realm in a cluster config.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 4.0_b84_RC1
    • Component/s: security
    • Labels:
      None
    • Environment:

      OS : windows 2008 server
      FF 8.0.1
      GF nightly dated b13-12-04_2011

      Description

      When we add users to a fileRealm created in a cluster config, we see error that the user already exists. This issue shows up on windows systems and cluster-configs, when we specify the keyfile location for the file Realm using backward slashes. In server-configs this issue does not show up.Here are the steps to reproduce:

      1) Install GF on a windows system , for Ex in a dir : C:\V3.1.2\glassfish3
      2) enable secure admin and access console from remote browser, or access it locally.
      3) Create a cluster with 2 instances on localhost-domain and start the cluster.
      4) Under cluster-config/security/Realms, create a file realm as below:
      --name : sqe-file-realm.
      --Jaas context: fileRealm
      --keyfile : C:\V3.1.2\glassfish3\glassfish\domains\domain1\config\keyfile

      filerealm is created succesfully.

      5) Open the created realm and select Manage Users button, and try adding a user Ex: admin1, with some password. Notice the error in seen in console that user exists.

      "An error has occurred
      An error occurred during replication FAILURE: Command create-file-user failed on server instance ins2: remote failure: Adding User admin1 to file realm sqe-file-realm failed. User admin1 already exists. User admin1 already exists. FAILURE: Command create-file-user failed on server instance ins1: remote failure: Adding User admin1 to file realm sqe-file-realm failed. User admin1 already exists. User admin1 already exists. FAILURE: Command create-file-user failed on server instance ins2: remote failure: Adding User admin1 to file realm sqe-file-realm failed. User admin1 already exists. User admin1 already exists. FAILURE: Command create-file-user failed on server instance ins1: remote failure: Adding User admin1 to file realm sqe-file-realm failed. User admin1 already exists. User admin1 already exists. "

      This issue shows up only for cluster-configs, and when keyfile dir location has the backward slashes. while creating the filerealm, if we provide the keyfile dir location as "$

      {com.sun.aas.instanceRoot}

      /config/keyfile". with forward slashes, then no error is seen while adding new users to the realm.

      Attached the screenshots.

      server.log has the same error as shown in the console.

      1. add-user.JPG
        157 kB
      2. file-realm.JPG
        124 kB

        Activity

        Hide
        Anissa Lam added a comment -

        Can u repeat the same steps using CLI ? Does it show the same error ?

        Show
        Anissa Lam added a comment - Can u repeat the same steps using CLI ? Does it show the same error ?
        Hide
        srinik76 added a comment -

        Tried the same steps using CLI, it fails

        srinivas@srinivas-laptop:~/v3/3.1.2/glassfish3/glassfish/bin$ ./asadmin create-file-user --target testcluster admin1
        Authentication failed with password from login store: /home/srinivas/.asadminpass
        Enter admin password for user "admin">
        Enter the user password>
        Enter the user password again>
        remote failure: Adding User admin1 to file realm file failed.
        Command create-file-user failed.
        srinivas@srinivas-laptop:~/v3/3.1.2/glassfish3/glassfish/bin$

        The server.log shows the following

        [#|2011-12-15T15:47:28.048+0530|INFO|glassfish3.1.2|javax.enterprise.system.tools.admin.com.sun.enterprise.container.common|_ThreadID=46;_ThreadName=Thread-2;|User [admin] from host localhost does not have administration access|#]

        [#|2011-12-15T15:47:28.064+0530|INFO|glassfish3.1.2|javax.enterprise.system.tools.admin.com.sun.enterprise.container.common|_ThreadID=47;_ThreadName=Thread-2;|User [admin] from host localhost does not have administration access|#]

        Show
        srinik76 added a comment - Tried the same steps using CLI, it fails srinivas@srinivas-laptop:~/v3/3.1.2/glassfish3/glassfish/bin$ ./asadmin create-file-user --target testcluster admin1 Authentication failed with password from login store: /home/srinivas/.asadminpass Enter admin password for user "admin"> Enter the user password> Enter the user password again> remote failure: Adding User admin1 to file realm file failed. Command create-file-user failed. srinivas@srinivas-laptop:~/v3/3.1.2/glassfish3/glassfish/bin$ The server.log shows the following [#|2011-12-15T15:47:28.048+0530|INFO|glassfish3.1.2|javax.enterprise.system.tools.admin.com.sun.enterprise.container.common|_ThreadID=46;_ThreadName=Thread-2;|User [admin] from host localhost does not have administration access|#] [#|2011-12-15T15:47:28.064+0530|INFO|glassfish3.1.2|javax.enterprise.system.tools.admin.com.sun.enterprise.container.common|_ThreadID=47;_ThreadName=Thread-2;|User [admin] from host localhost does not have administration access|#]
        Hide
        srinik76 added a comment -

        Shaline, i see a CLI also fails but with different error not like GUI/REST. Please confirm in your setup.

