Bug 1467401 - Rest API fails with a 404 when listing sessions for a VM if an external AD user is logged in into the VM.
Summary: Rest API fails with a 404 when listing sessions for a VM if an external AD us...
Keywords:
Status: CLOSED DUPLICATE of bug 1440861
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: RestAPI
Version: 4.1.2.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Ondra Machacek
QA Contact: Pavel Stehlik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-03 16:38 UTC by Miguel Martin
Modified: 2017-07-04 13:38 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-07-04 13:38:03 UTC
oVirt Team: Integration
Embargoed:
mmartinv: planning_ack?
mmartinv: devel_ack?
mmartinv: testing_ack?

Attachments (Terms of Use)

Description Miguel Martin 2017-07-03 16:38:22 UTC 
Description of problem:
Rest API fails with a 404 when listing sessions for a VM if an external AD user is logged in into the VM.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Use 'ovirt-engine-extension-aaa-ldap-setup' to configure an AD domain as an external provider
2. In 'webadmin' portal add 'userRole' role to an AD user for the target VM  
3. Use the previous AD user to login into 'userportal'
4. Open the target VM console.
5. Open a new browser and request the session list for the target VM:

https://rhvm.example.com/ovirt-engine/api/vms/<vmid>/sessions  

Actual results:

The API returns a 404 error

Expected results:

<sessions>
<session href="/ovirt-engine/api/vms/08fcbdf4-e44a-476b-b0f5-a876480af483/sessions/37a6259c-c0c1-dae2-99a7-866489dff0bd" id="37a6259c-c0c1-dae2-99a7-866489dff0bd">
<vm href="/ovirt-engine/api/vms/08fcbdf4-e44a-476b-b0f5-a876480af483" id="08fcbdf4-e44a-476b-b0f5-a876480af483"/>
<user>
<user_name>user</user_name>
</user>
</session>
</sessions>

Additional info:
server.log exception raised:

2017-07-03 16:48:34,345+02 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-4) RESTEASY002010: Failed to execute: javax.ws.rs.WebApplicationException: HTTP 404 Not Found
        at org.ovirt.engine.api.restapi.resource.BaseBackendResource.handleError(BaseBackendResource.java:228) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendResource.getEntity(BackendResource.java:118) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendResource.getEntity(BackendResource.java:98) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.performGet(AbstractBackendSubResource.java:34) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.aaa.BackendUserResource.getUserByNameAndDomain(BackendUserResource.java:75) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.setSessionUser(BackendVmSessionsResource.java:87) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.addLinksIncludingUser(BackendVmSessionsResource.java:59) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.list(BackendVmSessionsResource.java:42) [restapi-jaxrs.jar:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_131]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_131]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_131]
        at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_131]
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec.jar:1.0.0.Final-redhat-1]
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:266) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:201) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:202) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:109) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.api.restapi.invocation.VersionFilter.doFilter(VersionFilter.java:139) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.invocation.VersionFilter.doFilter(VersionFilter.java:68) [restapi-jaxrs.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.api.restapi.invocation.CurrentFilter.doFilter(CurrentFilter.java:116) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.invocation.CurrentFilter.doFilter(CurrentFilter.java:71) [restapi-jaxrs.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.RestApiSessionMgmtFilter.doFilter(RestApiSessionMgmtFilter.java:78) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.EnforceAuthFilter.doFilter(EnforceAuthFilter.java:39) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.SsoRestApiNegotiationFilter.doFilter(SsoRestApiNegotiationFilter.java:91) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter.doFilter(SsoRestApiAuthFilter.java:47) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:59) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter.doFilter(RestApiSessionValidationFilter.java:35) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.api.restapi.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:111) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:102) [restapi-jaxrs.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.api.restapi.security.CORSSupportFilter.doFilter(CORSSupportFilter.java:183) [restapi-jaxrs.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:246) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802) [undertow-core.jar:1.3.28.Final-redhat-4]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_131]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_131]
        at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_131]
Comment 1 Juan Hernández 2017-07-03 16:43:02 UTC 
This happens because for LDAP authentication profiles we are storing in the 'users' table the name of the user with the profile name suffix, but then, in the API, when we do the query we do it with the profile name.

Note that for the internal authentication profile we are instead storing the user name without the profile suffix.

So we need to find a way to do the query with or without the profile name, depending on how we store it in the 'users' table.

Ondra, can you please take a look?
Comment 2 Ondra Machacek 2017-07-04 08:27:36 UTC 
I think this is duplicate of bug 1440861. I guess your user is part of group, right? Can you re-test with 4.1.3 version?
Comment 3 Miguel Martin 2017-07-04 10:38:27 UTC 
I can confirm that it works as expected in version 4.1.3:

~~~
<sessions>
<session href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f/sessions/184bd21b-eb41-22a7-83f2-07401485e9ea" id="184bd21b-eb41-22a7-83f2-07401485e9ea">
<console_user>true</console_user>
<ip>
<address>192.168.1.10</address>
</ip>
<user>
<user_name>user</user_name>
<domain>
<name>example.com</name>
</domain>
</user>
<vm href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f" id="2c98f68a-5107-4c02-b664-7c2c2b17085f"/>
</session>
<session href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f/sessions/37a6259c-c0c1-dae2-99a7-866489dff0bd" id="37a6259c-c0c1-dae2-99a7-866489dff0bd">
<user>
<user_name>Administrator@DOMAIN</user_name>
</user>
<vm href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f" id="2c98f68a-5107-4c02-b664-7c2c2b17085f"/>
</session>
</sessions>
~~~

Thanks
Comment 4 Ondra Machacek 2017-07-04 13:38:03 UTC 

*** This bug has been marked as a duplicate of bug 1440861 ***
Note You need to log in before you can comment on or make changes to this bug.