Description of problem: Rest API fails with a 404 when listing sessions for a VM if an external AD user is logged in into the VM. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Use 'ovirt-engine-extension-aaa-ldap-setup' to configure an AD domain as an external provider 2. In 'webadmin' portal add 'userRole' role to an AD user for the target VM 3. Use the previous AD user to login into 'userportal' 4. Open the target VM console. 5. Open a new browser and request the session list for the target VM: https://rhvm.example.com/ovirt-engine/api/vms/<vmid>/sessions Actual results: The API returns a 404 error Expected results: <sessions> <session href="/ovirt-engine/api/vms/08fcbdf4-e44a-476b-b0f5-a876480af483/sessions/37a6259c-c0c1-dae2-99a7-866489dff0bd" id="37a6259c-c0c1-dae2-99a7-866489dff0bd"> <vm href="/ovirt-engine/api/vms/08fcbdf4-e44a-476b-b0f5-a876480af483" id="08fcbdf4-e44a-476b-b0f5-a876480af483"/> <user> <user_name>user</user_name> </user> </session> </sessions> Additional info: server.log exception raised: 2017-07-03 16:48:34,345+02 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-4) RESTEASY002010: Failed to execute: javax.ws.rs.WebApplicationException: HTTP 404 Not Found at org.ovirt.engine.api.restapi.resource.BaseBackendResource.handleError(BaseBackendResource.java:228) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.BackendResource.getEntity(BackendResource.java:118) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.BackendResource.getEntity(BackendResource.java:98) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.performGet(AbstractBackendSubResource.java:34) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.aaa.BackendUserResource.getUserByNameAndDomain(BackendUserResource.java:75) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.setSessionUser(BackendVmSessionsResource.java:87) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.addLinksIncludingUser(BackendVmSessionsResource.java:59) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.resource.BackendVmSessionsResource.list(BackendVmSessionsResource.java:42) [restapi-jaxrs.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_131] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_131] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_131] at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_131] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs.jar:3.0.19.SP3-redhat-1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec.jar:1.0.0.Final-redhat-1] at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:266) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:201) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:202) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:109) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.api.restapi.invocation.VersionFilter.doFilter(VersionFilter.java:139) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.invocation.VersionFilter.doFilter(VersionFilter.java:68) [restapi-jaxrs.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.api.restapi.invocation.CurrentFilter.doFilter(CurrentFilter.java:116) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.invocation.CurrentFilter.doFilter(CurrentFilter.java:71) [restapi-jaxrs.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.core.aaa.filters.RestApiSessionMgmtFilter.doFilter(RestApiSessionMgmtFilter.java:78) [aaa.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.core.aaa.filters.EnforceAuthFilter.doFilter(EnforceAuthFilter.java:39) [aaa.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.core.aaa.filters.SsoRestApiNegotiationFilter.doFilter(SsoRestApiNegotiationFilter.java:91) [aaa.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter.doFilter(SsoRestApiAuthFilter.java:47) [aaa.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.core.aaa.filters.SessionValidationFilter.doFilter(SessionValidationFilter.java:59) [aaa.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter.doFilter(RestApiSessionValidationFilter.java:35) [aaa.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.api.restapi.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:111) [restapi-jaxrs.jar:] at org.ovirt.engine.api.restapi.security.CSRFProtectionFilter.doFilter(CSRFProtectionFilter.java:102) [restapi-jaxrs.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.ovirt.engine.api.restapi.security.CORSSupportFilter.doFilter(CORSSupportFilter.java:183) [restapi-jaxrs.jar:] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet.jar:1.3.28.Final-redhat-4] at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175) [undertow-servlet.jar:1.3.28.Final-redhat-4] at io.undertow.server.Connectors.executeRootHandler(Connectors.java:246) [undertow-core.jar:1.3.28.Final-redhat-4] at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802) [undertow-core.jar:1.3.28.Final-redhat-4] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_131] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_131] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_131]
This happens because for LDAP authentication profiles we are storing in the 'users' table the name of the user with the profile name suffix, but then, in the API, when we do the query we do it with the profile name. Note that for the internal authentication profile we are instead storing the user name without the profile suffix. So we need to find a way to do the query with or without the profile name, depending on how we store it in the 'users' table. Ondra, can you please take a look?
I think this is duplicate of bug 1440861. I guess your user is part of group, right? Can you re-test with 4.1.3 version?
I can confirm that it works as expected in version 4.1.3: ~~~ <sessions> <session href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f/sessions/184bd21b-eb41-22a7-83f2-07401485e9ea" id="184bd21b-eb41-22a7-83f2-07401485e9ea"> <console_user>true</console_user> <ip> <address>192.168.1.10</address> </ip> <user> <user_name>user</user_name> <domain> <name>example.com</name> </domain> </user> <vm href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f" id="2c98f68a-5107-4c02-b664-7c2c2b17085f"/> </session> <session href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f/sessions/37a6259c-c0c1-dae2-99a7-866489dff0bd" id="37a6259c-c0c1-dae2-99a7-866489dff0bd"> <user> <user_name>Administrator@DOMAIN</user_name> </user> <vm href="/ovirt-engine/api/vms/2c98f68a-5107-4c02-b664-7c2c2b17085f" id="2c98f68a-5107-4c02-b664-7c2c2b17085f"/> </session> </sessions> ~~~ Thanks
*** This bug has been marked as a duplicate of bug 1440861 ***