Bug 1467401 - Rest API fails with a 404 when listing sessions for a VM if an external AD user is logged in into the VM.
Rest API fails with a 404 when listing sessions for a VM if an external AD us...
Status: CLOSED DUPLICATE of bug 1440861
Product: ovirt-engine
Classification: oVirt
Component: RestAPI (Show other bugs)
4.1.2.2
Unspecified Unspecified
unspecified Severity high (vote)
: ---
: ---
Assigned To: Ondra Machacek
Pavel Stehlik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-03 12:38 EDT by Miguel Martin
Modified: 2017-07-04 09:38 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-07-04 09:38:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Integration
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mmartinv: planning_ack?
mmartinv: devel_ack?
mmartinv: testing_ack?


Attachments (Terms of Use)

  None (edit)
Description Miguel Martin 2017-07-03 12:38:22 EDT
Description of problem:
Rest API fails with a 404 when listing sessions for a VM if an external AD user is logged in into the VM.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Use 'ovirt-engine-extension-aaa-ldap-setup' to configure an AD domain as an external provider
2. In 'webadmin' portal add 'userRole' role to an AD user for the target VM  
3. Use the previous AD user to login into 'userportal'
4. Open the target VM console.
5. Open a new browser and request the session list for the target VM:

https://rhvm.example.com/ovirt-engine/api/vms/<vmid>/sessions  

Actual results:

The API returns a 404 error

Expected results:

<sessions>
<session href="/ovirt-engine/api/vms/08fcbdf4-e44a-476b-b0f5-a876480af483/sessions/37a6259c-c0c1-dae2-99a7-866489dff0bd" id="37a6259c-c0c1-dae2-99a7-866489dff0bd">
<vm href="/ovirt-engine/api/vms/08fcbdf4-e44a-476b-b0f5-a876480af483" id="08fcbdf4-e44a-476b-b0f5-a876480af483"/>
<user>
<user_name>user@example.com</user_name>
</user>
</session>
</sessions>

Additional info:
server.log exception raised:

2017-07-03 16:48:34,345+02 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-4) RESTEASY002010: Failed to execute: javax.ws.rs.WebApplicationException: HTTP 404 Not Found
        at org.ovirt.engine.api.restapi.resource.BaseBackendResource.handleError(BaseBackendResource.java:228) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendResource.getEntity(BackendResource.java:118) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendResource.getEntity(BackendResource.java:98) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.performGet(AbstractBackendSubResource.java:34) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.aaa.BackendUserResource.getUserByNameAndDomain(BackendUserResource.java:75) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.setSessionUser(BackendVmSessionsResource.java:87) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.addLinksIncludingUser(BackendVmSessionsResource.java:59) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.list(BackendVmSessionsResource.java:42) [restapi-jaxrs.jar:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_131]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_131]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_131]
        at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_131]
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec.jar:1.0.0.Final-redhat-1]
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:266) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:201) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:202) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:109) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.api.restapi.invocation.VersionFilter.doFilter(VersionFilter.java:139) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.invocation.VersionFilter.doFilter(VersionFilter.java:68) [restapi-jaxrs.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.api.restapi.invocation.CurrentFilter.doFilter(CurrentFilter.java:116) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.invocation.CurrentFilter.doFilter(CurrentFilter.java:71) [restapi-jaxrs.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.RestApiSessionMgmtFilter.doFilter(RestApiSessionMgmtFilter.java:78) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.EnforceAuthFilter.doFilter(EnforceAuthFilter.java:39) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.SsoRestApiNegotiationFilter.doFilter(SsoRestApiNegotiationFilter.java:91) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter.doFilter(SsoRestApiAuthFilter.java:47) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:59) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter.doFilter(RestApiSessionValidationFilter.java:35) [aaa.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.api.restapi.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:111) [restapi-jaxrs.jar:]
        at org.ovirt.engine.api.restapi.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:102) [restapi-jaxrs.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.ovirt.engine.api.restapi.security.CORSSupportFilter.doFilter(CORSSupportFilter.java:183) [restapi-jaxrs.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175) [undertow-servlet.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:246) [undertow-core.jar:1.3.28.Final-redhat-4]
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802) [undertow-core.jar:1.3.28.Final-redhat-4]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_131]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_131]
        at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_131]
Comment 1 Juan Hernández 2017-07-03 12:43:02 EDT
This happens because for LDAP authentication profiles we are storing in the 'users' table the name of the user with the profile name suffix, but then, in the API, when we do the query we do it with the profile name.

Note that for the internal authentication profile we are instead storing the user name without the profile suffix.

So we need to find a way to do the query with or without the profile name, depending on how we store it in the 'users' table.

Ondra, can you please take a look?
Comment 2 Ondra Machacek 2017-07-04 04:27:36 EDT
I think this is duplicate of bug 1440861. I guess your user is part of group, right? Can you re-test with 4.1.3 version?
Comment 3 Miguel Martin 2017-07-04 06:38:27 EDT
I can confirm that it works as expected in version 4.1.3:

~~~
<sessions>
<session href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f/sessions/184bd21b-eb41-22a7-83f2-07401485e9ea" id="184bd21b-eb41-22a7-83f2-07401485e9ea">
<console_user>true</console_user>
<ip>
<address>192.168.1.10</address>
</ip>
<user>
<user_name>user</user_name>
<domain>
<name>example.com</name>
</domain>
</user>
<vm href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f" id="2c98f68a-5107-4c02-b664-7c2c2b17085f"/>
</session>
<session href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f/sessions/37a6259c-c0c1-dae2-99a7-866489dff0bd" id="37a6259c-c0c1-dae2-99a7-866489dff0bd">
<user>
<user_name>Administrator@DOMAIN</user_name>
</user>
<vm href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f" id="2c98f68a-5107-4c02-b664-7c2c2b17085f"/>
</session>
</sessions>
~~~

Thanks
Comment 4 Ondra Machacek 2017-07-04 09:38:03 EDT

*** This bug has been marked as a duplicate of bug 1440861 ***

Note You need to log in before you can comment on or make changes to this bug.