Bug 1026799
Summary: | Warnings in server.log upon LDAP-enabled login | ||
---|---|---|---|
Product: | [JBoss] JBoss Operations Network | Reporter: | Lukas Krejci <lkrejci> |
Component: | Core Server, Documentation | Assignee: | Jay Shaughnessy <jshaughn> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Sunil Kondkar <skondkar> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | JON 3.2 | CC: | hrupp, jbednari, jshaughn, loleary, mfoley, mmahoney, myarboro, skondkar |
Target Milestone: | ER04 | Keywords: | Documentation |
Target Release: | JON 3.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-12-11 14:01:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1000963 | ||
Bug Blocks: |
Description
Lukas Krejci
2013-11-05 13:06:24 UTC
*** Bug 1078482 has been marked as a duplicate of this bug. *** This is an issue with underlying EAP and hopefully vanishes when rebasing onto EAP 6.3. This is not a bug in the JON / RHQ code base. (In reply to Heiko W. Rupp from comment #2) > This is an issue with underlying EAP and hopefully vanishes when rebasing > onto EAP 6.3. This is not a bug in the JON / RHQ code base. now that master is on EAP 6.3, I can test to see if it has gone away. this still shows up in EAP 6.3.alpha1: 17:14:49,205 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: BindDN 17:14:49,206 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: Filter 17:14:49,206 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: java.naming.factory.initial 17:14:49,206 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: LoginProperty 17:14:49,206 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: java.naming.referral 17:14:49,206 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: BaseDN 17:14:49,206 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: GroupFilter 17:14:49,207 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: java.naming.provider.url 17:14:49,207 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: GroupMemberFilter 17:14:49,207 WARN [org.jboss.security] (http-/0.0.0.0:7080-45) PBOX000234: Invalid or misspelled module option: BindPW not sure why this was closed: https://bugzilla.redhat.com/show_bug.cgi?id=901213 but the problem still appears to be there in EAP 6.3.alpha *** Bug 1127365 has been marked as a duplicate of this bug. *** This should be re-tested for JON, which is on 6.3 GA. *** Bug 1127376 has been marked as a duplicate of this bug. *** Tested in Version : 3.3.0.ER02 Build Number :4fbb183:7da54e2 Following warnings are logged in the server.log after LDAP user login: 16:51:21,423 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: BindDN 16:51:21,423 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: Filter 16:51:21,423 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: Filter 16:51:21,423 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: java.naming.factory.initial 16:51:21,423 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: LoginProperty 16:51:21,423 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: LoginProperty 16:51:21,423 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: java.naming.referral 16:51:21,424 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: BaseDN 16:51:21,424 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: GroupFilter 16:51:21,424 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: java.naming.provider.url 16:51:21,424 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: java.naming.security.protocol 16:51:21,424 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: GroupMemberFilter 16:51:21,424 WARN [org.jboss.security] (http-/0.0.0.0:7080-11) PBOX000234: Invalid or misspelled module option: BindPW This is a bug in EAP. We'll have to do the workaround that this EAP BZ mentions: Bug #901213 : "Workaround Description: Set the logging category org.jboss.as.security.RealmUsersRolesLoginModule to ERROR level" (In reply to John Mazzitelli from comment #10) > This is a bug in EAP. We'll have to do the workaround that this EAP BZ > mentions: > > Bug #901213 : > > "Workaround Description: Set the logging category > org.jboss.as.security.RealmUsersRolesLoginModule to ERROR level" That workaround is outdated. As you see in the current log message being emitted, the category is the general "org.jboss.security". So in order for this to be worked around, we'll need to set that category to ERROR. The installer will have to do something like via CLI API: /subsystem=logging/logger=org.jboss.security/:add(level=ERROR,category=org.jboss.security) So to get rid of a couple of annoying invalid warnings we swallow ALL security related warnings. I'm not sure it's a wise thing to do. (In reply to Lukas Krejci from comment #12) > So to get rid of a couple of annoying invalid warnings we swallow ALL > security related warnings. I'm not sure it's a wise thing to do. Agree. I only do what I'm told. I am a robot :) Seriously, we will have to discuss whether or not to workaround this EAP bug or not. To do so is a very easy one-line change to ServerInstallUtil: client.setLoggerLevel("org.jboss.as.config", "INFO"); // BZ 1004730 + client.setLoggerLevel("org.jboss.security", "ERROR"); // BZ 1026799 + // BZ 1026786 StringBuilder sb = new StringBuilder("not(any("); I think we should leave the code as-is, rather than hide all security warnings just so we can hide these. We need to document this in the release notes, though. I agree with Mazz and Lukas, that we should not hide those but document them as harmless (and get EAP to finally fix this) *** Bug 1133978 has been marked as a duplicate of this bug. *** I'm taking this, I recently added supoprt for log filtering and 'll add a filter for this specific message. master commit 2c44cde5c5001edf5cf8b1ebcbc1fa98d59cbd91 Author: Jay Shaughnessy <jshaughn> Date: Wed Sep 24 13:43:32 2014 -0400 Add EAP-level log filters for messages we can't avoid and don't want to see. release/jon3.3.x commit 1b241d7a28f65737762e98250cf8b18f18c1377c Author: Jay Shaughnessy <jshaughn> Date: Wed Sep 24 13:43:32 2014 -0400 (cherry picked from commit 2c44cde5c5001edf5cf8b1ebcbc1fa98d59cbd91) Signed-off-by: Jay Shaughnessy <jshaughn> Moving to ON_QA as available for test with build: https://brewweb.devel.redhat.com/buildinfo?buildID=388959 Verified on JON 3.3 ER04 Warnings are now not seen in the server log after LDAP user login. |