        Show
        srinik76 added a comment - Shaline, i see a CLI also fails but with different error not like GUI/REST. Please confirm in your setup.
        Hide
        shaline added a comment -

        I tried the above in the CLI, and was able to see the same error in CLI as in the Console.
        --Created a fileRealm with backward slashes for the Keyfile location in a cluster config.
        Then in CLI tried to add the user to the realm as below:

        C:\SQE\glassfish\V3.1.2\glassfish3\glassfish\bin>asadmin create-file-user --authrealmname MyFileRealm --target cluster1 myadmin
        Authentication failed with password from login store: C:\Users\j2eetest\.asadminpass
        Enter admin password for user "admin">
        Enter the user password>
        Enter the user password again>
        remote failure: An error occurred during replication
        FAILURE: Command create-file-user failed on server instance ins2: remote failure
        : Adding User myadmin to file realm MyFileRealm failed. User myadmin already exists.
        User myadmin already exists.
        FAILURE: Command create-file-user failed on server instance ins1: remote failure
        : Adding User myadmin to file realm MyFileRealm failed. User myadmin already exists.
        User myadmin already exists.
        Command create-file-user failed.

        Show
        shaline added a comment - I tried the above in the CLI, and was able to see the same error in CLI as in the Console. --Created a fileRealm with backward slashes for the Keyfile location in a cluster config. Then in CLI tried to add the user to the realm as below: C:\SQE\glassfish\V3.1.2\glassfish3\glassfish\bin>asadmin create-file-user --authrealmname MyFileRealm --target cluster1 myadmin Authentication failed with password from login store: C:\Users\j2eetest\.asadminpass Enter admin password for user "admin"> Enter the user password> Enter the user password again> remote failure: An error occurred during replication FAILURE: Command create-file-user failed on server instance ins2: remote failure : Adding User myadmin to file realm MyFileRealm failed. User myadmin already exists. User myadmin already exists. FAILURE: Command create-file-user failed on server instance ins1: remote failure : Adding User myadmin to file realm MyFileRealm failed. User myadmin already exists. User myadmin already exists. Command create-file-user failed.
        Hide
        Anissa Lam added a comment -

        Thanks Shaline for the update.
        Since CLI is also giving the same error, and GUI displays that error correctly, I am transferring this security for evaluation.

        Show
        Anissa Lam added a comment - Thanks Shaline for the update. Since CLI is also giving the same error, and GUI displays that error correctly, I am transferring this security for evaluation.
        Hide
        kumarjayanti added a comment -

        cannot fix is 3.1.2 and is not a Stopper in that sense.

        Show
        kumarjayanti added a comment - cannot fix is 3.1.2 and is not a Stopper in that sense.
        Hide
        shaline added a comment -

        I saw this issue on Solaris as well on cluster configs on GF 3.1.2 b20. When we add a user to an existing fileRealm in a cluster config, using the "manage users" button , the same above error gets displayed. but the user finally gets added and shows up in the Users table. When we try to delete the user , the below error gets displayed in the console.
        An error has occurred
        DELETE https://localhost:4848/management/domain/configs/config/cluster2-config/security-service/auth-realm/myFile/delete-user?target=cluster2-config&name=user1 returned a response status of 500 Internal Server Error

        Show
        shaline added a comment - I saw this issue on Solaris as well on cluster configs on GF 3.1.2 b20. When we add a user to an existing fileRealm in a cluster config, using the "manage users" button , the same above error gets displayed. but the user finally gets added and shows up in the Users table. When we try to delete the user , the below error gets displayed in the console. An error has occurred DELETE https://localhost:4848/management/domain/configs/config/cluster2-config/security-service/auth-realm/myFile/delete-user?target=cluster2-config&name=user1 returned a response status of 500 Internal Server Error
        Hide
        Anissa Lam added a comment -

        I tested this again on the latest build, I don't see this issue any more.
        I tried

        • create a cluster
        • go to the cluster's config, create a file realm, file realm created successfully.
        • edit the file realm and click the Manage User button
        • add a user, no issues.
        • delete the user, no issues
        • delete the file realm, no issues.

        I tested above on both Mac and Windows, tried with both cluster running and stopped.
        So, I cannot reproduce this issue in 4.0 thats reported for 3.1.2.
        Marking as resolved.

        Show
        Anissa Lam added a comment - I tested this again on the latest build, I don't see this issue any more. I tried create a cluster go to the cluster's config, create a file realm, file realm created successfully. edit the file realm and click the Manage User button add a user, no issues. delete the user, no issues delete the file realm, no issues. I tested above on both Mac and Windows, tried with both cluster running and stopped. So, I cannot reproduce this issue in 4.0 thats reported for 3.1.2. Marking as resolved.

          People

          • Assignee:
            JeffTancill
            Reporter:
            shaline
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: